I'm under heavy Cyberattack.
I have been under heavy cyberattack for a long time now. I bought F-Secure sense in the hopes it'd be able to stop it, but in the latest attack it shows no sign of seeing it at all.
So in the latest one it could either be a compromised network or a harmless port scan. I got hit 3 times, and in the traffic analysis it reports the XFER Utility was used. Does F-Secure Sense use the XFER Utility during setup, or has my network been compromised already on it's first day?
according to IBM the IPs used in the attack are only scanning at the moment. Last time I ignored them though it turned into a DDoS and Botnet attack.
You can see by the weird graph how much I was trying to stop the attacks.
I don't know a great deal about networks, or cyberdefence or anything. I'm just a guy at home who works in the IT sector. I don't own a business, this is entirely on my home network. Can you confirm if the XFER Utility was the F-Secure Sense that I now have installed, and if it worked, or if it failed to see this attack and my network might have been compromised again? The app reports zero detections at the moment.
edit: Removed some identifying information.
update: The network was compromised. They used a near zeroday vunerability, the same one that was used against Facebook. Once they broke past the router, and the F-Secure Sense, they had remote access for about 8hrs whilst I was asleep. When I got to my PC in the morning there were several save as and a few open as dialogue boxes open on the desktop.
All my credentials had been stolen, and they had free roam overnight so I have no idea what else they could've done.
Laksh Posts: 4,443 Former F-Secure Employee
We’re sorry to hear about your experience. XFER Utility is not used by SENSE.
The log from AiProtection shows blocked port scans (and theoretically other exploit events), which is normal for a router connected directly to WAN. Also SENSE is designed to block such incoming traffic, although there is no user-visible reporting of it. If there is malware present on the affected computer, we recommend installing and running Anti-virus software. The SENSE subscription comes with a SENSE desktop app, with installation instructions in https://community.f-secure.com/t5/F-Secure-SENSE/How-to-install-the-SENSE-app-on/ta-p/106381.
We might need more information of the following and you can send these to support to troubleshoot further. You can contact our support team via chat or phone here along with the below information.
- the network setup, especially where SENSE was in relation to the other router
- the other router model
- service provider
- log from the SENSE router6 1Like
Thankyou for responding.
I shall do as mentioned, thankyou for pointing me in the right direction. I hope the issue can be resolved, and that any information exchanged can help even if in some small way, to improve your services further to secure everyones networks.
Thankyou again for responding, I really appreciate your advice during this difficult time.
There is a security risk using bluetooth, so to configure a router via bluetooth is.....
Port 5555 is maby open , malware like that port. on Sense.
Do a hard reset and, dont trust Sense for all your connection.
Se that every thing is wiped and dont even use wifi for serius work.
You have to build layer upon layer, and vlan 1 for netflix and spotify apple tv and vlan 2 on secure layer
mabyy Sense and and a vpn unify .
Always stay on vpn, best is to have it on your router and your computer.
Spofe mac ID . It tells the hacker what kind of router you use , firs 6 digits tells it .
Port mirroring with a switch
Even then ther is aways a chanse that they will comprimise you.
But some kind of watchdog and Hips , So you see the ip and ports that they use.
Rent a hacker and make him test your network. He will also guide you in a trace if he is good