I got an email from my ISP that i have been victim of the mirai botnet as it decided to take over my security cameras. I thought i was safe from this since none of my devices use default passwords but it appears there was also a telnet vulnerability the bastards were using and were able to create an admin user on the camera server and hijack it. (I've since updated the firmware and wiped out the users and turned off UPNP)
With that said, i would like to get a much better handle on my network after this incident.
I have an ASUS RT-AC66R Router running Merlins firmware instead of stock ASUS.
I have scoured every settings page of the router and cannot find what i am trying to do. How can i setup a white list of MAC addresses to prevent unauthorized access to the camera server on my network? The only devices that should have access are my local machines and my phone which i can all get the MAC's for. I saw some options for IP address white/black listing but that will only do my good on the local network since my IP could be anything on my phone when connecting remotely.
So my next guess is that i need to setup a linux box to act as a firewall before my router?
Can someone point me in the right direction here? Newbie to networking but i know linux basics and and do software development in vb.net/js.
Also, how can i get some logging going so i can start looking at who is hitting my IP on a daily basis and start locking down my network better.
Thanks!
