Troubleshoot Is my router getting hacked?

RVS2

Level 3
Thread author
Verified
Oct 17, 2016
118
For the past few days, my router keeps rebooting every now and then, throughout the day. I complained to my ISP, who checked/fixed my wires and left. But it started happening again.
Some things I don't know about :
1. I logged into my router. My IPV4 address given is different from my (googled) ip address. IPV6 is kept disabled.
2. The log shows port attack warnings.
I tried finding the router's firmware updates, but couldn't at all. Apparently they're only meant for enterprises/ISPs.
Is it possible my router is hacked?
 
  • Like
Reactions: Nevi and vtqhtr413

ScandinavianFish

Level 7
Verified
Dec 12, 2021
317
There you have your answer, unfortunately its an common trend with ISP-supplied routers, they run firmware that can be years out of date and thus are easy to compromise, I suggest you consider buying an personal router instead.
 
  • Like
Reactions: RVS2
Upvote 0

RVS2

Level 3
Thread author
Verified
Oct 17, 2016
118
Screenshot of warnings I took this morning. Some of these are gone, now when I login, like the ip spoofing attack.

Screenshot.jpg
 
Last edited by a moderator:
Upvote 0

RVS2

Level 3
Thread author
Verified
Oct 17, 2016
118
1. What were the port warnings ? (photo please)
2. Did you change the router password to a strong one ?
3. Firmware exploit is unlikely.
4. Your ISP will probably not help you; security is all on you per their Terms of Service.
5. Sounds like the issued router hardware is going bad; call ISP and tell them you smell smoke - give you a new router.
1. Pic in above post.
2. Changed the pw, to a strong one, but didn't stop the attack warnings nor the router's switching on-off.
 
Upvote 0

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
This looks like notifications of detected activity that was dropped by the firewall. And a few recommendations to change your password etc. If the router logged an event it probably didn’t compromise you. More worrisome are indications of compromise with no warnings. Unwanted outside connections, VPNs setup that you didn’t do, that sort of thing. The dropped SAMBA requests are interesting if you aren’t using SAMBA for anything. Port scans happen all day to everyone, no need to panic, unless you had web access from the WAN enabled. Then you are probably going to get hammered with brute force attacks or some compromise at some point. Just don’t expose anything to the internet that you don’t have to. You may want a personally owned router you have more control over.

Edit: the one thing of interest is the spoofing attack from 192.168.1.1 since that is your router’s address. There is the potential you have a compromised device on your network. If you are really worried about it there are several options for personally owned routers.
 
  • Like
Reactions: RVS2 and Nevi
Upvote 0

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
This site is useful, but I think a bit narrow minded in what routers to use. They don’t actually give many recommendations and the ones they recommend aren’t available in all territories.
I can partially agree because some of those depending on where you live in the world, can be a bit hard to get your hands on, but one also has to read more on what is actually said/recommended as it's not only about the brands/vendors. The recommended security settings and features is for anyone.

In the case of this thread, it's helpful for the OP to check out the specific router settings and try to switch/change if possible.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Yikes! Is the latest update for that Huawei router from 2020? :unsure:
Periodically check for new firmware. At some point you will go a year or two, or more, without any updates. That's when it is time for a new router.
 
Upvote 0

RVS2

Level 3
Thread author
Verified
Oct 17, 2016
118
This looks like notifications of detected activity that was dropped by the firewall. And a few recommendations to change your password etc. If the router logged an event it probably didn’t compromise you. More worrisome are indications of compromise with no warnings. Unwanted outside connections, VPNs setup that you didn’t do, that sort of thing. The dropped SAMBA requests are interesting if you aren’t using SAMBA for anything. Port scans happen all day to everyone, no need to panic, unless you had web access from the WAN enabled. Then you are probably going to get hammered with brute force attacks or some compromise at some point. Just don’t expose anything to the internet that you don’t have to. You may want a personally owned router you have more control over.

Edit: the one thing of interest is the spoofing attack from 192.168.1.1 since that is your router’s address. There is the potential you have a compromised device on your network. If you are really worried about it there are several options for personally owned routers.
I don't use samba, and don't think WAN is enabled. My ISP again sent a technician, who also checked the wires and left. I changed the wifi password for the sake of doing something. It's been stable since (9-10 hours now).
 
Upvote 0

RVS2

Level 3
Thread author
Verified
Oct 17, 2016
118
I can partially agree because some of those depending on where you live in the world, can be a bit hard to get your hands on, but one also has to read more on what is actually said/recommended as it's not only about the brands/vendors. The recommended security settings and features is for anyone.

In the case of this thread, it's helpful for the OP to check out the specific router settings and try to switch/change if possible.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Yikes! Is the latest update for that Huawei router from 2020? :unsure:

Sadly, I tried but couldn't find any firmware downloads. I guess old firmware is the root cause.
 
  • Like
Reactions: upnorth
Upvote 0
F

ForgottenSeer 69673

Oddly enough I had a similar problem a few years ago with a CenturyLink supplied router. My router would reboot every time I tried to watch a movie on Amazon. Tech support was worthless. My nephew worked for CenturyLink and gave me a new router which fixed the problem. He said as weird as it sounded, it was common for the Zytel routers.
 
Upvote 0
F

ForgottenSeer 76546

Can't you send back the router to your ISP, and they send you a new one or repair it if needed ?
 
Upvote 0

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top