Question Is it possible to monitor/scan a device that is connected to my router for malware/viruses ?

onemoretimex

Honorable
Jun 29, 2015
163
3
10,595
1
I have a device that is used for mining and have been receiving letters from my ISP that gamut a piece of malware was present on one of my devices.

I would like to be able to monitor this device plus run a malware/virus scan on it just to see whats going on... but as the device itself has no GUI I would need to do this from my PC to it.

Is wireshark what i'd be looking for ?

Thanks
 

kanewolf

Titan
Moderator
I have a device that is used for mining and have been receiving letters from my ISP that gamut a piece of malware was present on one of my devices.

I would like to be able to monitor this device plus run a malware/virus scan on it just to see whats going on... but as the device itself has no GUI I would need to do this from my PC to it.

Is wireshark what i'd be looking for ?

Thanks
What OS does this mining device run? Can you SSH into it?
Wireshark has to run on the device you are capturing, unless you have a switch which can mirror a port. That would require a managed switch.
 

kanewolf

Titan
Moderator
Oh I have no idea I believe its one made by the device manufacturers.

Bobcatminer300

www.bobcatminer.com
You aren't going to be running wireshark on that. What it looks like to me is an ethernet device that converts to a 900Mhz radio signal. So ANY device that connects to that hotspot and therefore uses your internet could be the problem.
Basically YOU are trading your internet bandwidth to anyone that wants to use it via the Helium network. And therefore YOU are responsible for any illegal activities.
The documentation for the bobcat miner 300 is HORRIBLE. It basically says "trust us" after plugging this device into your home network. This seems even sketchier than other crypto mining because it is allowing random users on your home network, which you are 100% legally responsible.
I wouldn't touch that with a REALLY long pole.
One thing that might save you is that Helium is supposed to be encrypted for the entire path. If that IS the case then your ISP would not be able to see the potentially illegal traffic from that hotspot. And you would have to look elsewhere on your network.
 
Last edited:

onemoretimex

Honorable
Jun 29, 2015
163
3
10,595
1
You aren't going to be running wireshark on that. What it looks like to me is an ethernet device that converts to a 900Mhz radio signal. So ANY device that connects to that hotspot and therefore uses your internet could be the problem.
Basically YOU are trading your internet bandwidth to anyone that wants to use it via the Helium network. And therefore YOU are responsible for any illegal activities.
The documentation for the bobcat miner 300 is HORRIBLE. It basically says "trust us" after plugging this device into your home network. This seems even sketchier than other crypto mining because it is allowing random users on your home network, which you are 100% legally responsible.
I wouldn't touch that with a REALLY long pole.
One thing that might save you is that Helium is supposed to be encrypted for the entire path. If that IS the case then your ISP would not be able to see the potentially illegal traffic from that hotspot. And you would have to look elsewhere on your network.

Not my ISP but another member with same device but different ISP reported that they had received a letter that they had been sending spam Viagra mail from the device so not even sure its encrypted either,

I believe they had the port 22 port forwarded at the time which is only meant to be for outbound so this might explain why they had any issues.?
 
Last edited:

kanewolf

Titan
Moderator
Not my ISP but another member with same device but different ISP reported that they had received a letter that they had been sending spam Viagra mail from the device so not even sure its encrypted either,

I believe they had the port 22 port forwarded at the time which is only meant to be for outbound so this might explain why they had any issues.?
Port 22 is typically the SSH port. I would not forward port 22 either. That is just ASKING somebody to trespass into your network.
Spam e-mail could potentially be traced back to an IP address if the originator used something from the public IP address the hotspot was associated with when building the spam. Again, this just seems WAY to insecure to allow on your home network.
 
Mar 1, 2021
21
2
15
0
It is possible for certain types of malware (i.e. worms) to spread on a local LAN behind a router and for some types of malware to infect router firmware and change the router settings.
 

ASK THE COMMUNITY