Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ISP Router constantly being attacked


  • Please log in to reply
4 replies to this topic

#1 nocebo

nocebo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 29 November 2017 - 02:46 PM

My ISPs router is constantly being attacked and I fear it is already compromised. I do not have the money to purchase a new router and especially one that comes with a VPN already.

What can I do to protect myself or at least my devices?
What can they do once its compromised?
If its just eavesdropping then I wouldnt mind until I get a new router, but can they infect other connected devices?

 

 

EDIT:
Also how can I know if my internet activity is being redirected to somewhere else then allowing me to reach the webpage I'm visiting?
I have used tracert but I have not clue if these IPs / domains seem legit.


Edited by nocebo, 29 November 2017 - 03:14 PM.


BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:09:53 AM

Posted 29 November 2017 - 06:44 PM

It would really help to know why, exactly and in detail, you believe that your modem-router is compromised.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#3 nocebo

nocebo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 29 November 2017 - 09:25 PM

It would really help to know why, exactly and in detail, you believe that your modem-router is compromised.

I'll be honest and say I'm not completely sure but I can say that the behavior with my connection does not seem normal.
I have no experience with this so I cant be sure. My routers admin account password keeps getting changed or I just keep ending up unable to log in. It keeps happening even if I reset from the reset button from the router (The little small one that is suppose to reset all configurations). There is also a remote management tab in it which when I disable all remote management rules (All of them seem to be fine until I disable remote management via DNS) my network goes offline and I have no internet. I had believed that maybe this was some sort of backdoor my ISP had set, but they said I should be able to turn it off. I see a lot of intrusion alerts and DOS alerts but I figured maybe that is normal as its being caught and rejected, but the fact that a few weeks back my laptop was remotely controlled, also a day before it was remotely controlled I had kept an eye on wireshark and saw that whenever I had opened Firefox no matter what website I visit, there would always be a connection trying to connect to my router. I'm a novice with using wireshark so I cant analyze everything but that I could tell that it was trying to log in as it was pointing to my routers local ip, and viewing the data it was trying to access it. It was constantly trying to access it as long as firefox was open. I can send you a PM of the printscreen I took that time.

As to why this is happening?
I do not know, I'm a young adult that has barely any money to survive yet it feels there is some stalker or hater that is out there trying to ruin my life. Maybe I'm just getting paranoid out of the fact that my laptop had been remotely controlled and what I saw in wireshark.
If you know any signs of being compromised I would be grateful to know so I can keep an eye out for these signs.



#4 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:09:53 AM

Posted 29 November 2017 - 10:13 PM

My personal belief is that your "getting paranoid" theory is the correct one, but I am not expert enough (nor arrogant enough) to say it absolutely is.

 

Even though this is definitely a security question, it's not a "General Security" question, but one on Networking security.  I am going to move this thread to the Networking forum as I believe others more expert than I can guide you through what you need to check and those folks are on the Networking forum.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#5 nocebo

nocebo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 29 November 2017 - 10:26 PM

My personal belief is that your "getting paranoid" theory is the correct one, but I am not expert enough (nor arrogant enough) to say it absolutely is.

 

Even though this is definitely a security question, it's not a "General Security" question, but one on Networking security.  I am going to move this thread to the Networking forum as I believe others more expert than I can guide you through what you need to check and those folks are on the Networking forum.

Okay, thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users