affordableCebu
Home » Questions » Information [ Ask a new question ]

HELP! I believe that our router and network hub are being attacked.

HELP! I believe that our router and network hub are being attacked. Okay, I really need lots of help with this. Recently our broadband has been cutting out and we loose phone and internet to our computers on our network. We still get access to our router but nothing loads or connects. We use AT&T Uverse for out isp and we have a 3801HGV router. The problem happens randomly and until recently, I didn't know why it was happening. I have been on the line with the AT&T tech support and I have had 2 technicians come to our house. In the past 3 months I have had 2 routers replaced. The internet will cut out randomly and we wont be able to get it back for anywhere from 5 minutes to 4 hours. I connected to my router and accessed the logs only to find out that every time it goes out there are thousands of unknown inbound sessions stopped. They are all from the same group of ip addresses each time. It looks like this:

Asked by: Guest | Views: 197
Total answers/comments: 5
mcgyver89 [Entry]

"Sounds like some one is trolling fixed IP addresses looking for a weak firewall (router). Not much you can do here as they're attacking something that is exposed from the internet side (static IP address). Make sure to use a complex password on the Router and reset it weekly for the time being (with a new password as well).

While limiting your exposure within your network or WiFi AP's is a good idea it won't help you here.

One possible cause here could have been someone internally hitting an internet site that monitored the IP address and that is how your IP address was found as static. It's best not to allow users internally use this static address for outbound sessions so it is less likely to be discovered.

As you also need user access to the internet you could try setting up a second Router which does not have an assigned address (DHCP assigned from your ISP) Letting your users access it outward and limit the inbound connections to a single host internally and control what is on this exposed bastion host.

For now I would see if you can get a new IP address make sure you don't have a DNS record for it and host as much as you can on a service provider web server than trying to do it your self."
mcgyver89 [Entry]

One other thing you can do is use a white list to block an IP address or a range of IP addresses. Here's an example on one routers manual White listing
mcgyver89 [Entry]

"Sounds like you needs to take these steps.

Reset you router to default setting then set the password to a new one from the default. Make sure your wireless is encrypted to let only those who know the password on. If you have a set number of computers on the wireless network setup Mac filtering"
mcgyver89 [Entry]

"to understand your problem, some more information would be helpful:

- do you use a static or a dynamic IP address?

- how do you point to your IP (which DNS service are you using)?

- which services are running behind your router (Domain server, Mail server, hosting services,...)?

Edit: I just did a quick checkup on the 2Wire thing you call router.... never heard of this piece of electronics before but google is my friend.

My advice: get that thing OFFLINE and continue using it as an AP for something you don't really need or just scrap it. This ""thing"" is absolutely insufficient to act as stand-alone router, it would rather drop packages than rejecting connections, for this and 100 other reasons automated attackers are able to punch holes into the firewall from time to time and just won't stop trying all over again and again because they never get fully blocked.

Recommendation: If your company or lets say your network is VERY small, you should at least invest 50-80 bucks for hardware, which is able to:

- support a semi-basic but efficient firewall

- can handle a routing table large enough to manage your traffic

- suits your personal needs and desires

Typically for similar solutions I personally prefer to use devices running embedded LINUX and run them on custom firmware like DD-WRT. You can check out their website, they also have a huge router database which can help you with your hardware decision. For some devices you might prefer the genuine firmware but if they are listed there you can be sure that they will deliver the performance you need."
mcgyver89 [Entry]

Did you ever find an answer? It's happening to me and no one can help me. I mean no one.