Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Router/internet security


  • Please log in to reply
12 replies to this topic

#1 blitzjg

blitzjg

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 July 2017 - 05:22 PM

Lately I've been feeling like my home wireless has been much more laggy and inconsistent than in the past.  Actually now that I think about it my wired has also had some connection issues as well, a lot of random disconnects.  I have never changed my Router's password, but I have moved states from where I first had it.  Are there things I can do to either check stability or see if other people are using my data/wifi?

 

Any other general tips/suggestions that might lock down my internet?  I also have a 5G network available, I have no idea what this is, I assume it is faster than regular, but the signal is weaker for some reason.



BC AdBot (Login to Remove)

 


#2 cooljay

cooljay

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 10 July 2017 - 05:31 PM

Me too! I kept being constantly bumped, needing to re-enter wifi password, etc. And never a full bar connection. Five minutes ago the mystery was solved. It's call DNS Hijack, and after running MalwareAntimalwarebytes paid, and Emsi, Zemana found it and got rid of it.

 

Now I have a full connection again (all bars on the bottom), and it's superfast like before. Phew.



#3 cooljay

cooljay

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 10 July 2017 - 05:34 PM

I thought I had a Trojan Horse, my cd tray suddenly had a mind of its own and kept turning, making awful sounds. I followed the guide under Trojan Horse. They list 7 easy to follow steps to remove a Trojan. After Mbam the cd case stayed quiet and closed. But there was still something wrong. So I kept following the steps. Maybe you won't have to, try Zemana. That may be enough. Good luck!



#4 blitzjg

blitzjg
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 July 2017 - 06:29 PM

I just downloaded Zemana and ran it twice, first run it found 2 minor issues, an Adware item and a browser issue, second run came back clean, I doubt that would have fixed any issues, any other ideas?



#5 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 11 July 2017 - 12:20 AM

Router security checklist -

http://routersecurity.org/checklist.php


Test for open ports -

Shields UP! -

https://grc.com/x/ne.dll?bh0bkyd2

SG Security Scan -

http://www.speedguide.net/scan.php
 



#6 cooljay

cooljay

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 16 July 2017 - 03:47 PM

Thanks JWoods, for those links. Unfortunately I'm completely overwhelmed. DNS Hijack is back which is ironic since I use a VPN that connects as soon as I go online.

 

I'm assuming this thing could have been acquired by anybody in the household on any of their devices?

 

I am totally overwhelmed by the amount of information compiled in the Router Security Checklist.

 

I turned off my VPN and tested different ports pointed out to me, but wouldn;t it be better to check IF I have open ports and which ones are they? How do I do this?



#7 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 3,458 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:30 AM

Posted 16 July 2017 - 06:35 PM

cooljay,

 

        The Shields Up! site does exactly what you are asking about.  Click the "Proceed" button on the main page that jwoods301 gave the link to and then you'll land on the actual page that tests ports.

 

        The design is not pretty nor particularly intuitive, but if you click the various buttons under the "Shields Up! Services" it will probe for open ports and report those that are open.


Edited by britechguy, 16 July 2017 - 06:39 PM.
Shield's Up won't allow direct access to page brought up by "Proceed" button.

Brian   AKA  Bri the Tech Guy      Windows 10 Home, 64-bit, Version 1703, Build 15063  (dot level changes too often for inclusion in signature)

-> (my website address is in my profile, if interested)

 

 Dating is a social engagement with the threat of sex at its conclusion. 
    ~ P.J. O'Rourke, Modern Manners (1984)

 


#8 cooljay

cooljay

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 16 July 2017 - 07:19 PM

Hmm. This is all very weird. ShieldsUp tried to contact my server and found my connection in pure stealth mode. The port it was trying was basically pretending to be deaf. However, that IP address is different from the IP address where the DNS Hijack was. And yet, my VPN is disconnected right now.

Also, when I perform an IP check, it comes up with yet another IP address.

 

What is going on here?



#9 Pimptech

Pimptech

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 17 July 2017 - 01:17 AM

I just downloaded Zemana and ran it twice, first run it found 2 minor issues, an Adware item and a browser issue, second run came back clean, I doubt that would have fixed any issues, any other ideas?

 

Are you sure that is something malicious ?

Do you know how to configure you router ?

 

If yes, try to search for DHCP List if the DHCP is enabled.
List all ips connected to you router. If there is some ip that isn't from your home, then maybe someone is using it.

 

But first make sure your equipment(router, computer, phone and so on) is functional. 

 

Hmm. This is all very weird. ShieldsUp tried to contact my server and found my connection in pure stealth mode. The port it was trying was basically pretending to be deaf. However, that IP address is different from the IP address where the DNS Hijack was. And yet, my VPN is disconnected right now.

Also, when I perform an IP check, it comes up with yet another IP address.

 

What is going on here?

 

That's mean that your port isn't open. Have you check the security list ? Default password ?
Ip changes time to time. Or you have some special contract to fixed ip ?



#10 cooljay

cooljay

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 17 July 2017 - 01:07 PM

Yes Pimptech, DNS Hijack is malicious. lol.

 

And, it's back. I keep scanning with Zemana, and sure enough, yesterday evening the thing was back, I cleaned it, now it's back again.

 

Also, there is this on my network.

Never mind - there used to be a way to upload an image. I thought when you click on Other Options or something.

 

Also, I had changed the router password and the other thing you mentioned.

 

I always connect through a VPN so I was pretty sure someone else in my house brought this thing on. But yesterday I was alone here, and only my device was connected. And it came back. I am so pissed right now. Tonight my kids are coming back and they'll be online 24/7. What on earth am I going to do?

 

@Britechguy @JWoods - would changing servers solve my problem with this thing? In this piece here they explain how to do it but is this really going to be the end of that particular DNS Hijack? https://www.lifewire.com/how-to-change-dns-servers-in-windows-7-2626271


Edited by cooljay, 17 July 2017 - 01:19 PM.


#11 Pimptech

Pimptech

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 17 July 2017 - 02:36 PM

Yes Pimptech, DNS Hijack is malicious. lol.

 

And, it's back. I keep scanning with Zemana, and sure enough, yesterday evening the thing was back, I cleaned it, now it's back again.

 

Also, there is this on my network.

Never mind - there used to be a way to upload an image. I thought when you click on Other Options or something.

 

Also, I had changed the router password and the other thing you mentioned.

 

I always connect through a VPN so I was pretty sure someone else in my house brought this thing on. But yesterday I was alone here, and only my device was connected. And it came back. I am so pissed right now. Tonight my kids are coming back and they'll be online 24/7. What on earth am I going to do?

 

@Britechguy @JWoods - would changing servers solve my problem with this thing? In this piece here they explain how to do it but is this really going to be the end of that particular DNS Hijack? https://www.lifewire.com/how-to-change-dns-servers-in-windows-7-2626271

Hi @cooljay !

 

I know DNS hijacking is malicious, I mean.. How do you know it's active right now. 

 

The place they can act is:

  • Configured at Ethernet configuration
  • hosts file on windows 
  • DNS directly on router

First you make sure that your computer isn't infected, because maybe it's something that run, change the DNS and close itself, for example. Persistent DNS hijacking.

 

But if you are not infected, your ethernet configuration is normal, hosts files are clean and router is clean too. I don't see how DNS hijack is acting on your system.

 

Here there is a good article about it:

https://blog.malwarebytes.com/cybercrime/2015/09/dns-hijacks-what-to-look-for/

 

Regards.



#12 blitzjg

blitzjg
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted Yesterday, 01:02 PM

 

I just downloaded Zemana and ran it twice, first run it found 2 minor issues, an Adware item and a browser issue, second run came back clean, I doubt that would have fixed any issues, any other ideas?

 

Are you sure that is something malicious ?

Do you know how to configure you router ?

 

If yes, try to search for DHCP List if the DHCP is enabled.
List all ips connected to you router. If there is some ip that isn't from your home, then maybe someone is using it.

 

But first make sure your equipment(router, computer, phone and so on) is functional. 

 

 

 

I actually don't know exactly how to configure my router, but i definitely would like to check IPs although I dont know how I would identify things like my phone or other portable devices of mine.  



#13 Crazy Cat

Crazy Cat

  • Members
  • 769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:02:30 AM

Posted Yesterday, 08:59 PM

I actually don't know exactly how to configure my router, but i definitely would like to check IPs although I don't know how I would identify things like my phone or other portable devices of mine.

Whoever your I.S.P (Internet Service Provider) is, go to the site and find the ISP configuration page. There you'll find the ISP DNS. Log into your router and see the configuration status of the WAN configuration for your ISP. Configure the ISP DNS in your router.

Example. http://www.tp-link.com/no/faq-361.html

Edited by Crazy Cat, Yesterday, 09:16 PM.

 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users