External IP address in router UPnP settings Whatsapp – UK Ministry of Defence IP Address?

I was fiddling with my router’s UPnP settings and found this

enter image description here

Why is an external IP address showing here?

I also did a reverse IP search and to my surprise the IP 25.54.27.39 showed "UK Ministry of Defence". I am not in the UK military or on a military base.

Something fishy going on? I have already disabled Upnp.

Sudden large amounts of ports and services on my router [closed]

I’ve conducted a scan of my network and I’ve noticed a worrying amount of ports and services now running on my router.

I have a Virgin Media Superhub2. Below are the ports and services that are open. I cannot find information on the internet.

enter image description here

Can anyone shed some light as to what has possessed my router? Some of the services are things I’ve never seen before!

Zyxel router custom hash algorithm [duplicate]

My router/access-point Zyxel nwa1123-ac pro stores passwords internally with a custom hashing algorithm. This is the resulting hash for the password “admin”:

$ 4$ fmNgdX1E$ mjanLAViUqqFtmlNhOl2lfQMpOE7LOeV3uk72A5zp+h8H2rsxFGz/DBA9Bz2BO2gOzqnDuvLNx/xzbDMqTSu3HVY9gvkgefDDHQ4gFur6YQ

I couldn’t find any similarities with existing hashing algorithms. There has been some precedent with Zyxel and not so secure password storage: ns3-zyxel

Router infected; Factory reset not working

Recently, I was being redirected (occasionally, not every time) by “ilkmawgod.site” (no information on google) to malicious webpages. I scanned my every thing using quick heal, but it didn’t find anything. I noticed this was happening with all the devices at home connected to the home router. Further, when I used mobile data there was no redirect. I figured out that my router must be infected. I factory-reset my router, but now I am being redirected by “netpatas.com” (a redirecting virus according to google) to malicious ads (on all devices connected to the home router, occasionally). What should I do? Is there something that I missed while factory-resetting my router? Can I clean this thing off my router or I have to buy a new one?

Combine router VPN with Client VPN

I would like to combine my router’s default VPN with another one I run on my laptop.

  • Here is what I currently have :

Current configuration

  • Here is what I would like to have :

Targeted configuration

Both router (DD-WRT) and laptop use OpenVPN to connect to their servers, and both connections are working. However, when I use both VPN, I get a “smaller” traceroute whereas I should have (at least) 1 more hop. For example, here is the traceroute with the router VPN only (fake IP addresses used here) :

$   traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets  1  _gateway (192.168.2.1)  0.523 ms  0.482 ms  0.501 ms  2  1.2.3.4 (1.2.3.4)  29.994 ms  30.725 ms  30.475 ms  3  * * *  4  some_domain_1.com (5.6.7.8)  51.344 ms  51.593 ms  51.812 ms  5  some_domain_2.com (9.10.11.12)  349.981 ms  350.202 ms  350.185 ms  6  13.14.15.16 (13.14.15.16)  52.028 ms 17.18.19.20 (17.18.19.20)  52.280 ms  52.195 ms  7  some_domain_3.com (21.22.23.24)  58.685 ms 25.26.27.28 (25.26.27.28)  67.073 ms  67.290 ms  8  29.30.31.32 (29.30.31.32)  57.032 ms  67.212 ms  67.204 ms  9  33.34.35.36 (33.34.35.36)  68.787 ms some_domain_4.com (37.38.39.40)  59.666 ms some_domain_5.com (41.42.43.44)  69.316 ms 10  108.170.251.129 (108.170.251.129)  67.338 ms 108.170.252.1 (108.170.252.1)  58.179 ms 108.170.252.65 (108.170.252.65)  69.634 ms 11  72.14.232.33 (72.14.232.33)  59.104 ms 209.85.251.239 (209.85.251.239)  68.459 ms dns.google (8.8.8.8)  58.002 ms 

And here is the same traceroute, but with the laptop VPN enabled :

$   traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets  1  10.7.2.1 (10.7.2.1)  62.594 ms  74.503 ms  74.524 ms  2  45.46.47.48 (45.46.47.48)  74.552 ms  74.547 ms  74.544 ms  3  49.50.51.52 (49.50.51.52)  1152.730 ms  1164.535 ms  1164.447 ms  4  53.54.55.56 (53.54.55.56)  74.465 ms some_domain_6.com (57.58.59.60)  74.468 ms 61.62.63.64 (61.62.63.64)  74.453 ms  5  some_domain_7.com (65.66.67.68)  74.449 ms some_domain_8.com (69.70.71.72)  74.434 ms  74.429 ms  6  google.equinix-ix.fr (195.42.145.65)  121.687 ms 108.170.244.225 (108.170.244.225)  72.067 ms google.equinix-ix.fr (195.42.145.65)  68.295 ms  7  108.170.244.161 (108.170.244.161)  118.111 ms  173.570 ms 108.170.244.193 (108.170.244.193)  173.570 ms  8  66.249.94.133 (66.249.94.133)  173.573 ms dns.google (8.8.8.8)  173.554 ms 108.170.235.37 (108.170.235.37)  173.542 ms 
  • My Question are :

    1. Can I tell that both VPNs are used by using those traceroute info ?
    2. If both VPNs are used, shouldn’t I get more hops used in the 2nd traceroute ?
    3. Is there a more reliable way to test if both VPN are used ?
    4. (Edit) Are the “VPN passthrough” settings in my DD-WRT router involved in my questions ?

Automatically reconfigure router when it is reset

Is it possible to automatically reconfigure a router when the router is reset?

My 13-year old son is resetting the router to bypass time controls (set to go off at midnight). I can configure the router to block access midnight to 5am when he should be asleep, but resetting the router bypasses this. The router can save a backup file (config.bin) and restore settings from the file, but this requires 1) being awake, 2) being aware in real time of when the router is reset 3) logging into the router and 4) restoring the settings.

Is there a way I can reasonably have a connected device (ideally my android phone or something in the router itself) log into the router and restore the settings when the router is reset? My computer isn’t generally on full time.

The router is a tplink router that has a web-based settings panel.
I’m technically literate, but by no means an expert.

To address the comments that are likely to arise about this being a parenting/ communication problem, I fully admit and accept this criticism, but he is 13 and constantly staying up until 2-4am is causing problems and he isn’t responding to discussions and other consequences. Thanks

Host not connected to my router shows up in a nmap scan

After scanning my local network with nmap, this host shows up listed as a nmap result but it is the only host that shows on nmap that is not listed as a client on my router list of connected devices.

❯ nmap 192.168.0.xxx -A                                                                                                                                                                  Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-21 14:33 -03 Nmap scan report for 192.168.0.xxx Host is up (0.0056s latency). Not shown: 998 closed ports PORT     STATE SERVICE VERSION 6666/tcp open  upnp    MiniUPnP 1.6 (Linksys/Belkin WiFi range extender; SDK 4.1.2.0; UPnP 1.0; MTK 2.001) |_irc-info: Unable to open connection 8888/tcp open  upnp    MiniUPnP 1.6 (Linksys/Belkin WiFi range extender; SDK 4.1.2.0; UPnP 1.0; MTK 2.001)  Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 37.47 seconds 

What exactly about this host might be causing it to show on nmap in my local network if its not connected to my router?

How to know if my router has been hacked?

I have a (maybe dumb) question for you. I was wondering if there is a way to know if my router has been hacked.

I secured it the best that I can and also made it so only the mac addresses of the devices that I know can access my WiFi.

I turned off uspn, WPS, and remote access to the router settings even though I noticed that the page won’t load anymore on the device I used to set it up but it loads on my phone.

While days ago it would not load on my phone but it would on other devices but I keep seeing accesses to my social medias by devices that seem to be mine but I nor everyone else in my family used lately.

I’m afraid someone hacked my router and is using my devices remotely. How can I be sure? Would calling my ISP help? My router is from my ISP.

What to disable on my second router as switch?

I’m extending my network coverage to the basement and I took the dust off my old router and am now converting it to a network switch. Wireless will probably be turned off so that it only support wired LAN connections.

Following tutorials online, I did not change anything on my main router. I played around with a few settings on the second router: turned DHCP server off and changed the IP to something different than my main router. Now because the information is not very clear when reading different tutorials, I am confused as to what to do with certain settings.

On my second router should:

  • NAT be disabled?
  • firewalls be disabled? Firewall options on the router are IPv6 SPI Firewall Protection, IPv4 SPI Firewall Protection, Filter Anonymous Internet Requests, Filter Multicast, Filter Internet NAT Redirection for IPv4 Internet Only, IPSec Passthrough, PPTP Passthrough, L2TP Passthrough.

Correct me if I’m wrong but it makes sense for me to disable all of those options because the main router handles all the security features already. As a note, my main router is the Asus RT-AC68U and my secondary router is the Linksys E2500. Might not be very important but I should also mention that I’m using my second router as a wireless access point at the moment but that’s only because I am still waiting for ethernet cables to ship. I will probably turn wireless off to improve performance through LAN once I get the cables.