The Hughesnet reps (@Liz, @Amanda, @Jorge, @Hal) will be here tomorrow (approximately 9-5). In the meantime, I'm tagging other people who may be able to help you: @GabeU, @MarkJFine, @BirdDog, @C0RR0SIVE.
If the person is hacking the MAC address, and disabled the Wifi, you'll have to go in with an ethernet cable somehow. Just know that the MAC for ethernet is different than the Wifi on your computer.
If that's still not good, you'll have to reset the router to factory settings (I think it's using the red reset button above the top ehternet connector, but it's very sensitive and could reset more than it's supposed to depending upon how long it's held in. Do some research before doing this and use at your own risk).
Once you've reset it, you'll want to disable Wifi completely and use ethernet so you can re-configure it (including new, secure wifi and admin passwords) without the hacker getting involved. Once you're confident it's configured properly with new passwords, you can put the Wifi back on.
You may want to set a new set of MAC addresses to Allow access, but it seems like that's not going to do much.
Seeing as this has to be a local event, contact your local police department if the have a cybercrimes department. The police stations that have such departments take events like this very seriously and will usually investigate and look into things.
On the more likely chance that your local police department doesn't have this, I recomend connecting directly to your HT2000w, disable all 4 Wifi Radios, disable WPS, and then reconfigure everything including the wireless administration password before enabling any of the wireless radios...
Can you share those screenshots with us? You can upload and post them by clicking the button "Photos" above when doing a reply.
Hi Catherine,
I'd like to investigate this with you and see what is going on, however I cannot reach the modem remotely. Do you have the HughesNet Wi-Fi modem powered on? If not, please do so and reply back so that I can take a look.
Thank you,
Amanda
Catherine,
I was able to get to your HughesNet modem and see many configuration issues that would definitely have caused connectivity loss. I do not see any signs of intrusion, but we can monitor this together. I will need to reset your modem to it's factory settings to get all your original configurations back. Please let me know when is a good time to do this for you.
Thank you,
Amanda
.. deleted
deleted
__________
the following line was added:
( this is in reference to all the private messages being sent.. I didn't use the QUOTE fcn, so it is out of context )
____________________________________________________________
This is all relevant, useful and possibly helpful information...
Is it not possible to eliminate anything identifying and or sensitiv
so that the rest of the community could learn and potentially
resolve their issues as well ???
( not intended to be a rhetorical question, but seems to often be.. is this not a community environment )
@JT-Hughes
Your issue is totally seperate, also, please edit your post and remove your SAN in those pictures, that's private information which can cause issues.
The fact your HT2000w is giving 2.1.1 as a state code indicates either a coaxial cable problem or the out door transmitter has failed. This will require a truck roll to repair, however, before that, make sure the cable is snug at both ends.
@Catherine108
Just to set a few things straight...
1: The HT2000w it self doesn't have the ability nor offer the option to block ports.
2: A Mac being similar means nothing, it's not spoofed. When someone refers to Mac Spoofing, they are talking about taking another MAC address in it's entirity and using that on another machine on the same network, in order to grab the IP address of another machine to stay hidden. In most cases, your computer will warn you the moment it detects another machine on the same network with the same IP address. That is about the ONLY sign of there being a spoofed address on your network.
3: Spoofing the address of the HT2000w it self, would do nothing, it wouldn't grant someone access.
4: There IS a hidden network on the HT2000w that appears once in a while, it WILL have a similar MAC address to the HT2000w. This network appears when the HT2000w is doing a scan for a Hughesnet Wifi Booster, and is used specifically in conjunction with that device. Yes, this network MAC is 0A:80:AE:XX:XX:XX
5
5: DNS Hijacking is a totally different animal, this tends to occur when you have malware on your own devices, which you must remove. MalwareBytes tends to be pretty good at doing this.
appreciate the knowledgeable reply.
what is the course of action to take when 8 gigs gone when I have not loaded much more than a handful of pages ( text pages )
@JT-Hughes Seeing as your modem is reporting issues with the radio or cable, this could be causing re-transmissions thus higher data usage.
why does nobody ever ask about logs..
"why does nobody ever ask about logs.. i know precious little about all the #$%^..,
but when i looked at the logs .. seems to me there is everything and more to find
plenty of dirt... in plain english.."
Why don't you provide the logs, then?
@JT-Hughes wrote:ahh, you mean like when there is a missing byte at the end or something
of that nature... if only, i doubt that would add up to the likes of 6 - 8 gigs in
4 days..
If retransmission issues were not a possible cause Corrosive wouldn't have suggested it as a possibility. He's very knowledgeable of the system.
@JT-Hughes wrote:why does nobody ever ask about logs..
If the reps need to view any logs they will do so remotely. They don't need to ask for them.