I was fiddling with my router’s UPnP settings and found this
Why is an external IP address showing here?
I also did a reverse IP search and to my surprise the IP 18.104.22.168 showed "UK Ministry of Defence". I am not in the UK military or on a military base.
Something fishy going on? I have already disabled Upnp.
I’ve conducted a scan of my network and I’ve noticed a worrying amount of ports and services now running on my router.
I have a Virgin Media Superhub2. Below are the ports and services that are open. I cannot find information on the internet.
Can anyone shed some light as to what has possessed my router? Some of the services are things I’ve never seen before!
While reading articles regarding improving WiFi security, I saw quite a few of them recommend starting Guest WiFi networks.
For instance, see point 4 in the following article:
One of the commonly cited benefits is that enabling Guest WiFi limits the number of people having access to your regular network. The idea being, only the members of the household will use the regular network and the guests will be isolated to the guest network.
Are there any downsides to this approach? Are there any overlaps between the Guest network and the regular network that an ordinary user should be aware of?
My concern stems from my general lack of education on this matter. To me it seems like creating two doors to the same house. Now I have to worry about securing an additional door, and I haven’t properly understood the benefit of having added an extra door.
My router/access-point Zyxel nwa1123-ac pro stores passwords internally with a custom hashing algorithm. This is the resulting hash for the password “admin”:
$ 4$ fmNgdX1E$ mjanLAViUqqFtmlNhOl2lfQMpOE7LOeV3uk72A5zp+h8H2rsxFGz/DBA9Bz2BO2gOzqnDuvLNx/xzbDMqTSu3HVY9gvkgefDDHQ4gFur6YQ
I couldn’t find any similarities with existing hashing algorithms. There has been some precedent with Zyxel and not so secure password storage: ns3-zyxel
Recently, I was being redirected (occasionally, not every time) by “ilkmawgod.site” (no information on google) to malicious webpages. I scanned my every thing using quick heal, but it didn’t find anything. I noticed this was happening with all the devices at home connected to the home router. Further, when I used mobile data there was no redirect. I figured out that my router must be infected. I factory-reset my router, but now I am being redirected by “netpatas.com” (a redirecting virus according to google) to malicious ads (on all devices connected to the home router, occasionally). What should I do? Is there something that I missed while factory-resetting my router? Can I clean this thing off my router or I have to buy a new one?
I would like to combine my router’s default VPN with another one I run on my laptop.
- Here is what I currently have :
- Here is what I would like to have :
Both router (DD-WRT) and laptop use OpenVPN to connect to their servers, and both connections are working. However, when I use both VPN, I get a “smaller” traceroute whereas I should have (at least) 1 more hop. For example, here is the traceroute with the router VPN only (fake IP addresses used here) :
$ traceroute 22.214.171.124 traceroute to 126.96.36.199 (188.8.131.52), 30 hops max, 60 byte packets 1 _gateway (192.168.2.1) 0.523 ms 0.482 ms 0.501 ms 2 184.108.40.206 (220.127.116.11) 29.994 ms 30.725 ms 30.475 ms 3 * * * 4 some_domain_1.com (18.104.22.168) 51.344 ms 51.593 ms 51.812 ms 5 some_domain_2.com (22.214.171.124) 349.981 ms 350.202 ms 350.185 ms 6 126.96.36.199 (188.8.131.52) 52.028 ms 184.108.40.206 (220.127.116.11) 52.280 ms 52.195 ms 7 some_domain_3.com (18.104.22.168) 58.685 ms 22.214.171.124 (126.96.36.199) 67.073 ms 67.290 ms 8 188.8.131.52 (184.108.40.206) 57.032 ms 67.212 ms 67.204 ms 9 220.127.116.11 (18.104.22.168) 68.787 ms some_domain_4.com (22.214.171.124) 59.666 ms some_domain_5.com (126.96.36.199) 69.316 ms 10 188.8.131.52 (184.108.40.206) 67.338 ms 220.127.116.11 (18.104.22.168) 58.179 ms 22.214.171.124 (126.96.36.199) 69.634 ms 11 188.8.131.52 (184.108.40.206) 59.104 ms 220.127.116.11 (18.104.22.168) 68.459 ms dns.google (22.214.171.124) 58.002 ms
And here is the same traceroute, but with the laptop VPN enabled :
$ traceroute 126.96.36.199 traceroute to 188.8.131.52 (184.108.40.206), 30 hops max, 60 byte packets 1 10.7.2.1 (10.7.2.1) 62.594 ms 74.503 ms 74.524 ms 2 220.127.116.11 (18.104.22.168) 74.552 ms 74.547 ms 74.544 ms 3 22.214.171.124 (126.96.36.199) 1152.730 ms 1164.535 ms 1164.447 ms 4 188.8.131.52 (184.108.40.206) 74.465 ms some_domain_6.com (220.127.116.11) 74.468 ms 18.104.22.168 (22.214.171.124) 74.453 ms 5 some_domain_7.com (126.96.36.199) 74.449 ms some_domain_8.com (188.8.131.52) 74.434 ms 74.429 ms 6 google.equinix-ix.fr (184.108.40.206) 121.687 ms 220.127.116.11 (18.104.22.168) 72.067 ms google.equinix-ix.fr (22.214.171.124) 68.295 ms 7 126.96.36.199 (188.8.131.52) 118.111 ms 173.570 ms 184.108.40.206 (220.127.116.11) 173.570 ms 8 18.104.22.168 (22.214.171.124) 173.573 ms dns.google (126.96.36.199) 173.554 ms 188.8.131.52 (184.108.40.206) 173.542 ms
My Question are :
- Can I tell that both VPNs are used by using those traceroute info ?
- If both VPNs are used, shouldn’t I get more hops used in the 2nd traceroute ?
- Is there a more reliable way to test if both VPN are used ?
- (Edit) Are the “VPN passthrough” settings in my DD-WRT router involved in my questions ?
Is it possible to automatically reconfigure a router when the router is reset?
My 13-year old son is resetting the router to bypass time controls (set to go off at midnight). I can configure the router to block access midnight to 5am when he should be asleep, but resetting the router bypasses this. The router can save a backup file (config.bin) and restore settings from the file, but this requires 1) being awake, 2) being aware in real time of when the router is reset 3) logging into the router and 4) restoring the settings.
Is there a way I can reasonably have a connected device (ideally my android phone or something in the router itself) log into the router and restore the settings when the router is reset? My computer isn’t generally on full time.
The router is a tplink router that has a web-based settings panel.
I’m technically literate, but by no means an expert.
To address the comments that are likely to arise about this being a parenting/ communication problem, I fully admit and accept this criticism, but he is 13 and constantly staying up until 2-4am is causing problems and he isn’t responding to discussions and other consequences. Thanks
After scanning my local network with
nmap, this host shows up listed as a
nmap result but it is the only host that shows on
nmap that is not listed as a client on my router list of connected devices.
❯ nmap 192.168.0.xxx -A Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-21 14:33 -03 Nmap scan report for 192.168.0.xxx Host is up (0.0056s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 6666/tcp open upnp MiniUPnP 1.6 (Linksys/Belkin WiFi range extender; SDK 220.127.116.11; UPnP 1.0; MTK 2.001) |_irc-info: Unable to open connection 8888/tcp open upnp MiniUPnP 1.6 (Linksys/Belkin WiFi range extender; SDK 18.104.22.168; UPnP 1.0; MTK 2.001) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 37.47 seconds
What exactly about this host might be causing it to show on
nmap in my local network if its not connected to my router?
I have a (maybe dumb) question for you. I was wondering if there is a way to know if my router has been hacked.
I secured it the best that I can and also made it so only the mac addresses of the devices that I know can access my WiFi.
I turned off uspn, WPS, and remote access to the router settings even though I noticed that the page won’t load anymore on the device I used to set it up but it loads on my phone.
While days ago it would not load on my phone but it would on other devices but I keep seeing accesses to my social medias by devices that seem to be mine but I nor everyone else in my family used lately.
I’m afraid someone hacked my router and is using my devices remotely. How can I be sure? Would calling my ISP help? My router is from my ISP.
I’m extending my network coverage to the basement and I took the dust off my old router and am now converting it to a network switch. Wireless will probably be turned off so that it only support wired LAN connections.
Following tutorials online, I did not change anything on my main router. I played around with a few settings on the second router: turned DHCP server off and changed the IP to something different than my main router. Now because the information is not very clear when reading different tutorials, I am confused as to what to do with certain settings.
On my second router should:
- NAT be disabled?
- firewalls be disabled? Firewall options on the router are IPv6 SPI Firewall Protection, IPv4 SPI Firewall Protection, Filter Anonymous Internet Requests, Filter Multicast, Filter Internet NAT Redirection for IPv4 Internet Only, IPSec Passthrough, PPTP Passthrough, L2TP Passthrough.
Correct me if I’m wrong but it makes sense for me to disable all of those options because the main router handles all the security features already. As a note, my main router is the Asus RT-AC68U and my secondary router is the Linksys E2500. Might not be very important but I should also mention that I’m using my second router as a wireless access point at the moment but that’s only because I am still waiting for ethernet cables to ship. I will probably turn wireless off to improve performance through LAN once I get the cables.