So, my phone has a unremoveable RAT, and i am trying to evade it because it is trying to heat and break my phone, at the moment i have lowered my upload speed which is doing good but the internet is so slow, Can someone tell me how can i only allow specific ip's and websites to my device and block the rest of the internet? (Only on one device and does not affect the rest, and by ip address)
Ty
How do i whitelist only few websites and ip's to a specific user by ip address?
Last edited by Bungelos on Fri Jan 06, 2023 6:59 pm, edited 1 time in total.
Re: How do i whitelist only few websites and ip's to a specific user by ip address?
I have no idea what you are saying, can you be more obtuse please......
As far as allowing a specific IP address to access only specific IP addresses, that will work as long as IP addresses you are noting are not in the same subnet which is not controllable by the router very easily.
So if you have user 192.168.25.25 you can create a firewall rule like so which will permit the user to access allowed sites and then the next rule drops all their other traffic, either to other subnets or to the internet for example. As long as these two rules are placed after the default rules and before any other allow rules..........
add chain=forward action=accept src-address=192.168.25.25 dst-address-list=AllowedSites
add chain=forward action=drop src-address=192.168.25.25
As far as allowing a specific IP address to access only specific IP addresses, that will work as long as IP addresses you are noting are not in the same subnet which is not controllable by the router very easily.
So if you have user 192.168.25.25 you can create a firewall rule like so which will permit the user to access allowed sites and then the next rule drops all their other traffic, either to other subnets or to the internet for example. As long as these two rules are placed after the default rules and before any other allow rules..........
add chain=forward action=accept src-address=192.168.25.25 dst-address-list=AllowedSites
add chain=forward action=drop src-address=192.168.25.25
Re: How do i whitelist only few websites and ip's to a specific user by ip address?
How do i add sites, is it by ip or url? For example i added youtube.com but cant connect to website somehow?I have no idea what you are saying, can you be more obtuse please......
As far as allowing a specific IP address to access only specific IP addresses, that will work as long as IP addresses you are noting are not in the same subnet which is not controllable by the router very easily.
So if you have user 192.168.25.25 you can create a firewall rule like so which will permit the user to access allowed sites and then the next rule drops all their other traffic, either to other subnets or to the internet for example. As long as these two rules are placed after the default rules and before any other allow rules..........
add chain=forward action=accept src-address=192.168.25.25 dst-address-list=AllowedSites
add chain=forward action=drop src-address=192.168.25.25
Ty
Edit: Never mind it worked, had to add the dns servers to the whitelist, thanks again
Re: How do i whitelist only few websites and ip's to a specific user by ip address?
@Bungelos
If you really think you have a RAT on your phone I would do the following:
Run Wireshark, when only your phone is on the LAN. Run for 1min and then see what it finds. You'll need to compare this VS a Wireshark scan AFTER you've set the DNS to 9.9.9.9 & 1.1.1.3, this should start to create some sort of pattern.
1) Do not do any banking / critical things on the phone.
2) Make sure all online accounts, dev environment logins have 2FA + you've make backups of the 2FA codes incase the phone is lost.
2.1) 2FA should NEVER be sent over sms/text/email.
3) Create a Guest bridge + SSID + isolate it + firewall it from talking to the rest of your network.
3.1) Set DNS on the Guest Bridge / MAC to 9.9.9.9 (Quad 9) and see if any of the phones RAT requests are blocked...
3.1.1) IF not, try use 1.1.1.3 as the DNS.
4. Do not let that phone be on a network with other devices until you know you have removed it. Usually this requires a complete wipe of the phone, its boot loader, etc etc and then a full, fresh flash of a factory bootloaded & firmware (check MD5 sums!).
Infected devices usually spread to other devices on the lan....
If you really think you have a RAT on your phone I would do the following:
Run Wireshark, when only your phone is on the LAN. Run for 1min and then see what it finds. You'll need to compare this VS a Wireshark scan AFTER you've set the DNS to 9.9.9.9 & 1.1.1.3, this should start to create some sort of pattern.
1) Do not do any banking / critical things on the phone.
2) Make sure all online accounts, dev environment logins have 2FA + you've make backups of the 2FA codes incase the phone is lost.
2.1) 2FA should NEVER be sent over sms/text/email.
3) Create a Guest bridge + SSID + isolate it + firewall it from talking to the rest of your network.
3.1) Set DNS on the Guest Bridge / MAC to 9.9.9.9 (Quad 9) and see if any of the phones RAT requests are blocked...
3.1.1) IF not, try use 1.1.1.3 as the DNS.
4. Do not let that phone be on a network with other devices until you know you have removed it. Usually this requires a complete wipe of the phone, its boot loader, etc etc and then a full, fresh flash of a factory bootloaded & firmware (check MD5 sums!).
Infected devices usually spread to other devices on the lan....