Solved Router Got hacked !!!

[ranget]

yes my router got hacked a while ago i posted in other forums about ports being opened

now no ports are open but comodo is reporting inbound attacks

what shall i do Now ?

Restting / Refirming did nothing

Edit :
https://forums.comodo.com/firewall-help-cis/comodo-blocked-an-incoming-ip-currently-under-attack-t85455.0.html

 

[McLovin]

What ports have been opened?

 

[ranget]

http 80 / ident 113

i think the malware / RAT / attacker / what ever is using a Reverse Shell now

 

[Deleted member 178]

what you means by "inbound attacks" ?

 

[McLovin]

http 80 / ident 113

i think the malware / RAT / attacker / what ever is using a Reverse Shell now

With the http 80 you need that to access the internet. As for the ident that will need to be closed because that is a remote access port, as far as I know.

 

[ranget]

well those port was opened in the past
i did the impossible to close them but with no use
after a while they were closed and stealthed by them self
i thought that was a bug or something from ISP
it appear it wasn't

Now comodo is Blocking inbound Traffic to my computer which is a pretty good fail
also i'm noticing a slow internet from time to time
also some weird traffic on the router even if i set comodo to block all

 

[McLovin]

well those port was opened in the past
i did the impossible to close them but with no use
after a while they were closed and stealthed by them self
i thought that was a bug or something from ISP
it appear it wasn't

Now comodo is Blocking inbound Traffic to my computer which is a pretty good fail
also i'm noticing a slow internet from time to time
also some weird traffic on the router even if i set comodo to block all

Well if your has been hacked or not what you will have to do is change the password for the default admin on the router.

 

[ranget]

i did that about a year ago also changed it again a week ago

 

[McLovin]

i did that about a year ago also changed it again a week ago

Do it again, and this time make it a even harder password, and don't forget to write the password down somewhere.

 

[ranget]

Well i always max it up

anyway this attack on my computer reminded me
of a user signature over WS forum
" Sitting in a bunker, here behind my wall, waiting for the worms to come. "

 

[ranget]

the problem is what if it was a RS ? Reverse shell will call out

 

[pcjunklist]

from what your saying it doesn't sound like anything was hacked. Have you gone through your system logs and your router logs? I think your having an issue with comodo, copy your settings and serial and re-install comodo.

 

[Deleted member 178]

I don't think hackers will spend time and resources to hack your router and system, you are not a "valuable" target

 

[pcjunklist]

There are always neighbors who have a curious kid

I don't think hackers will spend time and resources to hack your router and system, you are not a "valuable" target

 

[ranget]

@pcjunklist
Hope it's nothing or it's a bug in Comodo which mean Less time working on Fixing this
but i should investigate further
after all my Local Ip changed to .1.3 instead of .1.2 ??? he hacked through DHCP or something ??

@umbrapolaris
To be honest i completely agree i'm maybe one of the least Valuable target on the net
but what should i do it seem there are some hacker that Likes my choices of free Pron xD

Edit: BTW there is no Wireless on the router

 

[pcjunklist]

a change on dhcp means nothing, did you add another device that connects through wifi, like a phone or gaming box?

@pcjunklist
Hope it's nothing or it's a bug in Comodo which mean Less time working on Fixing this
but i should investigate further
after all my Local Ip changed to .1.3 instead of .1.2 ??? he hacked through DHCP or something ??

@umbrapolaris
To be honest i completely agree i'm maybe one of the least Valuable target on the net
but what should i do it seem there are some hacker that Likes my choices of free Pron xD

Edit: BTW there is no Wireless on the router

 

[ranget]

Nope i will spill my very Old un interesting setup
nothing else just a router and a computer

------modem/router-------Computer

 

[pcjunklist]

Well you need to log into your router. It will list what is connected, and usually list a mac address. Also while your in there take a look at the logs.
Most new routers allow you to do mac filtering as well if you really want to lock down what can connect in.

Nope i will spill my very Old un interesting setup
nothing else just a router and a computer

------modem/router-------Computer

 

[loveboy_lion]

I guess there was a same situation as yours in 2008 mentioned here

 

[loveboy_lion]

If someone has access t your router or your router is forwarding your traffic then the first thing you need to do is Try these steps

After Installation of your modem, ask the engineer about your modem user id and password.
90% of ADSL Modem using http://192.168.1.1 for their own console, so logon to that console and change your modem console password immediately.
If you are using your modem to connect internet for only one system, it's recommended to configure modem as BRIDGE type, coz, here you have to dial from your own desktop, so, it's not required to save your broadband user id and password in your modem.
In some router, you can restrict console access, if it is supported by your router, and then enable it for Private Network only.
You Can also set comodo to highest available settings in firewall


EDIT :- Can I know The model no and firmware of your router ?

Thanks