I've beefed up the security on my Actiontec router after someone got into it a few days ago and tried to access LastPass. I found a few changes made and undid them, changed the account name/password, etc. I plan to reset to factory soon, but for various reasons I can't do that immediately.
I'm wondering if there is utility in blocking *outgoing* connections from the *router* itself to the WAN? Conversely, is there harm? I'm guessing I'd want to open that if I have issues that require remote troubleshooting by my ISP, but are there any routine maintenance actions by the ISP that I'd need to take?
It's someone running silly scripts, not a dedicated hacker, because I found plenty of logs that had been left untouched to tell me what was going on. So I'm going to see what effect making these changes has before I decide to nuke everything. I also know that an old password of mine that I reused for low-security things (bad practice which I've fixed) was compromised in the last few months, so the scenario that comes to mind is that that was sold to someone who is scanning for vulns. It happened to be on the router through an oversight on my part.
So I'm wondering what will break if I block outgoing connections from the router?