Network settings changed

[Joe]

I have a Wireless Router Modem which stays on 24/7. Password protected.
Belkin N. - W7 OS Ult

Today I accessed my emails then browser for about 10minutes then my
internet access stopped working.

Yet another PC XP OS still could access the web. Both these computers
are wired. And testing the Laptop wireless - also worked.

Tracing the cause, cable, swap cable , port, reboot modem, Could access
the modem through the setup IP. So PC to Modem OK.

Went to network settings found that the network had changed to Public
without internet access.

Could not change this back to my LAN settings of Network 2. Tried the
wizard as well for internet access.

Went back to a restore point two days earlier and applied this.

My Network 2 setting was restored and internet access restored.

Can/could someone remote access my PC and change these settings or a virus?

I have now changed the passwords on the modem. Another concern is that
my data download seems high (8Gb)in my offpeak allocation when I rarely
use the PC off peak anyway. (far too much normal data allocation to sit
up all night making downloads.

Any suggestions as to why this happened or hacked etc. or a better
security solution.

thanks

j

 

[GlowingBlueMist]

On 4/6/2010 8:54 PM, Joe wrote:
> I have a Wireless Router Modem which stays on 24/7. Password protected.
> Belkin N. - W7 OS Ult
>
> Today I accessed my emails then browser for about 10minutes then my
> internet access stopped working.
>
> Yet another PC XP OS still could access the web. Both these computers
> are wired. And testing the Laptop wireless - also worked.
>
> Tracing the cause, cable, swap cable , port, reboot modem, Could access
> the modem through the setup IP. So PC to Modem OK.
>
> Went to network settings found that the network had changed to Public
> without internet access.
>
> Could not change this back to my LAN settings of Network 2. Tried the
> wizard as well for internet access.
>
> Went back to a restore point two days earlier and applied this.
>
> My Network 2 setting was restored and internet access restored.
>
> Can/could someone remote access my PC and change these settings or a virus?
>
> I have now changed the passwords on the modem. Another concern is that
> my data download seems high (8Gb)in my offpeak allocation when I rarely
> use the PC off peak anyway. (far too much normal data allocation to sit
> up all night making downloads.
>
> Any suggestions as to why this happened or hacked etc. or a better
> security solution.
>
> thanks
>
> j
>
Couple of things might have happened but anything's possible when it
comes to software based devices.

PC temporarily locked onto another routers signal that had another IP
range configured. Easy if no security is active on the wireless side on
either router. If possible power off your router and then reboot or
power cycle your PC and see if it still finds a network to play with.

One of those mystical updates that like to mess with people's minds
rather than just the PC's software. Suspected when a system restore
fixes things but then the problem returns with in 24 hours. Time to
check the log files looking for an update that was automatically
installed, especially if the PC rebooted while you were away from it.

As for your nightly data load, you may have updates going on, like
anti-virus, Windows, RSS or other information feeds, Other user loaded
software looking for a update or handout...

If your router's log file is on and still has nothing usable you might
want to give the router monitoring software WallWatcher a try.

I don't see your router on the actively supported list but if it can be
configured to send log messages on ports 514 or 162 the program should
be able to handle it. With luck it will work as installed with no
configuration changes needed to the router.

You can get it directly from the author's web site at
http://www.wallwatcher1.com/

It is listed as Shareware but with a present price of $0.00 so you have
nothing to loose but some time giving it a try.

 

[Joe]

On 7/04/2010 8:04 PM, GlowingBlueMist wrote:
> On 4/6/2010 8:54 PM, Joe wrote:
>> I have a Wireless Router Modem which stays on 24/7. Password protected.
>> Belkin N. - W7 OS Ult
>>
>> Today I accessed my emails then browser for about 10minutes then my
>> internet access stopped working.
>>
>> Yet another PC XP OS still could access the web. Both these computers
>> are wired. And testing the Laptop wireless - also worked.
>>
>> Tracing the cause, cable, swap cable , port, reboot modem, Could access
>> the modem through the setup IP. So PC to Modem OK.
>>
>> Went to network settings found that the network had changed to Public
>> without internet access.
>>
>> Could not change this back to my LAN settings of Network 2. Tried the
>> wizard as well for internet access.
>>
>> Went back to a restore point two days earlier and applied this.
>>
>> My Network 2 setting was restored and internet access restored.
>>
>> Can/could someone remote access my PC and change these settings or a
>> virus?
>>
>> I have now changed the passwords on the modem. Another concern is that
>> my data download seems high (8Gb)in my offpeak allocation when I rarely
>> use the PC off peak anyway. (far too much normal data allocation to sit
>> up all night making downloads.
>>
>> Any suggestions as to why this happened or hacked etc. or a better
>> security solution.
>>
>> thanks
>>
>> j
>>
> Couple of things might have happened but anything's possible when it
> comes to software based devices.
>
> PC temporarily locked onto another routers signal that had another IP
> range configured. Easy if no security is active on the wireless side on
> either router. If possible power off your router and then reboot or
> power cycle your PC and see if it still finds a network to play with.
>

My PC is wired



> One of those mystical updates that like to mess with people's minds
> rather than just the PC's software. Suspected when a system restore
> fixes things but then the problem returns with in 24 hours. Time to
> check the log files looking for an update that was automatically
> installed, especially if the PC rebooted while you were away from it.
>

I have actually turned the updates to download and ask before install.
Just in case one of those unwanted 1033's come through again.


> As for your nightly data load, you may have updates going on, like
> anti-virus, Windows, RSS or other information feeds, Other user loaded
> software looking for a update or handout...
>

No my updates are protected and W7 asks before you can install. I have
nothing that big to update.

> If your router's log file is on and still has nothing usable you might
> want to give the router monitoring software WallWatcher a try.
>

Ok Ill have a go at that. Just downloaded the two files so I will do an
install.

> I don't see your router on the actively supported list but if it can be
> configured to send log messages on ports 514 or 162 the program should
> be able to handle it. With luck it will work as installed with no
> configuration changes needed to the router.
>
> You can get it directly from the author's web site at
> http://www.wallwatcher1.com/
>
> It is listed as Shareware but with a present price of $0.00 so you have
> nothing to loose but some time giving it a try.

Thanks for the suggestions

its still got me stumped as to why or how it happened. I use PCtools AV
and Malwarebytes for nasties.

Changed two passwords in the router.

The log from the router the date was incorrect so something happened
or has been happening.

perhaps Ive altered too much and it may not happen again hopefully.

but I will have a look into other logging software if Wall watcher
doesn't work

Thanks again

 

[GlowingBlueMist]

On 4/7/2010 5:52 AM, Joe wrote:
Hi Joe,
The more I think about the problem it sounds more like the modem/router
either lost it's power, overheated, or picked up some interference from
an external signal, like a cell phone or other radio type device.

Wired devices as well as wireless can be affected by RF interference if
the signal is strong enough. Cell phones with in a couple of feet of
other electronic devices have been known to cause random problems.

The fact that the date in the router log file was wrong, but had been
right in the past usually indicates some kind of router reset had taken
place. True someone could have found a way to break in from the WAN
side but if the WAN access was set to disabled that seems unlikely.

I had one remote location where a router would randomly change settings
only to discover that the customer had placed a wireless access point
directly on top of the router in support of remote cash registers.
After having them separate the devices by 3 feet the problems all went away.

Good luck with the problem.

 

[GlowingBlueMist]

On 4/9/2010 5:05 AM, GlowingBlueMist wrote:
> On 4/7/2010 5:52 AM, Joe wrote:
> Hi Joe,
> The more I think about the problem it sounds more like the modem/router
> either lost it's power, overheated, or picked up some interference from
> an external signal, like a cell phone or other radio type device.
>
> Wired devices as well as wireless can be affected by RF interference if
> the signal is strong enough. Cell phones with in a couple of feet of
> other electronic devices have been known to cause random problems.
>
> The fact that the date in the router log file was wrong, but had been
> right in the past usually indicates some kind of router reset had taken
> place. True someone could have found a way to break in from the WAN side
> but if the WAN access was set to disabled that seems unlikely.
>
> I had one remote location where a router would randomly change settings
> only to discover that the customer had placed a wireless access point
> directly on top of the router in support of remote cash registers. After
> having them separate the devices by 3 feet the problems all went away.
>
> Good luck with the problem.

Had one last thought, of the paranoid kind...

Many cable and DSL providers maintain a backdoor access into
modems/routers using SNMP (simple network management protocol) that they
supply as a means of troubleshooting AND upgrading the firmware in the
devices. No amount of password changes by the user can keep them out if
they supplied the firmware in the box left a management level account
hidden in the firmware.

Firmware updates require a reboot, and many times this defaults the
device back to factory settings. True, usually the update is to fix a
bug but lately many have been done just to hinder access by other
providers, like internet phone providers that are not connected with
your ISP, Torrent style protocols, or those used by intensive gamers.

That is one reason I don't usually use a box provided by my ISP on my
personal feed but rather purchase a 3rd party modem/router that does not
have any firmware in it connected to my internet provider. I also
disable SNMP access as it can be used to remotely change things in the
box depending on it's settings. I don't like it when my ISP tries to
remotely configure my box to disable ports or protocals at my end rather
than network wide where they can be more easily caught in the act by
multiple parties. If I need a firmware update I go directly to my box's
support site and download/install it myself.

Any chance you had a printout of the old settings, showing the firmware
release and LAN settings that were in the box prior to your problem that
you can compare with what is in the box after the problems started?

If the box defaulted to the usual DHCP but at a different LAN network
subnet address than you were using a PC might report it as having
switched to a Public network. That is one reason many providers don't
like you to change the default network range on the LAN side. Having it
default to the "factory" subnet rather than remaining what you were
using as the LAN subnet makes it easier to catch them making changes to
the box at your end. Depending on the PC's operating software it might
just go along with the change and automatically request and use the new
LAN IP with out a blink while other software versions or firewalls may
complain like yours did.