- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Security
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Security
My ISP has on several occasions dropped my connection claiming that they have founf malware coming from a device in my network. They cannot tell me which device. I am trying to determine which device has the problem. It has been suggested that perhaps I need to be looking at the traffic coming through the router - which means I need to turn on logging, and then capture the data, and see if I can see anything funny going on.
Is this something that is doable?
Please note - I suspect nothing to be wrong with my Orbi, I am only looking here to see if I can find information on where the malware may reside.
In Case anyone asks, my network supports:
1 Intel Laptop with Norton Anti Virus Software - which says there are no problems on the machine
1 iMac - not used often - mostly it sleeps. (much more than my dog)
2 iPhones
2 iPads
Nest doorbell camers
Security camera
Western Digital MyCloud backup devices
TV with network access
Dish Network access
Whereever possible, I change the admin login passwords but not all of them can be changed.
Thanks in advance
Jerry
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Security
They cannot tell you which device because the router uses Network Address Translation (NAT) to make it appear that everything from your network comes from the public IP address, only with different port numbers. It would be very helpful if they could tell you which IP address (on the internet) appears to be attacked. There is a simple command that will show all of the "open ports" through the Orbi, i.e. from one internal IP address to a specific external IP address.
You would telnet into the Orbi router and enter this command:
Cat /proc/net/ip_conntrack
On the Orbi debug page (http://<ip of Orbi>/debug.htm) it is possible to have the Orbi record all packets that pass through the public side of the Orbi - the Wide Area Network (WAN). Basically, the user tells the Orbi to "Enable LAN/WAN Capture", and then to "Start Capture". After a while, stop the capture and then save the debug file to your PC. It is a zip file. The LAN and WAN captures can be opened with a program such as Wireshark (free).
I used the "open connections" to figure out which Cloud Services all my Internet of Things (IoT) devices were connecting to.
If they would give you at least a hint of what they are detecting, the Orbi provides the resources to track it back to the offending device.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more