I have here at home a router, like many people out there. The router is connected with an Ethernet cable that comes from the modem.

But, to prevent hackers or anything else to try bothering me, if I'm not using the router, is removing the Ethernet cable a good security measure? Or it doesn't do that much in security, so I should leave it always connected?

Moshe Katz
  • 1,351
  • 1
  • 11
  • 17
  • 995
  • 2
  • 9
  • 11
  • 13
    This is akin to replacing your front door with a door-bridge/portcullis combo, but leaving your windows wide open. Deploying an airgap is a valid security measure. But only when you deploy everything below it on the security totem pole as well. – Aron Mar 20 '17 at 01:58
  • 1
    It would possibly, in some case or other, leave lesser headroom for some unsecured IoT device (or other) to do whatever badness it is up to. – ErikE Mar 20 '17 at 05:15
  • 23
    @Aron It's worse than that. It's akin to replacing your front door with a drawbridge/portcullis combo but then leaving the drawbridge and portcullis wide open while going about your daily business. – David Richerby Mar 20 '17 at 09:37
  • 45
    It's a great security measure because after unplugging and re-plugging 40-50 times, the connector will be broken, and you will be permanently protected from hackers accessing your machine. You will also be protected from the desire to waste your time on facebook and such, as a free bonus. – Damon Mar 21 '17 at 10:57
  • 8
    @Damon Where do you shop for Ethernet cables? I'm only asking so I'll know where *not* to buy these. – Dmitry Grigoryev Mar 21 '17 at 11:14
  • 1
    How many tin foil hats is too many, anyway? What's one more? This kind of thinking is why I won't take a job in security. – justinm410 Mar 21 '17 at 14:36
  • 4
    The connectors are rated for maybe 750 connect/disconnects, so you may want to add a sacrificial flying socket as the location where you disconnect it. Router - short lead - - lead to modem - modem. – Andrew Morton Mar 21 '17 at 15:02
  • It might make sense if you're going to be gone for weeks, but just disconnecting for a few hours is kind of useless. I'm recalling back maybe 1990 when I worked at IBM that you'd plug a new computer into the LAN to configure it and download the anti-virus, but the computer would be infected before the download was complete. If someone is intending to infect your computer they'll be watching for the connection. – Hot Licks Mar 21 '17 at 21:18
  • 1
    All this boils down to is, if somebody tried to "hack" your PC while you were using it and connected to the Internet, would you be able to tell? – Matti Virkkunen Mar 22 '17 at 17:36
  • If your router has wifi you'd still leave that open as a vector for attackers in the vicinity. Even if you physically disconnected both the LAN and the internet side, the router itself is still technically vulnerable to wifi attacks as well as any wifi connected devices. It'd make more sense just to turn the router off. Then you won't wear out your connectors either. I don't do this but I do have my high-mounted home router on a power strip near the ground to make the inevitable reboots of my ISP-provided, POS router (yeah, I'm not bitter) easier, that setup would be convenient here. – Jason C Mar 23 '17 at 06:05
  • @JasonC ...what if you turn off your house's main power switch? That must be surely safe... right? – xDaizu Mar 23 '17 at 13:29
  • @xDaizu You could also buy routers in bulk and throw it away after each use. – Jason C Mar 23 '17 at 15:49
  • People were compromised back in the days of dial-up modems as well. – Allan S. Hansen Mar 24 '17 at 13:56

10 Answers10


If there is not an internet connection to your device then a hacker is not going to be able to communicate with that device. (Edit: As some have pointed out...this is assuming an attacker is attempting over the internet from a remote location)

With that said, eventually you will have to connect to the internet again if you want to use the internet and if you were to eventually obtain malware on your computer such as a keylogger. That keylogger is going to rely on the internet to send its data back to the hacker. If the keylogger is written properly, when you disconnect, it will just wait for you to connect to the internet again to send its data back to the attacker.

In my opinion, I think disconnecting from your internet will prove to be more of a hassle than a protection. Instead, focus on the security of your device and your actions on the internet. Being a smart internet user can provide a great deal of security to your device.

Elaboration (EDIT):

I do agree that this method with decrease the time of opportunity for an attacker but the reason I chose to put emphasis on endpoint security and user education is because if you imagine an enterprise environment, they have devices and services that rely on an internet connection 24/7. So an enterprise can't rely on disconnecting from the internet as a viable security measure. Instead they focus on securing the devices on the network and the network itself. So I believe this will achieve 2 things: 1) greater security. 2) better user experience(always have internet access on demand) and I believe you can apply these strategies to your personal network as well.

  • 1,748
  • 1
  • 10
  • 15
  • 1
    Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/55726/discussion-on-answer-by-ncd275-is-removing-the-ethernet-cable-from-the-router-w). – Rory Alsop Mar 21 '17 at 08:42
  • 2
    Not to mention that always on internet makes more sense for acquiring security fixes ASAP. And that's something that's ideal for security. The idea of disconnecting when you're not using the internet makes me worry that you wouldn't be getting security fixes, really (especially since most people install those when the computer is not being used -- typically late at night). – Kat Mar 21 '17 at 18:06
  • "If there is not an internet connection to your device then a hacker is not going to be able to communicate with that device." If the router is also an access point then ethernet isn't the only way someone could gain access to the OP's internal network. I don't think there's enough information to tell if it's a wireless access point or what type of security they're using (WPA, WEP, etc.) – Craig Lafferty Mar 21 '17 at 20:22
  • @CraigLafferty I agree, I have revised my statement. – nd510 Mar 21 '17 at 20:46
  • 5
    Disconnecting your machine for 12 hours a day *will not* make you 50% "more secure". – wilsotc Mar 22 '17 at 16:20
  • 2
    `So an enterprise (...) focus on securing the devices on the network and the network itself.` The network? Nah, just assume _every network is hostile_, saves time and hassle. – xDaizu Mar 23 '17 at 13:52
  • @CraigLafferty if the ethernet cable being disconnected is the router's WAN cable (i.e. the connection to cable/DSL modem, fiber endpoint, etc) then a WiFi access point is irrelevant as the internet connection has still been severed. – Doktor J Mar 23 '17 at 16:25
  • @Doktor, a wireless router that is not connected to a wan can still have devices connected to it that can talk to eachother. If OP has a device connected to the same access point as a malicious machine and there is no client isolation (which wouldn't usually be configured on a consumer router) then it doesn't matter whether or not it's connected to a wan. – Craig Lafferty Mar 23 '17 at 20:32

This would reduce your risk by minimizing the time the attack surface is vulnerable to attack so yes technically it is a helpful security control. It falls into the category of Layer 1 access control in the OSI model.

This said you are also losing data created by attackers at night which could be useful for trending attackers activity. It might still be possible to collect this while physically unplugging the network but if you aren't collecting this type of data currently you aren't losing anything by doing this.

More importantly, it sounds like you don't have enough security controls in place to trust what's going on with your network so you still need to address that at some point too.

As a basic security control, it does lend itself to a reduction in attacks being able to access your systems especially ones that are tested against large blocks of IP's or the Internet as a whole which may be run during the time your systems are disconnected. So yes there is some benefit and if this benefit outweighs any downside it sounds like it would be a good security measure in your situation. Keep in mind that this will have almost no impact on a persistent attacker it mainly helps with reducing the number of large-scale attacks, large-scale reconnaissance efforts, or when things like worms occur on the Internet.

Note: Your router will still be vulnerable to attack in the scenario you mention. I'm assuming this is because some other equipment needs access but if not you might think about disconnecting the WAN cable or even turning off the router itself. This may not be an option but I just thought I'd mention this given your scenario.

Something else you may want to consider as an alternative option is scripting your firewall rules, or system(s), to disable their interfaces on a set schedule or via a simple script you run to turn things on and off.

Trey Blalock
  • 14,109
  • 6
  • 43
  • 49
  • Let's say that I'm just kinda paranoid, so security always comes first here, but I do trust my router, I just want to minimize the possible hacking chances. – Nori-chan Mar 19 '17 at 22:43
  • 6
    @Nori-chan, the vast majority of attacks are of the "trick you, the user, into running something you shouldn't" sort. For those, it doesn't matter if the router is disconnected when you're not using it. – Mark Mar 20 '17 at 22:42

Given how many attacks are aimed at routers, the number of security flaws / backdoors in consumer grade routers, and the fact your router is an always-on gateway to the big bad internet, I'd say powering the router down is easier and a more effective measure than disconnecting your PC from it. You're moving the (debatable) security benefit one step further up the chain.

You could even put your router on a timer-socket or one of those remote-control mains sockets for laziness.

I won't speculate on how much real-world benefit this might give as it's subject to so many variables and your own personal paranoia level.

John U
  • 367
  • 1
  • 6
  • 1
    The other benefit (for the paranoid) of powering off your router vs. disconnecting the PC (or the internet side, even) cables is you remove wifi for attackers in range as a vector as well. – Jason C Mar 23 '17 at 06:04
  • yep - removes your wifi, removes your entire connection to your ISP from being scanned/probed, prevents any malicious or faulty software/device from communicating outward. Basically akin to bricking up the front door of your house instead of just shutting & locking it. – John U Mar 23 '17 at 11:39

From a security point of view it is not really a good measure. Security is the triad Confidentiality, Integrity, Availability. If you only consider Confidentiality, everything that could add isolation is good. So removing the cable when you're not using the internet is fine: you reduce the exposure to attacks. It is also fine for integrity for the same reason. But it is terrible on availability. Network connectors are not intended to be plugged and unplugged too often, and you are likely to break the little piece that prevents the connector to get out of the plug on the littlest action. And in the end, chances are that you add network errors later.

IMHO, you can safely switch the router off, but do not attack it at the connectors level...

And anyway, Trey Blalock's answer already explained that the gain was not really important, so please keep away...

  • 2,284
  • 1
  • 15
  • 22
Serge Ballesta
  • 25,952
  • 4
  • 42
  • 84
  • 2
    Yeah, turning off the router is probably not only easier to do than unplugging the cable, and will incur less wear-and-tear, it might also have other side benefits, such as regularly clearing caches and temporary ramdisks, "fixing" memory leaks in badly written software (many routers' web interfaces are really badly written). You might also turn off the modem as well, unfortunately, this will probably increase the time it takes for the connection to come back again, but it will also force the modem to do a re-training and re-negotiating of the physical connection parameters. – Jörg W Mittag Mar 20 '17 at 01:26
  • Also, some modems only update their firmware after a power cycle. This can be good, e.g. fixing connection problems or patching a security hole, but it can also be bad, since the update infrastructure of many providers isn't particularly well thought out (it's basically "we know where the cable goes, we don't need security"), so somebody could inject malware into your modem this way. However, an attacker could force a power cycle anyway, by e.g. cutting the power lines. – Jörg W Mittag Mar 20 '17 at 01:28
  • "an attacker could force a power cycle anyway, by e.g. cutting the power lines." Completely different level of attacker than what a home user will usually deal with... – rackandboneman Mar 20 '17 at 12:43
  • 1
    @rackandboneman: Well, [the OP *did* say he is paranoid](https://security.stackexchange.com/questions/154314/is-removing-the-ethernet-cable-from-the-router-when-im-not-using-it-a-good-se#comment292532_154315). But what I wanted to say is that **IFF** an attacker is sophisticated enough (and your data valuable enough) to inject malware into your modem's firmware, **THEN** not rebooting it does not protect you anyway, because that sophisticated attacker is probably also sophisticated enough to force a reboot a different way. Does that make more sense? – Jörg W Mittag Mar 21 '17 at 00:08

This is only a good protection against remote brute force attacks, where the attacker is trying to quickly and automatically guess common passwords to gain access. This can be more effectively thwarted by enabling rate limiting, both on the router and on any services that you have enabled inside the network, by choosing secure login mechanisms, such as key rather than password login for SSH, and strong, auto-generated passwords where necessary.

It is an ineffective protection against unpatched exploits. Most of these end up taking a very short time to run against a connected device because they bypass the authentication mechanism and avoid (or minimise) the necessity for brute force. There are several reports, for example, of old desktop computers connected directly to the internet being hacked within minutes. So you had better make sure the router always has the latest security patches installed. You should also ensure that the configuration interface can't be reached from the internet, if at all possible.

And as @ncd275 points out, it is useless against information disclosure by machines inside the network.

  • 3,011
  • 21
  • 29

Paranoid answer

Your computer is still powered. Even when "off", CPU is powered and can perform any kind of instructions while fans and disks are not powered. A government agency (may it be NSA, MI6, Mossad...) may have injected a rootkit in your AC converter (source). The rootkit can istruct the CPU to perform operations on data available in RAM (which is still powered) and send them home.

The rootkit may also use webcam and microphone to detect human presence and spin the drives when no one is in the room.

Moderate answer

Disconnecting the Ethernet cable does reduce the attack surface. But you must measure it properly.

When the computer is off, by knowing its MAC address, anyone with LAN access can turn it on by using wakeup-on-lan protocol and try to perform other malicious operations depending on your computer's security level and OS.

But how can WOL be used? Do you have free or weak-passworded wifi? Could your router forward a WOL packet to your LAN if crafted correctly?

The second might a yes to me, especially with a home router configured with its default settings (even if you changed your password).

  • 5,361
  • 2
  • 18
  • 35
  • Competent, targeted attackers are unlikely to want to have any piece of you as a home user or small business. It is opportunistic attackers to whom compromised machines are of commercial value which have by far the largest annoyance potential.... – rackandboneman Mar 20 '17 at 12:51
  • 1
    Wake-on-LAN can usually be disabled in the BIOS. It *might* still be possible to bypass such a disable and turn the computer on remotely, but it should absolutely prevent the computer turning on for seeing a *standard* WoL packet and the specifics of such an attack will almost certainly depend on the relevant firmware. (And besides: *Then what?*) – user Mar 20 '17 at 15:56

Maybe but not really, however, it could reduce damage done elsewhere.

Sure, you're reducing attack surface with time constraints. For example:

  • an attacker who's trying to brute-force your remote desktop creds has less time to do their bidding (move RDP to another port)
  • an attacker who's scanning for vulnerable services has smaller chance to catch you online (although they will likely retry, disable unused ports from your router)

But the most likely vector for getting malware is by visiting a site or opening malware from an email. And neither of these changes when you disconnect your computer. As another answer pointed out it won't prevent malware from communicating with their command server later. The fact you're considering disconnecting your computer shows it's not a service machine (DB server etc) but a user machine - the odds are definitely in favor of the interactive way of getting malware.

By disconnecting you may be reducing the damage the malware is able to do to others. Your machine wouldn't be able to participate in those or other activities that require the malware to be online: bruteforcing other machine's RDP, scanning other machines for vulnerable services, spreading copies to other machines...

Further - turning your machine off would not only cover the same cases as disconnecting it, but also activities the malware may not need connection for: mining bitcoins, reversing password hashes. And it's much more user-friendly with a button usually available for just that purpose.

Another paranoid thing to consider: unplug the cable box itself :)

Sten Petrov
  • 121
  • 4

To add my two cents: it depends.

Also, this sounds like the kind of process that could easily fail (i.e. you forget, fall asleep at the keyboard, or need to allow someone else to use the connection).

If you are chosing to unplug it when unused as opposed to making it resilient against attacks, then I think it is in fact a net negative.

If you are chosing to unplug it even though you have done all you can to make it resilient to attack, then that might be acceptable as a short-term stopgap measure while you figure out a more permanent solution.

But I don't think there is any case where removing ethernet cables is a good long-term solution.

Even if doing so would not generally cause other issues, it simply doesn't seem like a solid solution - it sounds like avoiding an issue rather than addressing it (I may very well be wrong).

A possibly more productive line of reasoning might involve considering what that router being compromised could lead to, and what counter-measures might apply.

I suspect your ISP modem is more likely to be compromised (e.g. ala mirai), which may or may not lead to your router also being compromised, but would in most cases be functionally equivalent - someone else potentially controls your routing and may be able to see unprotected traffic. So you sort of need to have a plan against that either way.

In that sense, unplugging the ISP modem might be more useful, but you remain exposed when it is plugged in - and I am not sure the reduction in attack surface (if restricting the amount of hours a device is online can be seen as reducing that) is really going to be effective. This is all the more so as ISP deploy large numbers of identical devices, so most likely, if your modem was 'seen' online, attackers would know what it would be vulnerable to - you just give them a bit less opportunity to launch the attacks that they know work against your ISP.

So if I was you, I would look into how having your network path compromised would affect you, and do something about that. It certainly doesn't hurt to keep an eye on your router's logging, notably, to (try and) detect signs of compromise, but I don't know that that is the primary risk I would be concerned about.

  • 3,631
  • 1
  • 13
  • 24

Assuming that you are an average home user, ask yourself what exactly it is that you are trying to protect yourself from.

There are two basic attack scenarios to your home PC. Your unplugging partially disables one of them. From there, you need to answer yourself if the hassle is worth the effect.

Firstly, you can be attacked by visiting a malicious site, or a benign site with malicious advertisement malware, or by receiving spam email with malware or any of a dozen other ways that basically attack you as you interact with the attack source. These kinds of attack are entirely unaffected by your nightly unplugging.

Secondly, an attacker can attack (most likely blindly) your IP or network range. His target can be your PC, or it can be the router itself. Your unplugging will work only against the attacks that target the PC, and only during the night.

My statistics professor said that when you don't have data even for a guess, assume even distribution. So your unplugging will work one third (8 of 24 hours) of the time, against 50% of direct attacks which are 50% of all attacks, for a total effectiveness of 8%. Of course that's not a precise number, it serves only to illustrate you what the magnitude of reduction of attack surface is.

With that in mind, I think you can decide for yourself.

  • 10,201
  • 19
  • 51
  • the router is what is being unplugged, not the PC - why are you assuming only nighttime unplugging? – schroeder Mar 21 '17 at 16:10
  • Assuming that the router is unplugged while at work and at night, your approach tells a different story. 18 of 24 hours unplugged, protecting the entire network. 6/8 * 50% = 37.5% protection of 100% of the network. Sounds good to me.... – schroeder Mar 21 '17 at 16:15

I'd say to leave the poor cable alone. They are too fragile for what you propose.

And routers are not always friendly when they get power cycled.

I would propose that you just power off the modem when you want to be disconnected from the outside world.

  • 977
  • 1
  • 6
  • 25