has my router been hacked?
Results 1 to 6 of 6

Thread: has my router been hacked?

  1. #1
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121

    has my router been hacked?

    first potential securtity problem for my router. i was checking logs today for zonealarm which i have recently switched to from Norton. I like it a lot better and its less of a resource hog so all around its better. And theres logs. Well anyway, there were multiple blocked attempts from my computer trying to connect to other comps on my subnet. must of the attempts are to common ports (139 and 445, hmmm, that makes me think) and ips that arent shown on my router as being attached. the ips not being shown as attached on my router is the scary part. I use wep encryption and my password is 16 characters long upper and lowercase and numbers. the wep encryption is a 128 bit shared encryption key that is saved on one computer (mine) and written down. there is no one in range of the router with enough experience to attack it anyway, let alone want to. im thinking its via internet. It doesnt seem likely though, but its more likely than wirelessly. my isp is a nazi (i cant serve on any port with out their permission a.k.a pay them, they block everything) but they arent perfect. My router has a firewall (but if its been hacked how much benefit is that). i have avast free edition (ill end up subscribing soon) and i use microsoft antispyware for real time protection (not the best but its free real time) and ad-aware (which im planning on subscribing to soon) for scans. ZA told me to do a virus scan if the ips that the packets were being sent to were in fact not on my network so i did and the virus chest had 3 files in it. they were all system files (kernel32.dll, winsock.dll, and wsock.dll). it said they were transferred last week 12-9. i actually just reformatted my hard drive last weekend and reinstalled XP. are these really viruses or are they my system files? I have slackware linux as a partition though i use it rarely as im just learning and theres not much time to learn other than vacations what with school and all my extra curriculars. i use my laptop at school (use their network, servers and printers) but no one other than the admin and a really good friend of mine have enough experience to do anything and even they probably couldnt. i dont think its my comp just trying to connect to those servers because its a lot of different ips and i only use 2 maybe 3 servers at school. the other thing that just occured to me is that ZA shouldnt have blocked them (though im glad they did) because i set it to trust all ips on my subnet. i think it blocked it because it couldnt determine what program sent out the packet. the other thing is that it says it came from .8 which is my hard connection (ive been using that instead of wireless because of problems stated below).

    my personal conclusion is that its either my router has been hacked via land line or i have some crazy virus or rootkit. the last two are what im leaning towards so im not sure if this is in the right category, ive attached the logs as .jpg i couldnt find the log files on my hard drive and dont really have time to look.


    also, ive been having trouble connecting to my network recently, but only wirelessly and only locally. i thought it could be a driver problem or possibly microsoft's wireless network manager but i dont know, i updated the drivers and no change. when i go to advanced settings it always shows it as connected and indeed it is, i have a connection but it says its not and every once in a while it says it cant connect to the preffered wireless network and then im disconnected. sometimes the settings will actually just change randomly. the whole thing is driving me insane. every other computer in the house works fine except my older brothers computer for college which was configured by some nazi network administrator they have there (the computer has to connect to grove cities network, for a while it would add gcc as a workgroup on our network, it was really strange)
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  2. #2
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121
    rescanned everything in the chest. under detailed report it said no virus so i deleted them from the chest. theres one less possibility
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  3. #3
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    Although you attempt to provide adequate information ( unlike most ) you do so in a rambling fashion. ( what OS, what type wireless router, etc. could be helpful )

    From what you did provide, it looks like a virus ... which actually you already confirmed ( but did not say what particular virus was found. ).

    My suggestions:

    Make sure all the spyware/maleware programs are up-to-date.

    Disconnect completly from all networks.

    Re-run a virus scan on the entire system.

    Re-run your other spyware/maleware programs in safe mode, then regular mode.

    Verify virus scan with an online scanner such as Trend Micro's Housecall

    Clear the ZA logs, see if it re-occurs.

    ----------------------------------

    You did not say what version of ZA you have ( free, Pro, or trial )
    AFAIK, ZA free will not watch multiple external devices, you need the Pro version for that. ( In fact, ZA free, I believe, does not contain their Wireless PC Protection: check with the ZA site for the documentation. )

    A virus trying to propagate will tie up bandwidth causing sporadic connections. If your ZA was set to watch your hard wire connection, it may pass things on your wireless from the same box causing intermittent or poor service.

    I loved this, though don't believe it is related to the problem:
    ... the wep encryption is a 128 bit shared encryption key ...
    I know of 12 year olds who have heard of AirSnort. So what salesman educated you on wireless security? Remember, it does not have to be a neighbor hacking into your wireless ( since you apparently trust them all, cough, cough, ) but could be someone who drives up and parks in the vicinity just because they saw a signal. Are you surrounded by acres of corn fields where no one could hide? Or is there a McDonald's, Starbucks, a park or public street nearby where someone could sit and connect to you?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  4. #4
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    if you think that router has been hacked, then you can use reset butten, to reset all settings to default and then look for firmware updates for you router. after that you can change admin login password.
    // too far away outside of limit

  5. #5
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121
    Mr. Babis - i dont think it has been, im thinking its a virus now, but thanks for the tip. ill take it into consideration

    I know not- i have Windows XP (and the above mentioned linux partition) and a Netgear MR814v2 with upgraded firmware. i use ZA free edition (ya, forgot to mention that, sorry about the rambling)
    i havent confirmed that its a virus (at least scanners didnt pick it up) i said there were 3 files put in avast's virus chest and then i rescanned each one individually and they all came up negative as a virus. i dont know why they were in there. i update almost daily and at least weekly. i will re run scans in safe mode and then regular but probably not for a couple days (to much work to do, it works fine and until i have time what ever is going on can continue for now). will do online scan and clear logs. maybe that was it and it wont happen again.

    AFAIK, ZA free will not watch multiple external devices, you need the Pro version for that. ( In fact, ZA free, I believe, does not contain their Wireless PC Protection: check with the ZA site for the documentation. )
    hmm, may have to upgrade, though i dont like spending money, but if i need to i guess i will
    though i dont think thats the problem, ill find out

    never heard of air snort, but now that i know about it i definately dont have as much trust in my encryption key as i did. the web site said it could crack in a couple seconds after gathering enough packets, thats intense. i still dont think its wirelessly though. i do in fact have 2 corn fields around and a small development. half of my neighbors have their own wireless networks and they are unsecured, its not worth it for someone to crack mine, theres a couple more just down the street.

    thnx for the help and suggestions guys
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  6. #6
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Originally posted here by Godsrock37
    Mr. Babis - i dont think it has been, im thinking its a virus now, but thanks for the tip. ill take it into consideration
    Looks like it's doing lots of scanning of Microsoft ports on your private network...yep, I bet you're infected with something.

    Try booting into safe mode with networking (if havent already) and go to a site that offers Internet scanning like TrendMicro, Symantec or Bitdefender and scan the system. You could try Microsoft's malware scanner (http://support.microsoft.com/?id=890830).

    Good luck in cleaning.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •