Monitor router traffic, network activity at start up, launch

torlon · ‎03-06-2023

My computer is hacked and I think it is hacked physically so that they might have tampered witht he bios chip and/or stored virus on my ram, permanently. I tried formating all harddrives and reinstalling windows and linux, but it doesnt fix the issue. My computer is genrating remote access streaming to hacker server at launch before computer is launching operating system. They can for example see when im launching computer and accessing the bios menu. I tried updating the bios, but acording to MSI this does not overwrite all of the data on the bios chip. What I need to do Is to remove the ram, then overwrite the bios chip manualy, using eeprom tool, then install new ram. Atleast that is my understanding. But I want to be able to detect suspicious activity, monitoring the network traffic, all of it. Preferably not with a software on the hacked computer, but with an external computer, not attached to the network. Maybe I can turn off the encryption in the router and attach a tool to the ethernet cable leaving my router and monitor the traffic? I try looking for activity on the port for remote access, such as the port used with TeamViewer, but there is no activity, so the port is hidden, but it should be possible to see if a port is continiously streaming somehow? It is not possible to hide it completly?

balaji.bandi · ‎03-06-2023

Personal suggestion :

1. if you think computer hacked or suspect command and control. (first i would to re-image the device as soon as possible before it hit in band way in the network (by isolating the device)

2. change the user password soon.

3. Once re-image install AV to scan the device

3. you can set the static IP address to infected device and use netflow to monitor (on the PC you can install TCP view show you what traget IP it try to communicating)

4. some router may not have all the options you looking to do, so you need to provide what router you have and what code running ?

5. how is your network connected to internet ?

6. Most of the computer lan network use RFC 1918 address, so until you have any specific access allowed on the router, it is impossible to in coming traffic, until end device tunneled

7. you can monitor this on router show xlate or show Nat translation related to device IP/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

torlon · ‎03-06-2023

It is some sort of malicious root kit. It is not stored on the harddrive and activated through the operating system. I know this because I have formated all drives and installed both linux operating system and windows operating system from scratch, using usb boot. Format so that i have written all 0 over the drive. I have leraned that the virus still might be located in the harddrive within code that is intended to operate the harddrive, I dont know much about this. But i dont think I can remove the virus without doing somethink physical. I first have to detect the connection. If it is streaming at medium to low quality I should be able to locate the connection? then I can see if Im able to remove the connection somehow. I might also have usb ports with wifi antennas. I have not had my computer inside a safe made out of concrete yet to Isolate the issue to my own internett connection. Anyways. I need to monitor my network traffic and I would prefere to do it outside of my personal computer, preferably with a device, tool, not connected to the internett so that the device cannot be reached with remote access through internett.

At them moment im living in an apartment with a open internett. However this is not the mane issue because I had the same problem when I had my own router. In norway they have retarded internett for students. We are all given a shared accesspoint for the same huge router so at the moment im not able to access my own router or use internett providers such as cloudflare. But i have an edge router x, ubiquty I think it is called, and im preparing for the future when im not living under such hostile environments.. I dont know if the edge router x has a hidden masterpassword for logging in to the router, but it is fairly easy to reset to factory state and it does not have any hidden wifi antenna as far as im concerned.

balaji.bandi · ‎03-06-2023

if the external device not in control, Only protection you can do is protect end device with available tools in the market

MS tools tcpview (give you what connections initiated from your PC or end device)

Linux you can use UFW (iptables based to control the connection)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

torlon · ‎03-06-2023

Ok, I think I would have to try this out and see what I can find. What would I look for in a typical remote access connection, such as a TeamViewer type of connection where the server I connect to is getting constant streamin, unknown quality, but they are also able to use my computer? They are able to turn on and off my internett access. This is weird, so I think they might have another internett connection, otherwise they wouldnt be able to turn it back on? Or maybe they just hide it for me and my computer is still connected. It might just be usb port that is containing a wifi antenna connecting to other wifi routers.

balaji.bandi · ‎03-06-2023

i think we are trying to find information in amazon (which is very big)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads · ‎03-06-2023

What indications do you have to support your belief that the computer is hacked?

torlon · ‎03-07-2023

you keep deleting my post. i have lots of indications, but aparently im not allowed to expose them because you are one of them...