Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Router/internet security


  • Please log in to reply
14 replies to this topic

#1 blitzjg

blitzjg

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 10 July 2017 - 05:22 PM

Lately I've been feeling like my home wireless has been much more laggy and inconsistent than in the past.  Actually now that I think about it my wired has also had some connection issues as well, a lot of random disconnects.  I have never changed my Router's password, but I have moved states from where I first had it.  Are there things I can do to either check stability or see if other people are using my data/wifi?

 

Any other general tips/suggestions that might lock down my internet?  I also have a 5G network available, I have no idea what this is, I assume it is faster than regular, but the signal is weaker for some reason.



BC AdBot (Login to Remove)

 


m

#2 cooljay

cooljay

  • Members
  • 183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 10 July 2017 - 05:31 PM

Me too! I kept being constantly bumped, needing to re-enter wifi password, etc. And never a full bar connection. Five minutes ago the mystery was solved. It's call DNS Hijack, and after running MalwareAntimalwarebytes paid, and Emsi, Zemana found it and got rid of it.

 

Now I have a full connection again (all bars on the bottom), and it's superfast like before. Phew.



#3 cooljay

cooljay

  • Members
  • 183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 10 July 2017 - 05:34 PM

I thought I had a Trojan Horse, my cd tray suddenly had a mind of its own and kept turning, making awful sounds. I followed the guide under Trojan Horse. They list 7 easy to follow steps to remove a Trojan. After Mbam the cd case stayed quiet and closed. But there was still something wrong. So I kept following the steps. Maybe you won't have to, try Zemana. That may be enough. Good luck!



#4 blitzjg

blitzjg
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 10 July 2017 - 06:29 PM

I just downloaded Zemana and ran it twice, first run it found 2 minor issues, an Adware item and a browser issue, second run came back clean, I doubt that would have fixed any issues, any other ideas?



#5 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 11 July 2017 - 12:20 AM

Router security checklist -

http://routersecurity.org/checklist.php


Test for open ports -

Shields UP! -

https://grc.com/x/ne.dll?bh0bkyd2

SG Security Scan -

http://www.speedguide.net/scan.php
 



#6 cooljay

cooljay

  • Members
  • 183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 16 July 2017 - 03:47 PM

Thanks JWoods, for those links. Unfortunately I'm completely overwhelmed. DNS Hijack is back which is ironic since I use a VPN that connects as soon as I go online.

 

I'm assuming this thing could have been acquired by anybody in the household on any of their devices?

 

I am totally overwhelmed by the amount of information compiled in the Router Security Checklist.

 

I turned off my VPN and tested different ports pointed out to me, but wouldn;t it be better to check IF I have open ports and which ones are they? How do I do this?



#7 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 5,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:12:36 AM

Posted 16 July 2017 - 06:35 PM

cooljay,

 

        The Shields Up! site does exactly what you are asking about.  Click the "Proceed" button on the main page that jwoods301 gave the link to and then you'll land on the actual page that tests ports.

 

        The design is not pretty nor particularly intuitive, but if you click the various buttons under the "Shields Up! Services" it will probe for open ports and report those that are open.


Edited by britechguy, 16 July 2017 - 06:39 PM.
Shield's Up won't allow direct access to page brought up by "Proceed" button.

Brian  AKA  Bri the Tech Guy (website address in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Plus ça change, plus c'est la même chose
              

 


#8 cooljay

cooljay

  • Members
  • 183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 16 July 2017 - 07:19 PM

Hmm. This is all very weird. ShieldsUp tried to contact my server and found my connection in pure stealth mode. The port it was trying was basically pretending to be deaf. However, that IP address is different from the IP address where the DNS Hijack was. And yet, my VPN is disconnected right now.

Also, when I perform an IP check, it comes up with yet another IP address.

 

What is going on here?



#9 Pimptech

Pimptech

  • Malware Study Hall Junior
  • 190 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sao Paulo, Brazil
  • Local time:03:36 AM

Posted 17 July 2017 - 01:17 AM

I just downloaded Zemana and ran it twice, first run it found 2 minor issues, an Adware item and a browser issue, second run came back clean, I doubt that would have fixed any issues, any other ideas?

 

Are you sure that is something malicious ?

Do you know how to configure you router ?

 

If yes, try to search for DHCP List if the DHCP is enabled.
List all ips connected to you router. If there is some ip that isn't from your home, then maybe someone is using it.

 

But first make sure your equipment(router, computer, phone and so on) is functional. 

 

Hmm. This is all very weird. ShieldsUp tried to contact my server and found my connection in pure stealth mode. The port it was trying was basically pretending to be deaf. However, that IP address is different from the IP address where the DNS Hijack was. And yet, my VPN is disconnected right now.

Also, when I perform an IP check, it comes up with yet another IP address.

 

What is going on here?

 

That's mean that your port isn't open. Have you check the security list ? Default password ?
Ip changes time to time. Or you have some special contract to fixed ip ?



#10 cooljay

cooljay

  • Members
  • 183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 17 July 2017 - 01:07 PM

Yes Pimptech, DNS Hijack is malicious. lol.

 

And, it's back. I keep scanning with Zemana, and sure enough, yesterday evening the thing was back, I cleaned it, now it's back again.

 

Also, there is this on my network.

Never mind - there used to be a way to upload an image. I thought when you click on Other Options or something.

 

Also, I had changed the router password and the other thing you mentioned.

 

I always connect through a VPN so I was pretty sure someone else in my house brought this thing on. But yesterday I was alone here, and only my device was connected. And it came back. I am so pissed right now. Tonight my kids are coming back and they'll be online 24/7. What on earth am I going to do?

 

@Britechguy @JWoods - would changing servers solve my problem with this thing? In this piece here they explain how to do it but is this really going to be the end of that particular DNS Hijack? https://www.lifewire.com/how-to-change-dns-servers-in-windows-7-2626271


Edited by cooljay, 17 July 2017 - 01:19 PM.


#11 Pimptech

Pimptech

  • Malware Study Hall Junior
  • 190 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sao Paulo, Brazil
  • Local time:03:36 AM

Posted 17 July 2017 - 02:36 PM

Yes Pimptech, DNS Hijack is malicious. lol.

 

And, it's back. I keep scanning with Zemana, and sure enough, yesterday evening the thing was back, I cleaned it, now it's back again.

 

Also, there is this on my network.

Never mind - there used to be a way to upload an image. I thought when you click on Other Options or something.

 

Also, I had changed the router password and the other thing you mentioned.

 

I always connect through a VPN so I was pretty sure someone else in my house brought this thing on. But yesterday I was alone here, and only my device was connected. And it came back. I am so pissed right now. Tonight my kids are coming back and they'll be online 24/7. What on earth am I going to do?

 

@Britechguy @JWoods - would changing servers solve my problem with this thing? In this piece here they explain how to do it but is this really going to be the end of that particular DNS Hijack? https://www.lifewire.com/how-to-change-dns-servers-in-windows-7-2626271

Hi @cooljay !

 

I know DNS hijacking is malicious, I mean.. How do you know it's active right now. 

 

The place they can act is:

  • Configured at Ethernet configuration
  • hosts file on windows 
  • DNS directly on router

First you make sure that your computer isn't infected, because maybe it's something that run, change the DNS and close itself, for example. Persistent DNS hijacking.

 

But if you are not infected, your ethernet configuration is normal, hosts files are clean and router is clean too. I don't see how DNS hijack is acting on your system.

 

Here there is a good article about it:

https://blog.malwarebytes.com/cybercrime/2015/09/dns-hijacks-what-to-look-for/

 

Regards.



#12 blitzjg

blitzjg
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 19 July 2017 - 01:02 PM

 

I just downloaded Zemana and ran it twice, first run it found 2 minor issues, an Adware item and a browser issue, second run came back clean, I doubt that would have fixed any issues, any other ideas?

 

Are you sure that is something malicious ?

Do you know how to configure you router ?

 

If yes, try to search for DHCP List if the DHCP is enabled.
List all ips connected to you router. If there is some ip that isn't from your home, then maybe someone is using it.

 

But first make sure your equipment(router, computer, phone and so on) is functional. 

 

 

 

I actually don't know exactly how to configure my router, but i definitely would like to check IPs although I dont know how I would identify things like my phone or other portable devices of mine.  



#13 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:05:36 PM

Posted 19 July 2017 - 08:59 PM

I actually don't know exactly how to configure my router, but i definitely would like to check IPs although I don't know how I would identify things like my phone or other portable devices of mine.

Whoever your I.S.P (Internet Service Provider) is, go to the site and find the ISP configuration page. There you'll find the ISP DNS. Log into your router and see the configuration status of the WAN configuration for your ISP. Configure the ISP DNS in your router.

Example. http://www.tp-link.com/no/faq-361.html

Edited by Crazy Cat, 19 July 2017 - 09:16 PM.

 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#14 downloaderfan

downloaderfan

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 20 July 2017 - 10:36 AM

Router security checklist -

http://routersecurity.org/checklist.php

 

The router security checklist is way too overwhelming & overkill for the regular user. I would rather suggest the following link which is not so overwhelming yet provides tight security if you follow all steps:

http://techwiser.com/how-to-secure-your-wifi/



#15 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 5,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:12:36 AM

Posted 20 July 2017 - 05:41 PM

 

Router security checklist -

http://routersecurity.org/checklist.php

 

The router security checklist is way too overwhelming & overkill for the regular user. I would rather suggest the following link which is not so overwhelming yet provides tight security if you follow all steps:

http://techwiser.com/how-to-secure-your-wifi/

 

 

As far as I'm concerned, both of these resources are gross overkill for your average home user, though the techwiser.com article is by far more user friendly.

 

Unless you live in an area of high population density most of the things these articles talk about really don't matter all that much.  In an area such as the small city in which I live, and in a suburban area within the formal city limits, my WiFi signal might carry a bit outside the limits of my own yard, but not by much.  The only way that someone could tap in to my WiFi for any period of time would be to be very nearby, probably in a car parked just outside my house, which I'd notice if an unfamiliar vehicle were suddenly to show up and stay in front of my house.

 

The basic things that both of these resources recommend that are essential, and generally enough for any home user, are:

 

1.  Always change your router's login ID (if supported, many will not let you change the login ID from admin) and password such that you can remember it but that it's not obvious.  You can safely leave the password unchanged if the router uses something like its own serial number, but I don't recommend that since it's not likely you'll remember it when you need to log in to the router to tweak something or check something.  See step three as far as how to create a strong, yet memorable, password and use that method here.

 

2.  Always change the network name (SSID) to something that's meaningful to you but would not be meaningful to a random passerby who might pick up the SSID being broadcast if you do not choose to hide it.  If you have frequent occasion to grant friends, house guests, or similar access to your WiFi you probably won't hide the SSID from broadcast.

 

3.  Make the password for your network long enough and strong enough not to be easily guessed, but such that you can easily remember it.  I always recommend the portmanteau method of creating a password where you take three things familiar to you and put them together.  Lets say you grew up in Las Vegas, at the address 158 Vista Way, and got married in 1993.  You could have a very easy to remember (for you) but very difficult to guess or hack (for others) password in Vegas158Vista1993.  Adding a favorite special character at the beginning or end helps a bit, too.  You can use any "formula" for your portmanteau that makes sense to you and that will be easy for you to remember.

 

 4. Also change your security to WPA2 (preferably) or WPA2/WPA (sometimes available when WPA2 is not, standalone) or, on older routers, WPA.   
 Never leave an open WiFi network without a password.

 

5.  If WPS (WiFi Protected Setup) is enabled on your router then disable it.

 

6.  If you live in a high density area where there is a real actual possibility that someone with too much time on their hands might spend it trying to crack the password on your network then consider turning off SSID broadcasting.  If you do this then your network name will not automatically show up when you use the "search for available network connections" feature on your devices, but you can manually configure your connection by entering both your SSID and the password rather than just the password.

 

If you do those few simple things you will have eliminated virtually all "hacks of opportunity" into your router itself or your WiFi network.


Brian  AKA  Bri the Tech Guy (website address in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Plus ça change, plus c'est la même chose
              

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users