Need help avoiding immediate vulnerability with a new computer

@WOPR In one of the older threads here: https://community.norton.com/en/forums/zyxel-command-injection-cve-2023-...

There are many suggestions made that should have been followed up with. In this current thread we are reading that you are about to or considering purchasing a NEW computer. Before doing so please do the following with your current computer. These are suggestion from other thread where you participated:

https://support.microsoft.com/en-us/topic/how-to-reset-the-hosts-file-ba...

https://community.norton.com/en/comment/8543968#comment-8543968

This post is the important one: https://community.norton.com/en/comment/8543929#comment-8543929

*BEFORE putting a new computer on your network REPLACE all your ISP provided devices. As stated, your ISP is NOT filtering this traffic and they are supposed to, mine does. At the router level and its shown in the router logs. I also run what is called a NAT-NAT setup where the Wifi is disabled on my ISP device, I link my personal TP-Link router to that device via ethernet to WAN out on the Verizon device to WAN on my TP-Link router. I use ONLY the WiFi on my device and all ethernet connected devices are also connected to the TP-link router. Dual safety net and there is also an iOT network built into my router where I can isolate my security cameras, etc. from the main network. This is a setup you may want to consider for a safer network going forward. The commonality I see is two fold. ISP's not filtering traffic and ISP devices not being used properly.

SA

Norton, on whatever computer you decide to have on your network, will continue to scan, block and notify you of the outside scan attempts. Norton, is therefore doing its job as it should. Norton cannot scan traffic at your ISP level. The outside "network scanning" is only getting worse, due to Zyzel not producing quality firmware for their products. There are 6 just released, NEW CVE's against their NAS network storage devices. Hackers are actively looking for these devices as well. Whether you have or previously had a Zyzel product hackers will scan if they see any indication that firmware presents a familiar return signature when they scan a network OR, ISP. They will be persistent so the scans and penetration attempts must be dealt with at the ISP level .

As I suggested more than once before, your ISP gets all your traffic before you ever see it. THEY, should have something in place to filter these scans before you ever see them. Your ISP devices also may be compromised and should be replaced with newer models if they are available. Firmware should be their latest as well. Have you asked your ISP about these issues? Do you also use a personal router in conjunction with your ISP device? If so please review the below suggestion again.

From my previous post/suggestion:

*BEFORE putting a new computer on your network REPLACE all your ISP provided devices. Change the factory default login names and passwords. As stated, your ISP is NOT filtering this traffic and they are supposed to, mine does. At the router level and its shown in the router logs. I also run what is called a NAT-NAT setup where the Wifi is disabled on my ISP device, I link my personal TP-Link router to that device via ethernet to WAN out on the Verizon device to WAN on my TP-Link router. I use ONLY the WiFi on my device and all ethernet connected devices are also connected to the TP-link router. Dual safety net and there is also an iOT network built into my router where I can isolate my security cameras, etc. from the main network. This is a setup you may want to consider for a safer network going forward. The commonality I see is two fold. ISP's not filtering traffic and ISP devices not being used properly.

SA

Thanks for the post back. I failed to mention that even though you may never have had a Zyxel product or much less installed, the outside penetrations see something within your network at the ISP level that leads them to believe otherwise. Who makes your current computer and what is its full model name? I would be more than happy to look at its specs and what vendors have hardware within it as released from the factory. If for no other reason than to validate things a bit further. 

Here is a listing of the products Zyxel currently offers. The most likely culprit, in your case would be having a ISP provided ONT or gateway router. I have FIOS, we have an ONT that ISN'T a Zyxel product. Does your ISP provide customers with any of these devices that are listed? Is your ISP provided gear on the list??

https://service-provider.zyxel.com/na/en/products

Edited: I might add that Zyxel is heavily vested in Commercial Computer Service having partnered with Sys Logic. Ask your ISP if this company provides any cloud or other services to them. That may be the link we are looking for regarding the intrusions running through their network unabated.

SA

Zyxel does NOT produce nor provide PC hardware. ONLY managed IT services and connectivity hardware. What is the OEM maker and model of the new computer? I can validate its hardware vendors for you.

SA

Their product lines focus on routers, modems, business and residential internet connection hardware. Not internal PC hardware. 

SA