How likely is it for malware to transfer from my computer (debian OS) to my Netgear x4s D7800?
I have trojans on my comp & have had my router attached to it via ethernet cable.
Does a fresh install of the factory image wipe out all potential trojans on router?
If yes, if I lock down the comp with the luci firewall, like strongly limiting outgoing communication, will that prevent the trojans from crossing over again, or not likely?
I can wipe out the sdd by killing all partitions & reinstalling the OS, and reflashing bios to get rid of malware there. But malware may have crossed over to the non-bios firmware & I don't have the means to wipe that.
thanks,
ant
YouTube: The Corrupt Imbeciles by Anthony Wilson
Generally, OpenWrt is very secure and extremely unlikely to be hacked or injected with malware. However, there is always the possibility that you made mistakes with respect to the configuration that could cause vulnerabilities. So it's hard to know what your situation is.
If you reset to defaults (i.e. don't keep settings) when installing the sysupgrade image (if you're already running OpenWrt), that will erase everything and start fresh. If you're using the vendor firmware or recovery method, you can use the factory firmware image, and yes, that will do the same thing.
It's important to define specific goals... "lock down" means different things to each person. The ultimate lock-down is to unplug the internet connection. OpenWrt is secure by nature for the default config, but if you think you have a special situation that requires additional security considerations, we need to have more specifics.
Thanks Peter.
Sounds like configs is in reference to things like how i setup my firewall, etc...???
Completely putting aside for the moment limiting 'outgoing communication' in luci FW such as with ports & urls...
If the openwrt OS most likely wouldn't be penetrable, if set up correctly, and if there WERE trojans on my pc that want to communicate with the host, would the unpenetrable OS prevent the trojans from communicating with the host all on its own (meaning regardless of whether outgoing connections to the internet are limited)?
In other words, would the malware be prevented from getting through my router and getting out to the internet (to communicate with host)?
Different, random, one place only.
Normal process would be quarantine potentially backdoored devices in a separate network, like under oversigjt of crowdsec (huge package) etc, then return to normal one device a day.
Thanks, I'll have to check out crowdsec as i'm not at all familiar with it.
I've heard the only way to remove malware from firmware excluding ssd/hdd & bios is by 'cold flashing' the computer, but hardly anyone knows how to do it...
so i can erase all settings by going into failsafe mode, thus! going back to default openwrt settings BEFORE upgrading with sysupgrade..????
If so, why upgrade if back to default settings?
My guess is with reinstall (or flashing), it is more definite that all settings have been completely removed, and i will do that.
If you want to erase all your current settings, but keep the same OpenWrt installation in general (I.e. what is in ROM -- it's immutable), issue the following command:
firstboot -y && reboot
If you want to reflash entirely, possibly because you want to upgrade OpenWrt, you will first download the firmware file and then use sysupgrade to install it. That process looks like this:
cd /tmp
wget <link_to_firmware_file>
sysupgrade -n /tmp/<firmware-filename>
I don't know the device you're working with, but if you go to the firmware-selector, enter your device, and then copy the 'sysupgrade' image that shows up next, that is the link you'll use above.