Router Issues
Lavarock7:
It's 2am and I wake up to hear the phone say "call from 100". A Sip scanner! I thought I had things configured to block these!
I go to the living room and logon to look at things. That is when I notice the problem. Overnight my router had been completely reset to default. I see in the log numerous scan attempts and IP addresses from the US and Netherlands attempting to do things.
I disconnected from the internet, changed passwords and still found issues. My remote management has always been OFF. I had passwords on all wifi and nobody near me could have broken in that way as I am rural, etc. I think it was UPNP on that allowed them to reset me.
I will be watching closely but I found it useful that the Obi and the sip caller was the way that I found my router had been hacked :-) Seems this happened a day or two AFTER I returned from a week away. I would not have been able to fix this while I was 1/4 way around the world.
Taoman:
It would be helpful to know the make and model of your router.
Lavarock7:
Netgear WNDR3400
Hardware Version WNDR3400
Firmware Version V1.0.0.52_20.0.60
GUI Language Version V1.0.0.50_2.1.17.1
Taoman:
Quote from: Lavarock7 on May 06, 2016, 01:33:00 pm
Netgear WNDR3400
Hardware Version WNDR3400
Firmware Version V1.0.0.52_20.0.60
GUI Language Version V1.0.0.50_2.1.17.1
Yikes! That's the same router I use (except mine says WNDR3400v3) but I'm on Firmware Version V1.0.1.4_1.0.52
Now you really have me interested. So you think someone "reset" your router to factory default? Is that right? And you suspect it was due to UPNP?
Any additional info you could provide or that turns up would be appreciated.
Edit1: Under Advanced Setup>WAN>NAT filtering........ is yours set to Open or Secured?
I remember when I had PhonePower and was having problems the PP tech had me set this to Open. I did this just to appease him as I knew there was no way I was going to leave it that way. I eventually got it working on my own by using a different port number and was able to leave NAT filtering Secured.
Edit2: I checked my logs and all I have are UPNP entries. But they are all from my network printer. The more I think about this the more confused I am about how you think UPNP could be involved? Wouldn't UPNP be strictly on your internal network? How would UPNP work thru the WAN port? Did you see some suspicious UPNP entries in your log? If so, what was the source address?
SteveInWA:
This (configuration reset to factory default) happened to me a couple of years ago on a Linksys router. I just assumed it was a firmware bug or flaky flash memory. It never happened again. Perhaps it's a black-helicopter, "state sponsored" cyber attack...who knows.
Navigation
[0] Message Index
[#] Next page