HughesNet Community

Loss Of Allowance -Was My Router Hacked?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ecoalex2
Tutor
‎10-22-2016 06:35 PM
‎10-22-2016 06:35 PM

Loss Of Allowance -Was My Router Hacked?

With yesterdays hack of DYN , the resulting slowed, or blocked service did I suffer this last week when I lost all my allowance and tokens? Home devices were hacked, routers among them. I didn't set up password protocol in my router, because of my location far from neighbors. Was my router hacked in a prelude to yesterdays attack?
It's the only explanation for my loss of allowance last Friday, and yesterday's Friday attack.
Labels:
0 Kudos
28 REPLIES 28
BirdDog
Assistant Professor
‎10-22-2016 06:58 PM
‎10-22-2016 06:58 PM

Alex, about all I can say for sure is not having a password set on your router is a very bad thing.
Gwalk900
Honorary Alumnus
‎10-22-2016 07:59 PM
‎10-22-2016 07:59 PM

Always change the default username and password to the routers GUI and ALWAYs enable wireless encryption and all wifi frequencies.

This is needed to prevent "drive-by" connections by every device that comes within range.

Someone can visit and have a phone or tablet in their possession and it WILL latch on your open network.

Also disable Guest Accounts, Remote Access and WPS and all router related "cloud" services.


Also, be aware that there is a Linux kernel vulnerability:


US Department of Homeland Security US-CERT


National Cyber Awareness System:


 


Linux Kernel Vulnerability
10/21/2016 12:50 PM EDT

Original release date: October 21, 2016

US-CERT is aware of a Linux kernel vulnerability known as Dirty COW (CVE-2016-5195). Exploitation of this vulnerability may allow an attacker to take control of an affected system.

US-CERT recommends that users and administrators review the Red Hat CVE Database, the Canoical Ubuntu CVE Tracker, and CERT Vulnerability Note VU#243144 for additional details, and refer to their Linux or Unix-based OS vendors for appropriate patches.

This product is provided subject to this Notification and this Privacy & Use policy.





0 Kudos
BirdDog
Assistant Professor
‎10-23-2016 03:57 AM
‎10-23-2016 03:57 AM

I believe no security set up on the router leaves it vulnerable  regardless wireless "drive by" or not. The router firewall can easily be penetrated  by hackers if security is not set up.
0 Kudos
ecoalex2
Tutor
‎10-23-2016 03:58 AM
‎10-23-2016 03:58 AM

As I mentioned, I am far from the road, or neighbors, much farther than the 300 feet limit for this router. I don't think wifi theft/hacking is a problem, however web connected vulnerability is.
The hack was thru the web.
My question was whether I lost my allowance due to web hacking?
0 Kudos
BirdDog
Assistant Professor
‎10-23-2016 04:22 AM
‎10-23-2016 04:22 AM

Still, there are settings on many routers that can make a difference . I have DMZ setting which opens the door. What router do you have? If running a non-secure OS like XP then you are open to anything.

0 Kudos
GabeU
Distinguished Professor IV
‎10-23-2016 10:48 PM
‎10-23-2016 10:48 PM

ecoalex,

Do you have a satellite TV receiver connected to your router, or any other device that controls anything in your home?  It seems that a lot of different devices were used in the DDOS attack on DYN. 


Ryzen 5 3400G | MSI B450M Pro-M2 MAX | 16GB Corsair Vengeance DDR4 3000 | XPG SX8200 Pro 512GB NVMe | Windows 10 Pro
0 Kudos
ecoalex2
Tutor
‎10-23-2016 11:51 PM
‎10-23-2016 11:51 PM

I do have dish tv and run Linux Mint 17 OS. The router is a Linksys 0168.
0 Kudos
GabeU
Distinguished Professor IV
‎10-24-2016 12:04 AM
‎10-24-2016 12:04 AM

It's entirely possible that, if its connected to your router, your Dish TV receiver was used as a part of the DYN DDOS attack.  Again, possible, but that doesn't mean it was for sure.  They were one of the things that was used quite a bit in the attack.  Unfortunately, without having some type of firmware that allows you to view what data each device uses, you may never know if it was, in fact, used. 

They did it through the net, so the fact that your router isn't within range of anybody being able to hack into it wouldn't matter. 

I would take the advice and at least change your router GUI password, even if you can't change the sign in name (some of them are locked in with the name "admin" and can't be changed).  I don't know if that would stop the type of attack that happened, or even if your device was involved, but it's still a good idea to have the router GUI password protected, anyway. 


Ryzen 5 3400G | MSI B450M Pro-M2 MAX | 16GB Corsair Vengeance DDR4 3000 | XPG SX8200 Pro 512GB NVMe | Windows 10 Pro
0 Kudos
maratsade
Distinguished Professor IV
‎10-24-2016 03:28 PM
‎10-24-2016 03:28 PM

"ALWAYS enable wireless encryption and all wifi frequencies.[...] Also disable Guest Accounts, Remote Access and WPS and all router related "cloud" services."

GWalk, do you have instructions or a link to instructions on how to do all this? Thanks!


0 Kudos
Gwalk900
Honorary Alumnus
‎10-24-2016 04:04 PM
‎10-24-2016 04:04 PM

The details will vary with the brand and model of your router but is done by opening the routers internal GUI.
What do you have the routers LAN IP set to?
192.168.1.1 is common.
0 Kudos
maratsade
Distinguished Professor IV
‎10-24-2016 04:08 PM
‎10-24-2016 04:08 PM

I'm embarrassed to say I don't know -- the HN installer set it all up. 192.168.1.1 sounds familiar though, so he may have set it to that.  I don't even remember how to open the router's internal  GUI.  I'll do a bit of digging and see if I can access it. I think it was installed on one of the laptops, so I'll check. Thanks, Gwalk!
0 Kudos
Gwalk900
Honorary Alumnus
‎10-24-2016 04:13 PM
‎10-24-2016 04:13 PM

Just enter that IP into a browsers address bar and see if it takes you to the routers log in screen.
0 Kudos
maratsade
Distinguished Professor IV
‎10-24-2016 04:33 PM
‎10-24-2016 04:33 PM

That worked -- a login dialog comes up, but I don't seem to have a username for it on my installation notes; or rather, the username I have isn't working. Sigh. ETA: figured it out, finally. I'm on the router's main page.
0 Kudos
Chris11
Alum
‎10-24-2016 08:24 PM
‎10-24-2016 08:24 PM

Hi ecoalex, 

I agree with GabeU. I don't think you'd be able to pinpoint whether the data was used through the hack. I know with DDos attacks, whatever computers are used in the bot net would def be using data. However if your computer was a part of that is hard to determine. 

- Chris
0 Kudos
GabeU
Distinguished Professor IV
‎10-25-2016 03:20 AM
‎10-25-2016 03:20 AM

maratsade,

A lot of times, the sign is admin and the password is password.  LOL.  It's kind of ridiculous, but this is how a lot are preset. 


Ryzen 5 3400G | MSI B450M Pro-M2 MAX | 16GB Corsair Vengeance DDR4 3000 | XPG SX8200 Pro 512GB NVMe | Windows 10 Pro
0 Kudos
GabeU
Distinguished Professor IV
‎10-25-2016 03:37 AM
‎10-25-2016 03:37 AM

And, as everyone knows, or should know, be VERY WARY of emailing someone you don't know.  It's NOT a good idea. 

Ryzen 5 3400G | MSI B450M Pro-M2 MAX | 16GB Corsair Vengeance DDR4 3000 | XPG SX8200 Pro 512GB NVMe | Windows 10 Pro
0 Kudos
maratsade
Distinguished Professor IV
‎10-25-2016 03:46 AM
‎10-25-2016 03:46 AM

Agreed, Gabe. And what is "email account bruted forced log in passive traffic identification"?
0 Kudos
maratsade
Distinguished Professor IV
‎10-25-2016 03:47 AM
‎10-25-2016 03:47 AM

Yes, the username used to be admin, and the password was super secure: it was admin too.  LOL.  I had actually changed the whole thing the day of the install (2014, I think) and kept a cryptic note on the router's manual.  I had to think for a while to figure out what the note meant!
0 Kudos
BirdDog
Assistant Professor
‎10-25-2016 04:01 AM
‎10-25-2016 04:01 AM

And, as everyone knows, or should know, be VERY WARY of emailing someone you don't know.  It's NOT a good idea. 
Unless you want a Russian data miner to have your email address. Roberts Cooper.....yea right.

And what is "email account bruted forced log in passive traffic identification"?
Hacking.
0 Kudos
GabeU
Distinguished Professor IV
‎10-25-2016 04:05 AM
‎10-25-2016 04:05 AM

Well, that's next to the flarmingon ram traffic glacktron tigglehopper. 

Ryzen 5 3400G | MSI B450M Pro-M2 MAX | 16GB Corsair Vengeance DDR4 3000 | XPG SX8200 Pro 512GB NVMe | Windows 10 Pro
0 Kudos
Welcome to the HughesNet Community!

The HughesNet Community is here for you
to find answers and ask fellow HughesNet
subscribers for help. This is a great
opportunity to discuss and share your
expertise to enhance your HughesNet
experience and that of fellow subscribers.

Visit the About the Community board for
information on how to get started with using
this resource.