Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread
Standard User wolvesmad
(fountain of knowledge) Fri 28-Apr-17 19:13:31
Print Post

Hacked?


[link to this post]
 
My BT fiber connection dropped about 20 mins ago.

I thought oh it'll come back up on it's own, it rarely goes down. I couldn't telnet into my HG612 which I thought was strange just for a PPP drop,

Ran a network scanner on my PC and every IP address including the one for my HG612 was being used by an unknown device?

I'm in the process of cleaning up a relatives virus ridden laptop which I thought was clean, has something flooded my local LAN?

-

BT BroadbandInfinity 2
Administrator MrSaffron
(staff) Fri 28-Apr-17 19:15:44
Print Post

Re: Hacked?


[re: wolvesmad] [link to this post]
 
Sounds almost like the laptop you throught was clean is running a bot of some description

Not an uncommon payload alongside the usual virus mixtures these days

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User wolvesmad
(fountain of knowledge) Fri 28-Apr-17 19:33:44
Print Post

Re: Hacked?


[re: MrSaffron] [link to this post]
 
Thought that.

It's the only device on my lan that I can think of that would cause it.

Looks like it's getting formatted then!

-

BT BroadbandInfinity 2


Register (or login) on our website and you will not see this ad.

Standard User wolvesmad
(fountain of knowledge) Sat 29-Apr-17 00:51:28
Print Post

Re: Hacked?


[re: wolvesmad] [link to this post]
 
Just got home, same again, devices on every IP and PPP down.

-

BT BroadbandInfinity 2
Administrator MrSaffron
(staff) Sat 29-Apr-17 09:15:45
Print Post

Re: Hacked?


[re: wolvesmad] [link to this post]
 
If the case then the 'suspect' PC is off and not connected to LAN then consider this

https://www.theregister.co.uk/2016/12/08/talktalk_ro...

Other makes were also affected

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User wolvesmad
(fountain of knowledge) Sat 29-Apr-17 10:20:43
Print Post

Re: Hacked?


[re: MrSaffron] [link to this post]
 
Switched back to my Home Hub5 and the PPP has remained up since last night as expected.

Thought the firewall on the HG612 was capable?

-

BT BroadbandInfinity 2
Standard User BatBoy
(sensei) Sat 29-Apr-17 10:39:06
Print Post

Re: Hacked?


[re: wolvesmad] [link to this post]
 
In reply to a post by wolvesmad:
Thought the firewall on the HG612 was capable?
The HG612 is a modem. What router were you using with it?
Administrator MrSaffron
(staff) Sat 29-Apr-17 10:40:35
Print Post

Re: Hacked?


[re: wolvesmad] [link to this post]
 
All depends on how you've configured it, if using hg612 in router mode then a guide to some basic firewall changes is at http://wiki.kitz.co.uk/index.php/Huawei_HG612_-_Rout...

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User baby_frogmella
(fountain of knowledge) Sat 29-Apr-17 11:41:04
Print Post

Re: Hacked?


[re: wolvesmad] [link to this post]
 
In reply to a post by wolvesmad:
Switched back to my Home Hub5 and the PPP has remained up since last night as expected.

Thought the firewall on the HG612 was capable?


The question you should really be asking is "why did the firewall on the router not do its job?" You should get the biggest hammer you can find and smash the culprit router into smithereens. Otherwise by continuing to use the same router you're not fixing anything and all that time spent formatting your hard disk(s) will be in vain. Even a £20 el-cheapo router from Argos will give you decent firewall protection.

--------------------------------------------------------------------
Waiting for FluidOne FTTPoD 330/30 mbps installation
1) Order placed
2) Survey done
3) Test rodding of ducts
4) Fibre laid
5) Jointing work - due 15/05/17

Edited by baby_frogmella (Sat 29-Apr-17 11:47:58)

Standard User caffn8me
(eat-sleep-adslguide) Sat 29-Apr-17 14:39:16
Print Post

Re: Hacked?


[re: baby_frogmella] [link to this post]
 
Firewalls are generally configured to block threats coming from the outside but if a compromised device is connected to the internal 'trusted' network, the firewall may very well be configured to allow all traffic from that device.

If a vulnerable router had port 23 TCP open for administration from the LAN (and many do by default), there would be no protection at all against a Mirai style trojan coming from an infected local device, which could then pwn the router.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread

Jump to