#!/bin/bash # Network Security Script - Post-Compromise Cleanup # This script helps secure your network after a device compromise echo "🔒 NETWORK SECURITY CLEANUP SCRIPT" echo "==================================" echo "Timestamp: $(date)" echo "" # Function to check current network status check_network_status() { echo "1. Checking current network status..." echo "" echo "Active network interfaces:" ip addr show | grep -E "inet.*192\.168\.50\." | awk '{print $2}' | head -5 echo "" echo "Current firewall status:" sudo iptables -L -n | grep -E "(DROP|REJECT)" | wc -l | xargs echo "Active firewall rules:" echo "" echo "Blocked device status:" if sudo iptables -L -n | grep "192.168.50.81" > /dev/null; then echo "✅ 192.168.50.81 is blocked" else echo "❌ 192.168.50.81 is NOT blocked" fi } # Function to scan for other suspicious devices scan_suspicious_devices() { echo "" echo "2. Scanning for other suspicious devices..." echo "" echo "All devices on network:" arp -n | grep -v "incomplete" | while read line; do IP=$(echo $line | awk '{print $1}') MAC=$(echo $line | awk '{print $3}') if [ ! -z "$IP" ] && [ ! -z "$MAC" ]; then echo "IP: $IP | MAC: $MAC" # Check for suspicious MAC patterns if echo "$MAC" | grep -E "(00:00:00|ff:ff:ff|aa:aa:aa)" > /dev/null; then echo "⚠️ Suspicious MAC pattern detected: $MAC" fi fi done } # Function to check for open ports on network check_network_ports() { echo "" echo "3. Checking for open ports on network..." echo "" echo "Scanning common ports on network devices..." for ip in $(arp -n | grep -v "incomplete" | awk '{print $1}' | grep "192.168.50."); do if [ "$ip" != "192.168.50.81" ]; then echo "Checking $ip..." timeout 3 bash -c "/dev/null && echo " SSH (22): OPEN" timeout 3 bash -c "/dev/null && echo " HTTP (80): OPEN" timeout 3 bash -c "/dev/null && echo " HTTPS (443): OPEN" fi done } # Function to provide security recommendations security_recommendations() { echo "" echo "4. SECURITY RECOMMENDATIONS:" echo "============================" echo "" echo "🚨 IMMEDIATE ACTIONS REQUIRED:" echo "1. PHYSICALLY DISCONNECT the compromised Amazon device" echo "2. Change your WiFi password NOW" echo "3. Update your router's firmware" echo "4. Enable MAC address filtering on your router" echo "5. Factory reset the Amazon device" echo "" echo "🔧 ROUTER SECURITY SETTINGS:" echo "1. Access your router's admin interface (usually 192.168.50.1)" echo "2. Change the admin password" echo "3. Enable MAC address filtering" echo "4. Block the MAC address: cc:f7:35:53:f5:fa" echo "5. Enable firewall features" echo "6. Disable WPS if enabled" echo "7. Use WPA3 encryption if available" echo "" echo "📱 DEVICE SECURITY:" echo "1. Update all devices to latest firmware" echo "2. Use strong, unique passwords" echo "3. Enable two-factor authentication where possible" echo "4. Install security software on computers" echo "5. Regularly backup important data" echo "" echo "🔍 MONITORING:" echo "1. Check router logs regularly" echo "2. Monitor network traffic" echo "3. Watch for unusual activity" echo "4. Consider network segmentation for IoT devices" echo "" } # Function to create network monitoring script create_monitoring_script() { echo "" echo "5. Creating network monitoring script..." cat > network_monitor.sh << 'EOF' #!/bin/bash # Network Monitoring Script # Monitors for suspicious activity LOG_FILE="network_monitor_$(date +%Y%m%d_%H%M%S).log" echo "Starting network monitoring..." | tee $LOG_FILE while true; do echo "[$(date)] Checking network..." | tee -a $LOG_FILE # Check for new devices NEW_DEVICES=$(arp -n | grep -v "incomplete" | wc -l) echo "Active devices: $NEW_DEVICES" | tee -a $LOG_FILE # Check for suspicious connections SUSPICIOUS=$(netstat -tuln 2>/dev/null | grep -E ":(25|1433|3306|5432|27017|6379|8080|8443|4444|31337)" | wc -l) if [ $SUSPICIOUS -gt 0 ]; then echo "⚠️ Suspicious connections detected: $SUSPICIOUS" | tee -a $LOG_FILE fi # Check firewall status if ! sudo iptables -L -n | grep "192.168.50.81" > /dev/null; then echo "🚨 WARNING: Compromised device is no longer blocked!" | tee -a $LOG_FILE fi sleep 300 # Check every 5 minutes done EOF chmod +x network_monitor.sh echo "✅ Network monitoring script created: network_monitor.sh" } # Function to provide Amazon device reset instructions amazon_reset_instructions() { echo "" echo "6. AMAZON DEVICE FACTORY RESET INSTRUCTIONS:" echo "=============================================" echo "" echo "For Amazon Fire TV Stick:" echo "1. Unplug the device from power" echo "2. Hold the BACK button and RIGHT side of the navigation circle" echo "3. While holding these buttons, plug the device back in" echo "4. Keep holding until you see the Amazon logo" echo "5. Release the buttons when you see 'Installing system update'" echo "6. Wait for the reset to complete" echo "" echo "For Amazon Echo:" echo "1. Press and hold the Action button for 25 seconds" echo "2. Wait for the light ring to turn orange" echo "3. Release the button when the light turns off" echo "4. Wait for the light to turn blue and then orange" echo "5. The device will reset to factory settings" echo "" echo "For Amazon Fire Tablet:" echo "1. Go to Settings > Device Options > Reset to Factory Defaults" echo "2. Tap 'Reset' to confirm" echo "3. Enter your Amazon password if prompted" echo "4. Wait for the reset to complete" echo "" echo "⚠️ IMPORTANT: After factory reset, do NOT restore from backup" echo "⚠️ Set up the device as new and only install trusted apps" } # Main execution main() { check_network_status scan_suspicious_devices check_network_ports security_recommendations create_monitoring_script amazon_reset_instructions echo "" echo "=== NETWORK SECURITY CLEANUP COMPLETE ===" echo "" echo "Next steps:" echo "1. Run: ./network_monitor.sh (in background)" echo "2. Follow the security recommendations above" echo "3. Contact Amazon support if needed: 1-877-375-9365" echo "" echo "⚠️ REMEMBER: This is a serious security incident!" echo "Take immediate action to protect your network." } # Run the main function main