Router Hacked?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi Todd et al.,

After reading the Re: Urgent!!! My computer seems to be hacked, pls HELP!!!
I was feeling smug that I was safe since I locked up ssh.

HOWEVER, I'm now much more nervous. I don't understand why I'm able to
ssh to an outside host on the standard port 22 when my router is
configured to block port 22. Could it be that my router has been

By the way, is there a way to configure the router so that only
outgoing connections on port 22 should be allowed? That is, can
I configure the router so that only SSH connectsion FROM my internal
machine TO an outside machine are allowed through, while any
INCOMING connections on port 22 remain blocked?
%  Randy Yates                  % "So now it's getting late,
%% Fuquay-Varina, NC            %    and those who hesitate
%%% 919-577-9882                %    got no one..."

Re: Router Hacked?

Quoted text here. Click to load it

Outbound or inbound?  

Typically consumer routers (Linksys, et al) block the establishment of
incoming connections from the internet, but allow TCP flows that
originate from inside (LAN) to the outside (WAN/Internet).  That'd be
a simple explanation of a stateful packet inspection (SPI) firewall,
which understands and tracks TCP connections as a whole.

A packet filtering firewall doesn't have a notion of "connections" per
se, but just individual packets.  The older packet filtering firwalls
would block inbound TCP SYN requests, but wouldn't block inbound TCP
ACKs or FINs.

Quoted text here. Click to load it

Always possible, but the symptoms you describe are normal near as I
can tell.    Egress filtering (i.e. filtering of what's outbound)
isn't common in consumer routers.

Quoted text here. Click to load it

Sure, with a router of sufficient flexibility could allow you to
construct such a tightly defined filtering policy.  "Block connections
from the LAN destined for any external host, with protocol TCP,
destination port 22" would be the complete thought of such a block.

But if that's your only rule, you'd break all other internet traffic
to/from your LAN (i.e. web surfing, IM, updates, etc).  tcp/80 and
tcp/443 outbound requests would be blocked, so you wouldn't get any
web requests out, for instance.

Quoted text here. Click to load it

Your router is likely already configured as such, with the exception
that in addition to alowing outbound connections with a destination
port of tcp/22,  it's allowing arbitrary outbound connections.

Best Regards,
Todd H. /

Re: Router Hacked? (Todd H.) writes:
Quoted text here. Click to load it


Thanks for allaying my fears and resolving my quandary - all in
one post!

Man, I feel good about ssh now! I just LOVE it!
%  Randy Yates                  % "I met someone who looks alot like you,
%% Fuquay-Varina, NC            %             she does the things you do,
%%% 919-577-9882                %                     but she is an IBM."

Re: Router Hacked?

Quoted text here. Click to load it

It's groovy groovy good.  :-)  Glad to help.

Todd H. /

Site Timeline