As some of you may know from my other threads, our current PC is under constant attack from these "Zycel Command Injection" hacking attempts that come from Ukraine and that they can come at any moment.

We are about to buy a new PC, and I am concerned that if I boot up the computer for the first time and go on-line we might immediately get hacked.  I cannot have even one moment that we are vulnerable since these attacks are constant.

Questions:

1. Is there a way that I can have Norton protecting me right away without having to log in or install or do anything that might cause a delay in our protection?

2. Can I get a new PC that specifically won't be vulnerable to the the "Zycel Command Injection" attack?

Thanks for the help!

@WOPR I'm following up to see what your progress is and assist further if needed.

SA

Their product lines focus on routers, modems, business and residential internet connection hardware. Not internal PC hardware. 

SA

I'm not that computer savvy, are you saying Zyxel mainly makes modems?  Not sure what else you mean by connectivity hardware unless you mean wi-fi or bluetooth.

Zyxel does NOT produce nor provide PC hardware. ONLY managed IT services and connectivity hardware. What is the OEM maker and model of the new computer? I can validate its hardware vendors for you.

SA

Thanks for the list of Zyxel products, I appreciate it.

This current computer will not be here in a few days, we are getting a new one extremely soon, so I am only concerned with whether Zyxel will be on the new computer.

Thanks for the post back. I failed to mention that even though you may never have had a Zyxel product or much less installed, the outside penetrations see something within your network at the ISP level that leads them to believe otherwise. Who makes your current computer and what is its full model name? I would be more than happy to look at its specs and what vendors have hardware within it as released from the factory. If for no other reason than to validate things a bit further. 

Here is a listing of the products Zyxel currently offers. The most likely culprit, in your case would be having a ISP provided ONT or gateway router. I have FIOS, we have an ONT that ISN'T a Zyxel product. Does your ISP provide customers with any of these devices that are listed? Is your ISP provided gear on the list??

https://service-provider.zyxel.com/na/en/products

Edited: I might add that Zyxel is heavily vested in Commercial Computer Service having partnered with Sys Logic. Ask your ISP if this company provides any cloud or other services to them. That may be the link we are looking for regarding the intrusions running through their network unabated.

SA

Your suggestion to talk to my ISP about filtering this kind of traffic is a good one, and I am working on it, thanks.

However, I don't care if they keep hammering me with Zyxel Command Injections if I have no Zyxel firewall to be exploited.

That is why my main concern is getting a new computer without a Zyxel firewall.  

Not everyone who sells new computers know much about Zyxel in general, so if anyone can address that particular issue, I'd appreciate it.

Norton, on whatever computer you decide to have on your network, will continue to scan, block and notify you of the outside scan attempts. Norton, is therefore doing its job as it should. Norton cannot scan traffic at your ISP level. The outside "network scanning" is only getting worse, due to Zyzel not producing quality firmware for their products. There are 6 just released, NEW CVE's against their NAS network storage devices. Hackers are actively looking for these devices as well. Whether you have or previously had a Zyzel product hackers will scan if they see any indication that firmware presents a familiar return signature when they scan a network OR, ISP. They will be persistent so the scans and penetration attempts must be dealt with at the ISP level .

As I suggested more than once before, your ISP gets all your traffic before you ever see it. THEY, should have something in place to filter these scans before you ever see them. Your ISP devices also may be compromised and should be replaced with newer models if they are available. Firmware should be their latest as well. Have you asked your ISP about these issues? Do you also use a personal router in conjunction with your ISP device? If so please review the below suggestion again.

From my previous post/suggestion:

*BEFORE putting a new computer on your network REPLACE all your ISP provided devices. Change the factory default login names and passwords. As stated, your ISP is NOT filtering this traffic and they are supposed to, mine does. At the router level and its shown in the router logs. I also run what is called a NAT-NAT setup where the Wifi is disabled on my ISP device, I link my personal TP-Link router to that device via ethernet to WAN out on the Verizon device to WAN on my TP-Link router. I use ONLY the WiFi on my device and all ethernet connected devices are also connected to the TP-link router. Dual safety net and there is also an iOT network built into my router where I can isolate my security cameras, etc. from the main network. This is a setup you may want to consider for a safer network going forward. The commonality I see is two fold. ISP's not filtering traffic and ISP devices not being used properly.

SA

Thanks for the help.

I don't think I can prevent this traffic or filter it out right now, let us just assume that for the time being... and it sounds like Norton won't protect me right away until I have registered it on my new computer.

So the most important things are:

1. Getting a new computer that won't be vulnerable to Zyxel Command Injection simply because there is no Zyxel Firewall

2. Getting a new computer that will have some level of effective firewall protection running against these types of attacks already when I first boot so I'm protected while I am installing and registering Norton

Any advice on these two things?

@WOPR In one of the older threads here: https://community.norton.com/en/forums/zyxel-command-injection-cve-2023-28771

There are many suggestions made that should have been followed up with. In this current thread we are reading that you are about to or considering purchasing a NEW computer. Before doing so please do the following with your current computer. These are suggestion from other thread where you participated:

https://support.microsoft.com/en-us/topic/how-to-reset-the-hosts-file-back-to-the-default-c2a43f9d-e176-c6f3-e4ef-3500277a6dae

https://community.norton.com/en/comment/8543968#comment-8543968

This post is the important one: https://community.norton.com/en/comment/8543929#comment-8543929

*BEFORE putting a new computer on your network REPLACE all your ISP provided devices. As stated, your ISP is NOT filtering this traffic and they are supposed to, mine does. At the router level and its shown in the router logs. I also run what is called a NAT-NAT setup where the Wifi is disabled on my ISP device, I link my personal TP-Link router to that device via ethernet to WAN out on the Verizon device to WAN on my TP-Link router. I use ONLY the WiFi on my device and all ethernet connected devices are also connected to the TP-link router. Dual safety net and there is also an iOT network built into my router where I can isolate my security cameras, etc. from the main network. This is a setup you may want to consider for a safer network going forward. The commonality I see is two fold. ISP's not filtering traffic and ISP devices not being used properly.

SA

as stated until you connect to the internet norton or anything else will not be able to be activated or updated for use

for norton you will need to connect and go thru the set up activation process ( sign in and get updates)

as for the issue itself these may help

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders

https://arstechnica.com/information-technology/2022/05/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating/

https://www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-command-injection-flaw-in-nas-devices/

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-of-firewalls

https://service-provider.zyxel.com/na/en/zyxel-command-injection-and-buffer-overflow-vulnerabilities-cpe-fiber-onts-and-wifi-extenders

https://service-provider.zyxel.com/na/en/zyxel-command-injection-and-buffer-overflow-vulnerabilities-cpe-fiber-onts-and-wifi-extenders

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-of-firewalls

1.  Norton cannot protect you until it is installed on your computer. Even buying a new computer with a free trial of Norton will not have Norton active until you go online and register the installation. With a Windows computer, the Windows Defender security app will protect you until you get Norton installed.

I'll leave number 2 for those with more knowledge about this issue.