NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Nighthawk R7800 potentially compromised
Hi all, I'm concerned my router might be compromised. All of the three main people who are connected to it got hit with a random CC charge a while back.
Me and my roommate factory reset the router and set up Access Control to block all new connections so we could manually approve them.
Now there are a couple devices I'm seeing as "wired" ones that don't have a description and I don't know what they are at all, I pinged them so they're live and I've accounted for all the wired devices I can think of.
I also tried blocking them in access control and it said it was working on it then came back to the list and they were still allowed.
Has anyone experienced this before? Should I just dump my router and buy a new one? It's a couple years old now so not really at EoL...
Thanks for any insights!
I've actually figured this out, I was using an app on the FireTV called "Downloader" which is used to circumvent the FireTV's verification process of applications so you can "side load" different unapproved apps, I don't even remember what I used this for.
Anyway, it seems that in order to do this, it can't use the IP that is displayed in settings so it must create a couple virtual network devices and get IPs for them so it can download not using the "main" IP.
Weird situation but glad I figured that out.
Thanks!
4 Replies
> Nighthawk R7800 [...]
Firmware version? Connected to what?
> [...] I'm concerned my router might be compromised. All of the three
> main people who are connected to it got hit with a random CC charge a
> while back.Those people (and their unspecified computers/devices) also connected
to everything else on your LAN when they connected to your router. Why
blame the router, and not all the other stuff?> Now there are a couple devices I'm seeing as "wired" [...]
With my weak psychic powers, I'm seeing nothing at all about them.
Copy+paste is your friend.> Me and my roommate factory reset the router [...]
If its firmware was corrupted somehow, then I wouldn't expect a
settings reset to do much about it. Loading (reloading) the firmware
might do more.Firmware version is V1.0.2.130 also my router is the R8300 not R7800.
Attached is a list of attached devices.
So after I signed in today, I noticed that the devices I was trying to block are now showing as blocked .20 and .17 but I'm still able to ping anything that is "blocked". I think that might be okay though as even when "blocked" they're still connected to the network.
That being said, I've disconnected almost everything that is "wired" from the router and it's still showing these as connected devices.
That's a good point, we have a media server that could be the culprit. I guess the reason I was thinking it was the router was because it was behaving oddly with respect to the blocking of these devices. Also it's showing one device twice in the list the .20 when on the Access Control List page.
I'll look into reloading the firmware.
Thanks!
Okay so more weirdness, all three of the "unblockable" devices had the same MAC address which is odd because there are two different IPs attached to it. They're all my FireTV
When I go into attached devices, I notice that that MAC has 3 different "wired" IPs that it's using. And I can ping all 3 of them.
