Hughesnet Community

Network compromised

cancel
Showing results for 
Search instead for 
Did you mean: 
Tired1
New Poster

Network compromised

When I scanned my ipad with norton it said that network is compromised. I hooked up to wifi on my phone through at&t and scan came back good. I reset my ipad to see if that would work and still says network compromised. Called norton and they say it is compromised. Hooked my phone to Hughes net wifi and scan came through good. Totally lost on what to do now!!! HELP please.
12 REPLIES 12
MarkJFine
Professor

Ignore it. It's likely that the software is not interpreting the latency correctly and is coming back with a false positive. You're behind a double-NAT network. The chances it is compromised from the outside is minuscule, unless you launched a fraudulent email payload that infected the router.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.
C0RR0SIVE
Associate Professor

Out of curosity, what exactly does the Norton program say in regards to the "Network Compromised"?  Having more details would be useful.

Says "the man in the middle attack aims to alter a website's content to mislead or defraud users

A man in the middle attack warning is often the result of an issue with a certificate.  Though I have no idea what resource Norton is checking and seeing a certificate issue with.  If you browse to your cable modem, do you get any security warnings?


I think the address is: https://192.168.0.1 (someone please correct me if that is wrong).

 

Yes, it came up saying "this website may be impersonating 192.168.0.1 to steal your personal or financial information.

Yeah when you browse using https (the "s" is the important part) you are saying that you want a secure communication channel and your transmission to that website to be encrypted.  Browsers use certificates which contain encyprtion keys and identity information.  The browser will validate, for example, that https://google.com is really Google and not someone who intercepted your traffic and put up a fake page and is now recording what you type.  If they impersonate a bank website for instance, they could get your banking credentials.

 

But HughesNet doesn't own 192.168.0.1, anyone can use that IP address because that's a private IP address space.  So your browser will warn you that the certificate doesn't match correctly, which is the warning that you saw (it will still give you an option to continue to the site).  I suspect Norton is picking that up as well. When it validates your network, it sees that the gateway you use to connect to the internet has a mismatched certificate and shows you that error.  If Norton gives you an option to "Trust" that network, you can probably select that option so that the warning goes away. 

 

Since it is a security concern though, hopefully one of the Moderators can confirm this behavior or otherwise explain it, but I'm fairly confident that you can ignore it.

Firefox provides a similar warning when there's either no certificate or the domain doesn't match when using secure http, as I'd suspect most browsers would.

 

The correct way to access the System Control Center embedded in the modem is using http (no 's'):
   http://192.168.0.1 or
   http://systemcontroller

 

Edit: That second one is actually incorrect, but it's something like that.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.
maratsade
Distinguished Professor IV

I am not very good with computers. I pulled that up and I am lost on what to do. Getting very disgusted
GabeU
Distinguished Professor IV


@Tired1 wrote:
I am not very good with computers. I pulled that up and I am lost on what to do. Getting very disgusted

Very likely what you're seeing is a false positive.  Norton being protective of a common IP address, but flagging it because of a certificate error.  I believe the problem is that it doesn't have a certificate. It's telling you it's vulnerable, which in this case it isn't, as that page can only be accessed locally, as in someone connected to your network, as in connected to your HughesNet modem by LAN cable or WiFi.


@Tired1 wrote:
I am not very good with computers. I pulled that up and I am lost on what to do. Getting very disgusted

I'm sorry, that's my fault, my previous messages were not very clear.  I wanted to see if you got a security warning when you went to https://192.168.0.1 to confirm my suspicion of what was triggering the Norton warning about your network.  There is nothing for you to do, your network is just fine.  If you can tell Norton to trust that network, I would do that so, you stop getting the warnings from Norton (you will always get a warning from a browser when you go to that page).  If you can't, then I would ignore that warning when you are on your home network.

 

The point of Norton doing that check is really for when you connect to a public network, like going to Starbucks or something.  It vaidates that when you connect, you are actually connected to a truely Starbucks owned network, and not someone nearby impersonating Starbucks so that they can spy on your browsing.

I appreciate it and I hope it's right. I am on it A lot.