cancel
Showing results for 
Search instead for 
Did you mean: 

Hacked Router

Freshman

Re: Hacked Router

You can't see any intrusions from your side. However, i can see on my end. I'm using Net analyzer. What Im seeing is your HN mac address is being cloned, spoofed, what ever you want to call it. So, when you're looking for an intrution your not going to see it. Look at the mac address I provided. Oa:80:ae:66:f4:e8. Does this look familiar to you? HN"s mac address is 00:80:ae:66:f4:e8. Because of this I wasnt able to block it with your available resorces I have on my HN admin side of it. It's mirroring HN. It's also a hidden address. I was able to block it for a couple of minutes this morning. It always returns. The hacker has also blocked most of my ports. I shared that screenshot with you already. So, conclusion is I've been highjacked. All 30G of my data is already gone in less than 8 days. A few days ago I purchased a 20G token. My wife and I were gone all day. When we returned all 20G was gone. Maybe exchanging my motem for another one would be a way to force the hacker to start over. Then you can monitor the router and see how they are accomplishing the DNS highjacking. Let me know. Thanks for your help.
Associate Professor

Re: Hacked Router

@JT-Hughes
Your issue is totally seperate, also, please edit your post and remove your SAN in those pictures, that's private information which can cause issues.
The fact your HT2000w is giving 2.1.1 as a state code indicates either a coaxial cable problem or the out door transmitter has failed.  This will require a truck roll to repair, however, before that, make sure the cable is snug at both ends.

@Catherine108
Just to set a few things straight...

1: The HT2000w it self doesn't have the ability nor offer the option to block ports.

2: A Mac being similar means nothing, it's not spoofed. When someone refers to Mac Spoofing, they are talking about taking another MAC address in it's entirity and using that on another machine on the same network, in order to grab the IP address of another machine to stay hidden.  In most cases, your computer will warn you the moment it detects another machine on the same network with the same IP address.  That is about the ONLY sign of there being a spoofed address on your network.

 

3: Spoofing the address of the HT2000w it self, would do nothing, it wouldn't grant someone access.

4: There IS a hidden network on the HT2000w that appears once in a while, it WILL have a similar MAC address to the HT2000w.  This network appears when the HT2000w is doing a scan for a Hughesnet Wifi Booster, and is used specifically in conjunction with that device.  Yes, this network MAC is 0A:80:AE:XX:XX:XX
35963555_1905401069499454_1628410101222080512_n.png5

 

5: DNS Hijacking is a totally different animal, this tends to occur when you have malware on your own devices, which you must remove.  MalwareBytes tends to be pretty good at doing this.  

Sophomore

Re: Hacked Router

appreciate the knowledgeable reply.

what is the course of action to take when 8 gigs gone when I have not loaded much more than a handful of pages ( text  pages )   

Associate Professor

Re: Hacked Router

Sophomore

Re: Hacked Router

 

 

why does nobody ever ask about logs.. 

Sophomore

Re: Hacked Router

 
Sophomore

Re: Hacked Router

 
Sophomore

Re: Hacked Router

 
Professor

Re: Hacked Router

"why does nobody ever ask about logs..  i know precious little about all the #$%^..,

but when i looked at the logs ..   seems to me there is everything and more to find

plenty of dirt...     in plain english.."

 

Why don't you provide the logs, then?

Distinguished Professor IV

Re: Hacked Router


@JT-Hughes wrote:

ahh,  you mean like when there is a missing byte at the end or something 

of that nature...   if only,   i doubt that would add up to the likes of 6 - 8 gigs in 

4 days..

If retransmission issues were not a possible cause Corrosive wouldn't have suggested it as a possibility.   He's very knowledgeable of the system.  

 


@JT-Hughes wrote: 

why does nobody ever ask about logs..  


If the reps need to view any logs they will do so remotely.  They don't need to ask for them.  


AMD FX-6100 | Samsung 250GB 840 EVO SSD | Western Digital Blue 500GB HDD | 16GB DDR3-1866 | EVGA Geforce GTX 550ti | Windows 10 Pro 64-bit