Reply

Re: Have I been hacked?!

andrewbee
Aspirant

Have I been hacked?!

My router has been working fine with a few hiccups every now and then since I moved to the latest firmware were I have to put in my ISP username and password.

Today I decided to try browsing and It kept returning me to the router settings page(routerlogin.net), no matter what I did. different browsers clearing cache.

I swapped the router to test with another (BTHub) and I can connect with that.

I did check the router log and saw the last few entries were DOS attacks? Anyone experience this before and How can I fix this problem:confused:

Message 1 of 8
fordem
Mentor

Re: Have I been hacked?!

Post the actual logs so we can see them. I've seen a number of discussions recently about DoS attacks and there has been a lot of miscommunication when the original poster leaves out certain bits of information. Simply put - actual DoS attacks on residential users are extremely rare, and logged "attack scans" are very, very common and can generally be ignored.

Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Message 2 of 8
andrewbee
Aspirant

Re: Have I been hacked?!

fordem wrote:
Post the actual logs so we can see them....
Simply put - actual DoS attacks on residential users are extremely rare, and logged "attack scans" are very, very common and can generally be ignored.


I will in just a moment. Only problem is, I am not able to connect to the internet even though the router tells me I have a good connection with my ISP. Will take screenshots now.
Message 3 of 8
andrewbee
Aspirant

Re: Have I been hacked?!

I have lost the logs because I disconnected and unplugged the router to try a different one. But here is my most recent log. Not sure it gives much but I cant seem to go to any website. It does atempt be automatically re-route its way to the routerlogin.net page.:(

[DHCP IP: 192.168.1.148] to MAC address c8:85:50:95:11:68, Wednesday, July 01, 2015 13:28:30
[DHCP IP: 192.168.1.148] to MAC address c8:85:50:95:11:68, Wednesday, July 01, 2015 13:28:28
[Access Control] Device ANDREWS-IPHONE with MAC address C8:85:50:95:11:68 is allowed to access the network, Wednesday, July 01,
[DHCP IP: 192.168.1.7] to MAC address 34:13:e8:29:43:2f, Wednesday, July 01, 2015 13:26:51
[Access Control] Device ANDREWBEENUC with MAC address 34:13:E8:29:43:2F is allowed to access the network, Wednesday, July 01, 20
[Access Control] Device TVE553A436D7DF with MAC address EC:0E:C4:31:C7:60 is allowed to access the network, Wednesday, July 01,
[admin login] from source 192.168.1.119, Wednesday, July 01, 2015 13:26:13
[Time synchronized with NTP server] Wednesday, July 01, 2015 13:25:49
[Internet connected] IP address: 109.158.234.64, Wednesday, July 01, 2015 13:25:42
[Access Control] Device ANDREWBEAST with MAC address A4:1F:72:FE:FF:43 is allowed to access the network, Wednesday, July 01, 201
[Initialized, firmware version: V1.0.0.92] Wednesday, July 01, 2015 13:25:21
[DHCP IP: 192.168.1.119] to MAC address a4:1f:72:fe:ff:43, Wednesday, July 01, 2015 13:25:01
Message 4 of 8
fordem
Mentor

Re: Have I been hacked?!

Nothing there on DoS attacks - which is, so to speak, my main interest. The re-routing problem is most likely an incorrect configuration preventing the router from properly connecting to the ISP, I would suggest a reset to default & reconfigure.

Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Message 5 of 8
andrewbee
Aspirant

Re: Have I been hacked?!

fordem wrote:
Nothing there on DoS attacks - which is, so to speak, my main interest.

The re-routing problem is most likely an incorrect configuration preventing the router from properly connecting to the ISP, I would suggest a reset to default & reconfigure.


443, Wednesday, July 08, 2015 12:17:57
[DoS Attack: RST Scan] from source: 216.58.210.65, port 443, Wednesday, July 08, 2015 12:17:20
[DoS Attack: RST Scan] from source: 216.58.210.67, port 443, Wednesday, July 08, 2015 12:15:59
[DoS Attack: RST Scan] from source: 31.13.90.2, port 443, Wednesday, July 08, 2015 12:15:32
[DoS Attack: RST Scan] from source: 216.58.210.69, port 443, Wednesday, July 08, 2015 12:14:48
[DoS Attack: RST Scan] from source: 216.58.210.65, port 443, Wednesday, July 08, 2015 12:14:45
[DoS Attack: RST Scan] from source: 216.58.210.77, port 443, Wednesday, July 08, 2015 12:14:27
[DoS Attack: RST Scan] from source: 216.58.210.67, port 443, Wednesday, July 08, 2015 12:13:12
[DoS Attack: RST Scan] from source: 216.58.210.68, port 443, Wednesday, July 08, 2015 12:13:09
[DoS Attack: RST Scan] from source: 216.58.210.69, port 443, Wednesday, July 08, 2015 12:11:36
[DoS Attack: RST Scan] from source: 216.58.210.78, port 443, Wednesday, July 08, 2015 12:08:51
[DoS Attack: RST Scan] from source: 216.58.210.67, port 443, Wednesday, July 08, 2015 11:59:10
[DoS Attack: RST Scan] from source: 216.58.210.78, port 443, Wednesday, July 08, 2015 11:58:09
[DoS Attack: RST Scan] from source: 216.58.210.69, port 443, Wednesday, July 08, 2015 11:57:27
[DoS Attack: RST Scan] from source: 216.58.210.67, port 443, Wednesday, July 08, 2015 11:57:10
[DoS Attack: RST Scan] from source: 216.58.210.78, port 443, Wednesday, July 08, 2015 11:55:17
[DoS Attack: RST Scan] from source: 216.58.210.67, port 443, Wednesday, July 08, 2015 11:55:10


Managed to reset the router and getting loads of these in the logs
Message 6 of 8
Laszlo
Aspirant

Re: Have I been hacked?!

I am not sure. Checking out the IP Addresses using https://geoip.flagfox.net, these ‘attacks’ come from Google and Facebook. Checking my own logs, I have quite DOS Attacks as well, but these are from many different unidentified hosts from all over the globe. If you are afraid you are compromised, I recommend the following approach:



    A fair warning: Depending on your knowledge and number of machines, this can take a couple of days, but at least you will be safe! 😄 If you still have the re-direction issue, I am quite certain there is something configured wrongly.

    The easiest way it so reset your router to factory settings. Perform minimal configuration (so only wired LAN for example). Connect the internet. See if the issue arises. If not, perform the next configuration step.. Test.. Perform next configuration step, etc..
Message 7 of 8
Anteln
Novice

Re: Have I been hacked?!

This is very interesting, since just a few hours ago i too have been stuck in the routerlogin.net loop. No idea as to what has caused it, did you figure out what the problem was?
Message 8 of 8
Discussion stats
  • 7 replies
  • 4187 views
  • 0 kudos
  • 4 in conversation
Announcements

Orbi WiFi 6E