Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


312 posts

Ultimate Geek
+1 received by user: 73


Topic # 161958 25-Jan-2015 10:43
Send private message

I woke up at around 2am this morning and checked my phone. I noticed my wifi was down so I went into the wifi settings and my SSID was not listed, but there were 2 other networks with rather vulgar (and pretty funny) SSID names, they were both full bars. I was able to connect to them with my usual password. The networks were the 2.4 and 5ghz that my Asus modem was outputting, both with different names.

It happened between when we went to bed at around midnight and when I woke around 2am. All they seem to have done is change my SSID's from what I can tell. What else could they have access to? They clearly wanted me to know my networked had been breached by changing the names to PU*SYFART and LE_SH*THEAD! but whats the point? What do they have to gain?

I would like to know whether it was done remotely or if someone stood outside my home, either way nobody had my password. Obviously I will be changing passwords, but I just want to know is my network at risk? What could they be doing? I will be factory resetting, will that block them from anything they might have set up to get further access? I have found a newer firmware for the modem that I will install today. Any other advice? 

Would posting the system log in here help? Also port UDP 57863 has been forwarded on the IP of my laptop, is that normal? I would not have done it, maybe automatically done by a program like utorrent? 

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
117 posts

Master Geek
+1 received by user: 14


  Reply # 1221761 25-Jan-2015 10:50
One person supports this post
Send private message

I highly doubt it would be done remotely, most likely some neighbours or people near by that were still within the range of your wifi. 

Depending on your sharing settings of computers they may have had access to files on your network. A password change is definitely in order. Port forwarding can be used to gain access to your computers also, so I'd get rid of that. Factory resetting should take care of that. UTorrent can't automatically change port forwarding settings on your router.

Also, what level of encryption do you have for your router? WPA-2 is the best and most difficult to crack (although not impossible). If it is WEP then it's relatively very easy to crack. So I'd make sure your router, with the new password is set to WPA-2. And if that's not supported I'd recommend upgrading your router to one that does support it.

6055 posts

Uber Geek
+1 received by user: 1826

Trusted

  Reply # 1221762 25-Jan-2015 10:52
Send private message

Do you have a Hg556a?




 




312 posts

Ultimate Geek
+1 received by user: 73


  Reply # 1221764 25-Jan-2015 10:59
Send private message

RT-N56U is my modem. WPA-2. My computer was in sleep mode, could it be awaken from another device?

6055 posts

Uber Geek
+1 received by user: 1826

Trusted

  Reply # 1221765 25-Jan-2015 11:06
Send private message

Scotty1986: RT-N56U is my modem. WPA-2. My computer was in sleep mode, could it be awaken from another device?


Some internet troll probably just scanned IP ranges for port 80 being open, Logged in with default remote details and the troll commenced.




 


483 posts

Ultimate Geek
+1 received by user: 286

Trusted

  Reply # 1221766 25-Jan-2015 11:06
Send private message

Most important, does your router have secure, non-default admin passwords?
Does it have admin on WAN enabled?


700 posts

Ultimate Geek
+1 received by user: 287

Subscriber

  Reply # 1221767 25-Jan-2015 11:07
Send private message

I wouldn't trust the modem again even with a firmware update, unless you identify how it was compromised and the update specifically resolves the exploit. Yes posting the log from the modem might help. There are a lot of remote exploits going round at the moment for consumer grade modems and routers. Perhaps consider a dd-wrt based router and use a modem only for the internet connection. That would help keep your LAN secure but wont stop abuse of your internet connection if the modem gets compromised.

Before you panic though, be sure to determine it wasn't an inside job (a teenager on the LAN for example).

There is also this









312 posts

Ultimate Geek
+1 received by user: 73


  Reply # 1221776 25-Jan-2015 11:28
Send private message

Ok, some new information, In my complete stupidity I had managed to turn off the modem firewall, I would assume that would not help. I also factory reset my modem just the other day after some issues with Netflix and in my rush to get back to sons of anarchy I left the default admin/admin, also not going to help! I have learnt my lesson. Its just me and the wife in the house and she struggles to turn on the TV.  Here is my system log, the time is one +1 hour out, so the stuff at 9am was really 10am real time. I would appreciate anything you can point that I could change. 

Jan 1 12:00:13 syslogd started: BusyBox v1.17.4
Jan 1 12:00:13 kernel: klogd started: BusyBox v1.17.4 (2014-07-17 06:19:17 CST)
Jan 1 12:00:13 syslog: module ledtrig-usbdev not found in modules.dep
Jan 1 12:00:13 syslog: module leds-usb not found in modules.dep
Jan 1 12:00:13 kernel: Linux version 2.6.2219 (root@asus) (gcc version 3.4.2) #1 Thu Jul 17 06:21:50 CST 2014
Jan 1 12:00:13 kernel: The CPU feqenuce set to 500 MHz
Jan 1 12:00:13 kernel: CPU revision is: 0001974c
Jan 1 12:00:13 kernel: Determined physical RAM map:
Jan 1 12:00:13 kernel: memory: 08000000 @ 00000000 (usable)
Jan 1 12:00:13 kernel: Built 1 zonelists. Total pages: 32512
Jan 1 12:00:13 kernel: Kernel command line: console=ttyS1,57600n8 root=/dev/mtdblock4 rootfstype=squashfs noinitrd
Jan 1 12:00:13 kernel: Primary instruction cache 64kB, physically tagged, 4-way, linesize 32 bytes.
Jan 1 12:00:13 kernel: Primary data cache 32kB, 4-way, linesize 32 bytes.
Jan 1 12:00:13 kernel: cause = 40808000, status = 11000000
Jan 1 12:00:13 kernel: PID hash table entries: 512 (order: 9, 2048 bytes)
Jan 1 12:00:13 kernel: calculating r4koff... 001e8480(2000000)
Jan 1 12:00:13 kernel: CPU frequency 500.00 MHz
Jan 1 12:00:13 kernel: Using 250.000 MHz high precision timer.
Jan 1 12:00:13 kernel: Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
Jan 1 12:00:13 kernel: Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
Jan 1 12:00:13 kernel: Mount-cache hash table entries: 512
Jan 1 12:00:13 kernel: RALINK_PCI_PCICFG_ADDR = 0
Jan 1 12:00:13 kernel: *************** Ralink PCIe RC mode *************
Jan 1 12:00:13 kernel: registering PCI controller with io_map_base unset
Jan 1 12:00:13 kernel: 2->[1][0][0][30]=0
Jan 1 12:00:13 kernel: 5->[1][0][0][30]=fffffffe
Jan 1 12:00:13 kernel: 2->[1][0][0][30]=0
Jan 1 12:00:13 kernel: 5->[1][0][0][30]=0
Jan 1 12:00:13 kernel: BAR0 at slot 0 = 0
Jan 1 12:00:13 kernel: bus=0, slot = 0x0
Jan 1 12:00:13 kernel: P2P(PCI) 0x00 = 08021814
Jan 1 12:00:13 kernel: P2P(PCI) 0x04 = 00100007
Jan 1 12:00:13 kernel: P2P(PCI) 0x08 = 06040001
Jan 1 12:00:13 kernel: P2P(PCI) 0x0c = 00010000
Jan 1 12:00:13 kernel: P2P(PCI) 0x10 = 00000000
Jan 1 12:00:13 kernel: P2P(PCI) 0x14 = 20100000
Jan 1 12:00:13 kernel: P2P(PCI) 0x18 = 00010100
Jan 1 12:00:13 kernel: P2P(PCI) 0x1c = 000000f0
Jan 1 12:00:13 kernel: P2P(PCI) 0x20 = 20002000
Jan 1 12:00:13 kernel: P2P(PCI) 0x24 = 0000fff0
Jan 1 12:00:13 kernel: P2P(PCI) 0x28 = 00000000
Jan 1 12:00:13 kernel: P2P(PCI) 0x2c = 00000000
Jan 1 12:00:13 kernel: P2P(PCI) 0x30 = 00000000
Jan 1 12:00:13 kernel: P2P(PCI) 0x34 = 00000040
Jan 1 12:00:13 kernel: P2P(PCI) 0x38 = 00000000
Jan 1 12:00:13 kernel: P2P(PCI) 0x3c = 000401ff
Jan 1 12:00:13 kernel: res[0]->start = 0
Jan 1 12:00:13 kernel: res[0]->end = 1ffffff
Jan 1 12:00:13 kernel: res[1]->start = 20100000
Jan 1 12:00:13 kernel: res[1]->end = 2010ffff
Jan 1 12:00:13 kernel: res[2]->start = 0
Jan 1 12:00:13 kernel: res[2]->end = 0
Jan 1 12:00:13 kernel: res[3]->start = 0
Jan 1 12:00:13 kernel: res[3]->end = 0
Jan 1 12:00:13 kernel: res[4]->start = 0
Jan 1 12:00:13 kernel: res[4]->end = 0
Jan 1 12:00:13 kernel: res[5]->start = 0
Jan 1 12:00:13 kernel: res[5]->end = 0
Jan 1 12:00:13 kernel: bus=1, slot = 0x0
Jan 1 12:00:13 kernel: dev III(PCIe) 0x00 = 30911814
Jan 1 12:00:13 kernel: dev III(PCIe) 0x04 = 00100000
Jan 1 12:00:13 kernel: dev III(PCIe) 0x08 = 02800000
Jan 1 12:00:13 kernel: dev III(PCIe) 0x0c = 00000000
Jan 1 12:00:13 kernel: dev III(PCIe) 0x10 = 20000000
Jan 1 12:00:13 kernel: dev III(PCIe) 0x14 = 00000000
Jan 1 12:00:14 kernel: dev III(PCIe) 0x18 = 00000000
Jan 1 12:00:14 kernel: dev III(PCIe) 0x1c = 00000000
Jan 1 12:00:14 kernel: dev III(PCIe) 0x20 = 00000000
Jan 1 12:00:14 kernel: dev III(PCIe) 0x24 = 00000000
Jan 1 12:00:14 kernel: dev III(PCIe) 0x28 = 00000000
Jan 1 12:00:14 kernel: dev III(PCIe) 0x2c = 30911814
Jan 1 12:00:14 kernel: dev III(PCIe) 0x30 = 00000000
Jan 1 12:00:14 kernel: dev III(PCIe) 0x34 = 00000040
Jan 1 12:00:14 kernel: dev III(PCIe) 0x38 = 00000000
Jan 1 12:00:14 kernel: dev III(PCIe) 0x3c = 000001ff
Jan 1 12:00:14 kernel: res[0]->start = 20000000
Jan 1 12:00:14 kernel: res[0]->end = 2000ffff
Jan 1 12:00:14 kernel: res[1]->start = 0
Jan 1 12:00:14 kernel: res[1]->end = 0
Jan 1 12:00:14 kernel: res[2]->start = 0
Jan 1 12:00:14 kernel: res[2]->end = 0
Jan 1 12:00:14 kernel: res[3]->start = 0
Jan 1 12:00:14 kernel: res[3]->end = 0
Jan 1 12:00:14 kernel: res[4]->start = 0
Jan 1 12:00:14 kernel: res[4]->end = 0
Jan 1 12:00:14 kernel: res[5]->start = 0
Jan 1 12:00:14 kernel: res[5]->end = 0
Jan 1 12:00:14 kernel: IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
Jan 1 12:00:14 kernel: TCP established hash table entries: 4096 (order: 3, 32768 bytes)
Jan 1 12:00:14 kernel: TCP bind hash table entries: 4096 (order: 2, 16384 bytes)
Jan 1 12:00:14 kernel: ralink flash device: 0x1000000 at 0x1c000000
Jan 1 12:00:14 kernel: Amd/Fujitsu Extended Query Table at 0x0040
Jan 1 12:00:14 kernel: number of CFI chips: 1
Jan 1 12:00:14 kernel: cfi_cmdset_0002: Disabling erase-suspend-program due to code brokenness.
Jan 1 12:00:14 kernel: partion 3: 50000 fb0000
Jan 1 12:00:14 kernel: partion 4: 14a040 eb5fc0
Jan 1 12:00:14 kernel: Creating 5 MTD partitions on "Ralink SoC physically mapped flash":
Jan 1 12:00:14 kernel: 0x00000000-0x00030000 : "Bootloader"
Jan 1 12:00:14 kernel: 0x00030000-0x00040000 : "nvram"
Jan 1 12:00:14 kernel: 0x00040000-0x00050000 : "Factory"
Jan 1 12:00:14 kernel: 0x00050000-0x01000000 : "linux"
Jan 1 12:00:14 kernel: mtd: partition "linux" extends beyond the end of device "Ralink SoC physically mapped flash" -- size truncated to 0x7b0000
Jan 1 12:00:14 kernel: 0x0014a040-0x01000000 : "rootfs"
Jan 1 12:00:14 kernel: mtd: partition "rootfs" extends beyond the end of device "Ralink SoC physically mapped flash" -- size truncated to 0x6b5fc0
Jan 1 12:00:14 kernel: mtd: partition "rootfs" doesn't start on an erase block boundary -- force read-only
Jan 1 12:00:14 kernel: Load Ralink DFS Timer Module
Jan 1 12:00:14 kernel: RT3xxx EHCI/OHCI init.
Jan 1 12:00:14 kernel: pcie_portdrv_probe->Dev[1814:0802] has invalid IRQ. Check vendor BIOS
Jan 1 12:00:14 kernel: assign_interrupt_mode Found MSI capability
Jan 1 12:00:14 kernel: GPIO MODE: 181d
Jan 1 12:00:14 kernel: Ralink gpio driver initialized
Jan 1 12:00:14 kernel: software reset RTL8367M...
Jan 1 12:00:14 kernel: rtk_switch_init() return 0
Jan 1 12:00:14 kernel: rtk_port_macForceLinkExt0_set(): return 0
Jan 1 12:00:14 kernel: rtk_port_macForceLinkExt1_set(): return 0
Jan 1 12:00:14 kernel: power down all ports
Jan 1 12:00:14 kernel: org Ext0 txDelay: 0, rxDelay: 0
Jan 1 12:00:14 kernel: org Ext1 txDelay: 0, rxDelay: 0
Jan 1 12:00:14 kernel: new Ext0 txDelay: 1, rxDelay: 0
Jan 1 12:00:14 kernel: rtk_port_rgmiiDelayExt0_set(): return 0
Jan 1 12:00:14 kernel: new Ext1 txDelay: 1, rxDelay: 0
Jan 1 12:00:14 kernel: rtk_port_rgmiiDelayExt1_set(): return 0
Jan 1 12:00:14 kernel: rtk_led_enable_set(LED_GROUP_0...): return 0
Jan 1 12:00:14 kernel: rtk_led_enable_set(LED_GROUP_1...): return 0
Jan 1 12:00:14 kernel: rtk_led_operation_set(): return 0
Jan 1 12:00:14 kernel: rtk_led_groupConfig_set(LED_GROUP_0...): return 0
Jan 1 12:00:14 kernel: rtk_led_groupConfig_set(LED_GROUP_1...): return 0
Jan 1 12:00:14 kernel: current led blinkRate: 0
Jan 1 12:00:14 kernel: rtk_switch_maxPktLen_get(): return 0
Jan 1 12:00:14 kernel: current rtk_switch_maxPktLen: 3
Jan 1 12:00:14 kernel: rtk_switch_maxPktLen_set(): return 0
Jan 1 12:00:14 kernel: rtk_switch_greenEthernet_get(): return 0
Jan 1 12:00:14 kernel: current rtk_switch_greenEthernet state: 1
Jan 1 12:00:14 kernel: rtk_switch_greenEthernet_set(): return 0
Jan 1 12:00:14 kernel: RTL8367M driver initialized
Jan 1 12:00:14 kernel: rdm_major = 254
Jan 1 12:00:14 kernel: Ralink APSoC Ethernet Driver Initilization. v3.0 256 rx/tx descriptors allocated, mtu = 1500!
Jan 1 12:00:14 kernel: GMAC1_MAC_ADRH -- : 0x000054a0
Jan 1 12:00:14 kernel: GMAC1_MAC_ADRL -- : 0x50790a33
Jan 1 12:00:14 kernel: PROC INIT OK!
Jan 1 12:00:14 kernel: u32 classifier
Jan 1 12:00:14 kernel: OLD policer on
Jan 1 12:00:14 kernel: Netfilter messages via NETLINK v0.30.
Jan 1 12:00:14 kernel: nf_conntrack version 0.5.0 (1024 buckets, 8192 max)
Jan 1 12:00:14 kernel: ipt_time loading
Jan 1 12:00:14 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Jan 1 12:00:14 kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
Jan 1 12:00:14 kernel: VFS: Mounted root (squashfs filesystem) readonly.
Jan 1 12:00:14 kernel: Warning: unable to open an initial console.
Jan 1 12:00:14 kernel: GPIOMODE before: 181d
Jan 1 12:00:14 kernel: GPIOMODE writing: 185d
Jan 1 12:00:14 kernel: power down all ports
Jan 1 12:00:14 kernel: set unknown unicast strom control rate as: 20
Jan 1 12:00:14 kernel: set unknown multicast strom control rate as: 20
Jan 1 12:00:14 kernel: set multicast strom control rate as: 20
Jan 1 12:00:14 kernel: set broadcast strom control rate as: 20
Jan 1 12:00:14 kernel: rt2860v2_ap: module license 'unspecified' taints kernel.
Jan 1 12:00:14 kernel: === pAd = c0054000, size = 851864 ===
Jan 1 12:00:14 kernel: <-- RTMPAllocAdapterBlock, Status=0
Jan 1 12:00:14 kernel: register rt2860
Jan 1 12:00:14 kernel: === pAd = c0151000, size = 725984 ===
Jan 1 12:00:14 kernel: <-- RTMPAllocTxRxRingMemory, Status=0
Jan 1 12:00:14 kernel: <-- RTMPAllocAdapterBlock, Status=0
Jan 1 12:00:14 kernel: pAd->CSRBaseAddress =0xc0140000, csr_addr=0xc0140000!
Jan 1 12:00:14 kernel: Algorithmics/MIPS FPU Emulator v1.5
Jan 1 12:00:14 kernel: SCSI subsystem initialized
Jan 1 12:00:15 kernel: ufsd: driver 8.5 (NTFS4LINUX_U85_022_S[2011-11-29-13:37:54]) LBD=ON with ioctl loaded at c04bb000
Jan 1 12:00:15 kernel: NTFS support included
Jan 1 12:00:15 kernel: Built_for__asus_n56u_2011-11-22
Jan 1 12:00:15 kernel: Raeth v3.0 (Tasklet,SkbRecycle)
Jan 1 12:00:15 kernel: phy_tx_ring = 0x07295000, tx_ring = 0xa7295000
Jan 1 12:00:15 kernel: phy_rx_ring0 = 0x07296000, rx_ring0 = 0xa7296000
Jan 1 12:00:15 kernel: GMAC1_MAC_ADRH -- : 0x000054a0
Jan 1 12:00:15 kernel: GMAC1_MAC_ADRL -- : 0x50790a33
Jan 1 12:00:15 kernel: GDMA2_MAC_ADRH -- : 0x000054a0
Jan 1 12:00:15 kernel: GDMA2_MAC_ADRL -- : 0x50790a32
Jan 1 12:00:15 kernel: eth3: ===> VirtualIF_open
Jan 1 12:00:15 kernel: CDMA_CSG_CFG = 81000007
Jan 1 12:00:15 kernel: GDMA1_FWD_CFG = C0710000
Jan 1 12:00:16 kernel: GDMA2_FWD_CFG = C0710000
Jan 1 12:00:16 kernel: RX DESC a763f000 size = 2048
Jan 1 12:00:16 kernel: RtmpChipOpsEepromHook::e2p_type=0, inf_Type=5
Jan 1 12:00:16 kernel: NVM is FLASH mode
Jan 1 12:00:16 kernel: 1. Phy Mode = 9
Jan 1 12:00:16 kernel: 2. Phy Mode = 9
Jan 1 12:00:16 kernel: 3. Phy Mode = 9
Jan 1 12:00:16 kernel: ^[[mAntCfgInit: primary/secondary ant 0/1
Jan 1 12:00:16 kernel: ^[[mRTMPSetPhyMode: channel is out of range, use first channel=0
Jan 1 12:00:16 kernel: MCS Set = ff ff 00 00 01
Jan 1 12:00:16 kernel: SYNC - BBP R4 to 20MHz.l
Jan 1 12:00:19 kernel: =====================================================
Jan 1 12:00:19 kernel: Channel 1 : Dirty = 0, False CCA = 26, Busy Time = 741, Skip Channel = FALSE
Jan 1 12:00:19 kernel: Channel 2 : Dirty = 0, False CCA = 31, Busy Time = 234, Skip Channel = FALSE
Jan 1 12:00:19 kernel: Channel 3 : Dirty = 0, False CCA = 9, Busy Time = 217, Skip Channel = FALSE
Jan 1 12:00:19 kernel: Channel 4 : Dirty = 0, False CCA = 0, Busy Time = 458, Skip Channel = FALSE
Jan 1 12:00:19 kernel: Channel 5 : Dirty = 0, False CCA = 22, Busy Time = 576, Skip Channel = FALSE
Jan 1 12:00:19 kernel: Channel 6 : Dirty = 0, False CCA = 28, Busy Time = 1510, Skip Channel = FALSE
Jan 1 12:00:19 kernel: Channel 7 : Dirty = 0, False CCA = 14, Busy Time = 374, Skip Channel = FALSE
Jan 1 12:00:19 kernel: Channel 8 : Dirty = 0, False CCA = 0, Busy Time = 5, Skip Channel = FALSE
Jan 1 12:00:19 kernel: Channel 9 : Dirty = 0, False CCA = 3, Busy Time = 88, Skip Channel = FALSE
Jan 1 12:00:19 kernel: Channel 10 : Dirty = 0, False CCA = 6, Busy Time = 30, Skip Channel = FALSE
Jan 1 12:00:19 kernel: Channel 11 : Dirty = 0, False CCA = 12, Busy Time = 353, Skip Channel = FALSE
Jan 1 12:00:19 kernel: Channel 12 : Dirty = 0, False CCA = 35, Busy Time = 211, Skip Channel = FALSE
Jan 1 12:00:19 kernel: Channel 13 : Dirty = 0, False CCA = 1, Busy Time = 145, Skip Channel = FALSE
Jan 1 12:00:19 kernel: =====================================================
Jan 1 12:00:19 kernel: Rule 1 CCA value : Min Dirtiness (Include extension channel) ==> Select Channel 1
Jan 1 12:00:19 kernel: Min Dirty = 0
Jan 1 12:00:19 kernel: ExChannel = 5 , 0
Jan 1 12:00:19 kernel: BW = 40
Jan 1 12:00:19 kernel: SYNC - BBP R4 to 20MHz.l
Jan 1 12:00:19 kernel: SYNC - BBP R4 to 20MHz.l
Jan 1 12:00:19 kernel: SYNC - BBP R4 to 20MHz.l
Jan 1 12:00:19 kernel: SYNC - BBP R4 to 20MHz.l
Jan 1 12:00:20 kernel: SYNC - BBP R4 to 20MHz.l
Jan 1 12:00:20 kernel: SYNC - BBP R4 to 20MHz.l
Jan 1 12:00:20 kernel: SYNC - BBP R4 to 20MHz.l
Jan 1 12:00:21 kernel: SYNC - BBP R4 to 20MHz.l
Jan 1 12:00:21 kernel: Main bssid = 54:a0:50:79:0a:32
Jan 1 12:00:21 kernel: <==== rt28xx_init, Status=0
Jan 1 12:00:21 kernel: 0x1300 = 00064380
Jan 1 12:00:21 kernel: RX DESC a6c33000 size = 2048
Jan 1 12:00:21 kernel: <-- RTMPAllocTxRxRingMemory, Status=0
Jan 1 12:00:22 kernel: 1. Phy Mode = 8
Jan 1 12:00:22 kernel: 2. Phy Mode = 8
Jan 1 12:00:22 kernel: 3. Phy Mode = 8
Jan 1 12:00:22 kernel: ^[[mAntCfgInit: primary/secondary ant 0/1
Jan 1 12:00:22 kernel: ^[[mRTMPSetPhyMode: channel is out of range, use first channel=0
Jan 1 12:00:22 kernel: MCS Set = ff ff ff 00 01
Jan 1 12:00:22 kernel: SYNC - BBP R4 to 20MHz.l
Jan 1 12:00:22 kernel: =====================================================
Jan 1 12:00:22 kernel: Channel 36 : Dirty = 0, False CCA = 1, Busy Time = 23, Skip Channel = FALSE
Jan 1 12:00:22 kernel: Channel 40 : Dirty = 0, False CCA = 0, Busy Time = 0, Skip Channel = FALSE
Jan 1 12:00:22 kernel: Channel 44 : Dirty = 0, False CCA = 0, Busy Time = 0, Skip Channel = FALSE
Jan 1 12:00:23 kernel: Channel 48 : Dirty = 0, False CCA = 48, Busy Time = 1123, Skip Channel = FALSE
Jan 1 12:00:23 kernel: =====================================================
Jan 1 12:00:23 kernel: Rule 1 CCA value : Min Dirtiness (Include extension channel) ==> Select Channel 36
Jan 1 12:00:23 kernel: Min Dirty = 0
Jan 1 12:00:23 kernel: ExChannel = 0 , 0
Jan 1 12:00:23 kernel: BW = 40
Jan 1 12:00:23 kernel: Main bssid = 54:a0:50:79:0a:33
Jan 1 12:00:23 kernel: <==== rt28xx_init, Status=0
Jan 1 12:00:23 kernel: 0x1300 = 00064380
Jan 1 12:00:23 stop_nat_rules: apply the redirect_rules!
Jan 1 12:00:23 WAN Connection: Ethernet link down.
Jan 1 12:00:23 WAN Connection: ISP's DHCP did not function properly.
Jan 1 12:00:23 dnsmasq[288]: warning: interface ppp1* does not currently exist
Jan 1 12:00:23 RT-N56U: start httpd
Jan 1 12:00:23 kernel: set watchdog pid as: 300
Jan 1 12:00:23 kernel: set watchdog pid as: 300
Jan 1 12:00:23 kernel: GDMA2_MAC_ADRH -- : 0x000054a0
Jan 1 12:00:23 kernel: GDMA2_MAC_ADRL -- : 0x50790a32
Jan 1 12:00:23 kernel: eth3: ===> VirtualIF_open
Jan 1 12:00:23 miniupnpd[324]: HTTP listening on port 46312
Jan 1 12:00:23 miniupnpd[324]: Listening for NAT-PMP traffic on port 5351
Jan 1 12:01:03 WAN Connection: Ethernet link up.
Jan 1 12:01:03 rc_service: wanduck 274:notify_rc restart_wan_if 0
Jan 1 12:01:04 kernel: eth3: ===> VirtualIF_close
Jan 1 12:01:06 kernel: GDMA2_MAC_ADRH -- : 0x000054a0
Jan 1 12:01:06 kernel: GDMA2_MAC_ADRL -- : 0x50790a32
Jan 1 12:01:06 kernel: eth3: ===> VirtualIF_open
Jan 1 12:01:09 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth3_eth3)!
Jan 1 12:01:10 kernel: nf_conntrack_rtsp v0.6.21 loading
Jan 1 12:01:10 kernel: nf_nat_rtsp v0.6.21 loading
Jan 1 12:01:10 kernel: HTB: quantum of class 10001 is big. Consider r2q change.
Jan 1 12:01:10 kernel: HTB: quantum of class 10010 is big. Consider r2q change.
Jan 1 12:01:10 rc_service: udhcpc 339:notify_rc stop_upnp
Jan 1 12:01:10 miniupnpd[324]: received signal 15, good-bye
Jan 1 12:01:10 rc_service: udhcpc 339:notify_rc start_upnp
Jan 1 12:01:10 miniupnpd[410]: HTTP listening on port 51725
Jan 1 12:01:10 miniupnpd[410]: Listening for NAT-PMP traffic on port 5351
Jan 1 12:01:10 rc_service: udhcpc 339:notify_rc stop_ntpc
Jan 1 12:01:10 rc_service: udhcpc 339:notify_rc start_ntpc
Jan 1 12:01:10 dhcp client: bound 101.100.141.36 via 101.100.141.1 during 604800 seconds.
Jan 1 12:01:13 WAN Connection: WAN was restored.
Jan 25 09:03:13 rc_service: ntp 411:notify_rc restart_upnp
Jan 25 09:03:13 miniupnpd[410]: received signal 15, good-bye
Jan 25 09:03:13 miniupnpd[420]: HTTP listening on port 59243
Jan 25 09:03:13 miniupnpd[420]: Listening for NAT-PMP traffic on port 5351
Jan 25 09:30:37 rc_service: httpd 291:notify_rc restart_wireless
Jan 25 09:30:38 kernel: eth3: ===> VirtualIF_close
Jan 25 09:30:38 kernel: ra2880stop()...Done
Jan 25 09:30:38 kernel: Free TX/RX Ring Memory!
Jan 25 09:30:39 kernel: RtmpOSNetDevDetach(): RtmpOSNetDeviceDetach(), dev->name=rai0!
Jan 25 09:30:39 kernel: RtmpOSNetDevDetach(): RtmpOSNetDeviceDetach(), dev->name=ra0!
Jan 25 09:30:40 kernel: GPIOMODE before: 185d
Jan 25 09:30:40 kernel: GPIOMODE writing: 185d
Jan 25 09:30:42 kernel: === pAd = c0056000, size = 851864 ===
Jan 25 09:30:42 kernel: <-- RTMPAllocAdapterBlock, Status=0
Jan 25 09:30:43 kernel: register rt2860
Jan 25 09:30:43 kernel: === pAd = c0151000, size = 725984 ===
Jan 25 09:30:43 kernel: <-- RTMPAllocTxRxRingMemory, Status=0
Jan 25 09:30:43 kernel: <-- RTMPAllocAdapterBlock, Status=0
Jan 25 09:30:43 kernel: pAd->CSRBaseAddress =0xc0140000, csr_addr=0xc0140000!
Jan 25 09:30:44 kernel: Raeth v3.0 (Tasklet,SkbRecycle)
Jan 25 09:30:44 kernel: phy_tx_ring = 0x06ba1000, tx_ring = 0xa6ba1000
Jan 25 09:30:44 kernel: phy_rx_ring0 = 0x06ba2000, rx_ring0 = 0xa6ba2000
Jan 25 09:30:44 kernel: GMAC1_MAC_ADRH -- : 0x000054a0
Jan 25 09:30:44 kernel: GMAC1_MAC_ADRL -- : 0x50790a33
Jan 25 09:30:44 kernel: eth3: ===> VirtualIF_open
Jan 25 09:30:44 kernel: CDMA_CSG_CFG = 81000007
Jan 25 09:30:44 kernel: GDMA1_FWD_CFG = C0710000
Jan 25 09:30:44 kernel: GDMA2_FWD_CFG = C0710000
Jan 25 09:30:44 kernel: RX DESC a6b80000 size = 2048
Jan 25 09:30:44 kernel: RtmpChipOpsEepromHook::e2p_type=0, inf_Type=5
Jan 25 09:30:44 kernel: NVM is FLASH mode
Jan 25 09:30:44 kernel: 1. Phy Mode = 9
Jan 25 09:30:44 kernel: 2. Phy Mode = 9
Jan 25 09:30:44 kernel: 3. Phy Mode = 9
Jan 25 09:30:44 kernel: ^[[mAntCfgInit: primary/secondary ant 0/1
Jan 25 09:30:44 kernel: ^[[mRTMPSetPhyMode: channel is out of range, use first channel=0
Jan 25 09:30:44 kernel: MCS Set = ff ff 00 00 01
Jan 25 09:30:47 kernel: ch1 bssid=ac:3a:7a:15:e4:41
Jan 25 09:30:47 kernel: ch1 bssid=b8:3e:59:17:54:5f
Jan 25 09:30:47 kernel: ch11 bssid=00:60:64:e4:dc:66
Jan 25 09:30:47 kernel: ch11 bssid=aa:f3:c1:85:a4:d0
Jan 25 09:30:47 kernel: =====================================================
Jan 25 09:30:47 kernel: Channel 1 : Dirty = 140, False CCA = 662, Busy Time = 11911, Skip Channel = FALSE
Jan 25 09:30:47 kernel: Channel 2 : Dirty = 64, False CCA = 1106, Busy Time = 29326, Skip Channel = FALSE
Jan 25 09:30:47 kernel: Channel 3 : Dirty = 56, False CCA = 26, Busy Time = 324, Skip Channel = FALSE
Jan 25 09:30:47 kernel: Channel 4 : Dirty = 48, False CCA = 20, Busy Time = 436, Skip Channel = FALSE
Jan 25 09:30:47 kernel: Channel 5 : Dirty = 40, False CCA = 60, Busy Time = 9687, Skip Channel = FALSE
Jan 25 09:30:47 kernel: Channel 6 : Dirty = 0, False CCA = 285, Busy Time = 8838, Skip Channel = FALSE
Jan 25 09:30:47 kernel: Channel 7 : Dirty = 40, False CCA = 50, Busy Time = 1231, Skip Channel = FALSE
Jan 25 09:30:47 kernel: Channel 8 : Dirty = 48, False CCA = 0, Busy Time = 934, Skip Channel = FALSE
Jan 25 09:30:47 kernel: Channel 9 : Dirty = 56, False CCA = 7, Busy Time = 33, Skip Channel = FALSE
Jan 25 09:30:47 kernel: Channel 10 : Dirty = 64, False CCA = 67, Busy Time = 1314, Skip Channel = FALSE
Jan 25 09:30:47 kernel: Channel 11 : Dirty = 140, False CCA = 78, Busy Time = 6393, Skip Channel = FALSE
Jan 25 09:30:47 kernel: Channel 12 : Dirty = 64, False CCA = 80, Busy Time = 8395, Skip Channel = FALSE
Jan 25 09:30:47 kernel: Channel 13 : Dirty = 56, False CCA = 14, Busy Time = 1946, Skip Channel = FALSE
Jan 25 09:30:47 kernel: =====================================================
Jan 25 09:30:47 kernel: Rule 1 CCA value : Min Dirtiness (Include extension channel) ==> Select Channel 10
Jan 25 09:30:47 kernel: Min Dirty = 64
Jan 25 09:30:47 kernel: ExChannel = 6 , 0
Jan 25 09:30:47 kernel: BW = 40
Jan 25 09:30:48 kernel: SYNC - BBP R4 to 20MHz.l
Jan 25 09:30:48 kernel: SYNC - BBP R4 to 20MHz.l
Jan 25 09:30:48 kernel: SYNC - BBP R4 to 20MHz.l
Jan 25 09:30:49 kernel: SYNC - BBP R4 to 20MHz.l
Jan 25 09:30:49 kernel: SYNC - BBP R4 to 20MHz.l
Jan 25 09:30:49 kernel: SYNC - BBP R4 to 20MHz.l
Jan 25 09:30:50 kernel: SYNC - BBP R4 to 20MHz.l
Jan 25 09:30:50 kernel: SYNC - BBP R4 to 20MHz.l
Jan 25 09:30:50 kernel: SYNC - BBP R4 to 20MHz.l
Jan 25 09:30:50 kernel: SYNC - BBP R4 to 20MHz.l
Jan 25 09:30:51 kernel: Main bssid = 54:a0:50:79:0a:32
Jan 25 09:30:51 kernel: <==== rt28xx_init, Status=0
Jan 25 09:30:51 kernel: 0x1300 = 00064380
Jan 25 09:30:51 kernel: RX DESC a6bc2000 size = 2048
Jan 25 09:30:51 kernel: <-- RTMPAllocTxRxRingMemory, Status=0
Jan 25 09:30:51 kernel: 1. Phy Mode = 8
Jan 25 09:30:51 kernel: 2. Phy Mode = 8
Jan 25 09:30:51 kernel: 3. Phy Mode = 8
Jan 25 09:30:51 kernel: ^[[mAntCfgInit: primary/secondary ant 0/1
Jan 25 09:30:51 kernel: ^[[mRTMPSetPhyMode: channel is out of range, use first channel=0
Jan 25 09:30:51 kernel: MCS Set = ff ff ff 00 01
Jan 25 09:30:51 kernel: SYNC - BBP R4 to 20MHz.l
Jan 25 09:30:52 kernel: ch36 bssid=00:04:32:19:f4:49
Jan 25 09:30:52 kernel: =====================================================
Jan 25 09:30:52 kernel: Channel 36 : Dirty = 70, False CCA = 2, Busy Time = 162, Skip Channel = FALSE
Jan 25 09:30:52 kernel: Channel 40 : Dirty = 32, False CCA = 3, Busy Time = 19, Skip Channel = FALSE
Jan 25 09:30:52 kernel: Channel 44 : Dirty = 0, False CCA = 0, Busy Time = 0, Skip Channel = FALSE
Jan 25 09:30:52 kernel: Channel 48 : Dirty = 0, False CCA = 36, Busy Time = 1096, Skip Channel = FALSE
Jan 25 09:30:52 kernel: =====================================================
Jan 25 09:30:52 kernel: Rule 1 CCA value : Min Dirtiness (Include extension channel) ==> Select Channel 44
Jan 25 09:30:52 kernel: Min Dirty = 0
Jan 25 09:30:52 kernel: ExChannel = 0 , 0
Jan 25 09:30:52 kernel: BW = 40
Jan 25 09:30:52 kernel: Main bssid = 54:a0:50:79:0a:33
Jan 25 09:30:52 kernel: <==== rt28xx_init, Status=0
Jan 25 09:30:52 kernel: 0x1300 = 00064380
Jan 25 09:30:52 kernel: set watchdog pid as: 300
Jan 25 09:30:52 kernel: set watchdog pid as: 300
Jan 25 10:13:24 rc_service: httpd 291:notify_rc restart_firewall
Jan 25 10:13:24 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth3_eth3)!



 

1826 posts

Uber Geek
+1 received by user: 130


  Reply # 1221777 25-Jan-2015 11:30
Send private message

     >Before you panic though, be sure to determine it wasn't an inside job (a teenager on the LAN for example).<

That is usually the case, especially if a Torrent client has been invoked wink

As the others have said -
 Change modem access password (never leave it as the factory default) ... keep this to yourself!
 Change SSD name
 Change wifi access to highest encryption together with a new password
 Invoke MAC control for known/trusted/allowed wifi access devices e.g. your phone, laptops, etc

3105 posts

Uber Geek
+1 received by user: 1201

Subscriber

  Reply # 1222151 25-Jan-2015 23:28
One person supports this post
Send private message

And disable UPnP (universal plug n play) on the router. As if it is enabled then uTorrent (or any other program that supports UPnP) will use it to create port forward rules for itself.

Disable WPS (Wifi protected setup) due to security issues.

When you are done goto Shields Up port checker to see if your router is showing any open ports to the world. Also on the same site use the instant UPnP exposure test. (As the first test only checks for open TCP ports, and UPnP uses UDP). And finally goto openresolver check to see if your router is responding to DNS queries from the internet. If it is it could be used in DNS amplification attacks.

If your router fails on any of these checks including the ones already mentioned by others. And you are unable to fix them. I would recommend getting a new router.

[edit - fix broken link]







312 posts

Ultimate Geek
+1 received by user: 73


  Reply # 1222152 25-Jan-2015 23:33
Send private message

Can anybody tell me what could potentially happen to my network when breached? What can they do? What is at risk?

623 posts

Ultimate Geek
+1 received by user: 124


  Reply # 1222163 26-Jan-2015 00:13
One person supports this post
Send private message

Scotty1986: Can anybody tell me what could potentially happen to my network when breached? What can they do? What is at risk?


If you have a user account without a password set, and file sharing on in Windows etc... they can have a good look at anything you have shared. Also with the 'Server' service going and no firewall on a PC worms can spread easy on Microsoft shares.

I remember the early days of DSL where some people had PCI cards infact even going back to dial-up modem days machines had filing sharing on left right and centre. Firewalls weren't integrated in to Windows way back then and if you typed in \\publiciphere\ of another IP in the same subnet with some ISP's, just about every second computer had Microsoft File and Print sharing enabled.

If they didn't have admin passwords set and thought they weren't sharing their local drives, you could access \\publicip\c$ and bring up the root drive anyway. Gotta love Windows and home users.

It may have been an inside job, more than likely your modem has administration turned on on the WAN side so ti may have been done from the Internet. Having default user and passwords though is asking for problems. I remember someone's Wi-Fi SSID changing to something like "youvebeenhacked" where I live. It would have been nothing more than someone typing in a default user/pass and changing the SSID for the hell of it I'd say.

Unless you have the colonel's secret herbs and spices I wouldn't worry to much. Fix your security, run a good anti-virus and spyware/malware scan and that's probably about it. If you're super paranoid and have web sites with stores user/passwords in your browser then perhaps change your passwords and get a good password manager for storing them.




3105 posts

Uber Geek
+1 received by user: 1201

Subscriber

  Reply # 1222184 26-Jan-2015 01:19
Send private message

In addition to what Kiwirock has said.

Change the DNS responses that your router sends to your computer. This means that they can make it so that when you type in the web address for your internet banking (or any other website) you will actually end up at another website of their choice. So you could have your banking details stolen if you don't realise you are on a fake website. They could redirect you to a website that is infected with trojan horse programs or other stuff that will try to infect your computer via "drive by downloads". Especially if your web browser is out of date.

If your router has the DNS "open resolver" issue. They can use your connection to send lots of data as part of a denial of service attack. Which can easily blow your data cap if you are on a capped plan. Or at the least make your connection really slow.

And if your router also does VOIP via an ISP managed VOIP service - They can use it to make phone calls to expensive places with the costs billed to your account.

There will be lots of other things that would be possible also. Either way it is definitely worthwhile to keep your router secure.





JWR

738 posts

Ultimate Geek
+1 received by user: 236


  Reply # 1222187 26-Jan-2015 04:43

Rickles:      >Before you panic though, be sure to determine it wasn't an inside job (a teenager on the LAN for example).<

That is usually the case, especially if a Torrent client has been invoked wink

As the others have said -
 Change modem access password (never leave it as the factory default) ... keep this to yourself!
 Change SSD name
 Change wifi access to highest encryption together with a new password
 Invoke MAC control for known/trusted/allowed wifi access devices e.g. your phone, laptops, etc


1. Change SSID name- yes- but mainly for management. Not a lot of point in hiding it either. It is pretty easy to view it.
2. MAC control. Worth doing. But, also can be easily viewed every time you turn on the device. Not really secure.

Meow
7888 posts

Uber Geek
+1 received by user: 3917

Moderator
Trusted
Lifetime subscriber

  Reply # 1222201 26-Jan-2015 07:01
One person supports this post
Send private message

MAC blocking is pointless.

1) Scan for clients.
2) Deauth all clients.
3) Change mac address to one of the clients.
4) Connect as normal.




JWR

738 posts

Ultimate Geek
+1 received by user: 236


  Reply # 1222203 26-Jan-2015 07:15

michaelmurfy: MAC blocking is pointless.

1) Scan for clients.
2) Deauth all clients.
3) Change mac address to one of the clients.
4) Connect as normal.


I know.. but it is easy to do and can make it slightly more difficult.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.