Menu
What's new
By:
Filters Better Search

Can you tell if my router has been hijacked?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

camarowheels

New Around Here
I was cascading a Linksys router behind my att pace 5268AC router, LAN to WAN, for the long run. Also tried lan to lan but problems arose in wan to lan setup.Please, skip to the partial event logs if you can tell if I've been hijacked or not. The log only goes back to last night as for it was the first time I had problems after my troubleshooting described below. BTW I'm virus free. I use a regular antivirus as well as a one time, "online", Bit Defender virus scan. I'm using Avast Premier this year. Hey. Don't judge me. I've always used free antiviruses and firewalls. Just wanted something different this time. Thanks in advance.

Worked fine for several days but soon after; I kept losing access to the internet. I followed a nice tutorial to get setup. I'm pretty sure I was set up properly. Tutorial address as follows. Joey lodice https://goo.gl/fwfZm. I know he's using a pfsense router but I just applied those steps to my equipment.

Frustrated, I began to go over the logs in the 5268AC and I kept coming across entries with "hijacked" in them. So I disable the cascaded router, disconnected it, reset the 5268ac to factory defaults and went back to just using the att router for wifi. After the factory reset, I was checking the logs throughout the day and didn't see any entry with hijacked.

Three days after I went back to the att router exclusively everything was fine. Last night I lost the internet again but was quickly restored after a simple router reboot and now I'm seeing hijacked entries again. Figuring it may be dns hijacking going on, I manually set the dns addresses for ipv4 to Google 8.8.8.8 and 8.8.4.4 as well as just disabling ipv6 in the router and my win10 computer. Also, have a chromebox and several Android phones.

I've been doing my part, for a while now, and trying to resolve this before asking for help. I'm either just simply not finding what I need or not understanding what I'm seeing. I've never really been good with networking.

Event Log Lists
Type Date/Time Event Description
INF 2017-07-07T10:13:13-05:00 sys Successfully logged into a password protected page
INF 2017-07-07T08:49:19-05:00 sys Node :: is down
INF 2017-07-07T08:44:07-05:00 sys Node 192.168.1.64 is up
INF 2017-07-07T08:11:45-05:00 acs connreq: all done, close connection...
INF 2017-07-07T06:18:13-05:00 sys Node 192.168.1.67 is down
INF 2017-07-07T05:51:55-05:00 sys Node 192.168.1.67 is up
INF 2017-07-07T05:46:23-05:00 acs connreq: all done, close connection...
INF 2017-07-07T04:17:04-05:00 hurl host=0.client-channel.google.com uri=/client-channel/gsid hijacked
INF 2017-07-07T04:17:04-05:00 hurl host=0.client-channel.google.com uri=/client-channel/channel/cbp hijacked
INF 2017-07-07T04:16:53-05:00 hurl err=0 name=PHY_NONE clear
INF 2017-07-07T04:16:41-05:00 hurl err=0 name=PHY_NONE redirect
INF 2017-07-07T04:16:41-05:00 hurl host=0.client-channel.google.com uri=/client-channel/channel/cbp hijacked
INF 2017-07-07T04:16:41-05:00 hurl err=0 name=PHY_NONE redirect
INF 2017-07-07T04:16:41-05:00 hurl host=0.client-channel.google.com uri=/client-channel/gsid hijacked
INF 2017-07-07T04:16:30-05:00 hurl host=0.client-channel.google.com uri=/client-channel/channel/cbp hijacked
INF 2017-07-07T04:16:30-05:00 hurl err=0 name=PHY_NONE redirect
INF 2017-07-07T04:16:20-05:00 hurl err=0 name=PHY_NONE redirect
INF 2017-07-07T04:16:20-05:00 hurl host=0.client-channel.google.com uri=/client-channel/gsid hijacked
INF 2017-07-07T04:16:20-05:00 hurl host=0.client-channel.google.com uri=/client-channel/channel/cbp hijacked
INF 2017-07-07T04:16:20-05:00 hurl err=0 name=PHY_NONE redirect
INF 2017-07-07T04:16:18-05:00 hurl err=0 name=PHY_NONE redirect
INF 2017-07-07T04:16:18-05:00 hurl host=0.client-channel.google.com uri=/client-channel/gsid hijacked
INF 2017-07-07T04:16:18-05:00 hurl host=0.client-channel.google.com uri=/client-channel/channel/bind hijacked
INF 2017-07-07T04:16:18-05:00 hurl err=0 name=PHY_NONE redirect
INF 2017-07-07T04:16:18-05:00 hurl err=0 name=PHY_NONE redirect
INF 2017-07-07T04:16:18-05:00 hurl host=0.client-channel.google.com uri=/client-channel/channel/cbp hijacked
INF 2017-07-07T04:16:06-05:00 hurl err=0 name=PHY_NONE redirect
INF 2017-07-07T04:16:06-05:00 hurl host=0.client-channel.google.com uri=/client-channel/channel/bind hijacked
INF 2017-07-07T04:15:58-05:00 hurl err=0 name=PHY_NONE detect
INF 2017-07-07T04:15:29-05:00 sys dsl0: connection lost, reconnecting...
INF 2017-07-07T02:35:08-05:00 acs connreq: all done, close connection...
INF 2017-07-07T00:14:24-05:00 hurl err=0 name=PHY_NONE clear
INF 2017-07-07T00:14:14-05:00 hurl err=0 name=PHY_NONE redirect
INF 2017-07-07T00:13:01-05:00 sys dsl0: connection lost, reconnecting...
INF 2017-07-06T23:36:19-05:00 acs connreq: all done, close connection...
INF 2017-07-06T23:04:34-05:00 acs bdc started.
INF 2017-07-06T23:04:23-05:00 sys Node 192.168.1.67 is down
INF 2017-07-06T23:04:21-05:00 sys Node 192.168.1.65 is down
INF 2017-07-06T22:59:22-05:00 acs bdc stopped.
INF 2017-07-06T22:05:28-05:00 sys dsl0: connection lost, reconnecting...
INF 2017-07-06T22:03:40-05:00 sys Node 192.168.1.66 is up
INF 2017-07-06T22:03:09-05:00 sys Node 192.168.1.64 is up
INF 2017-07-06T22:03:05-05:00 sys dsl0: connection lost, reconnecting...
 
Don't use cascade router what you need to do with the 5268 is use DMZ plus mode or better just use your router as a Access Point. The NVG599 is better suited for using third party routers as it uses IP Pass through not a true bridge mode but as close as ATT will allow. As far as the Hack errors i have no clue never seen that so far in the 5268 or my current 599 witch i have the firewall disabled letting my 3100 do the work.
 
Depending on the model of Linksys router you are cascading I recommend:

If available under Internet Settings use Bridge Mode and only connecting the WAN port to the upstream network. This is the preferred setup otherwise follow the below instructions for LAN to LAN cascade:

Cascading or Connecting a Linksys router to another router

Things to keep in mind when Cascading a router:
  1. Change the secondary router's IP Address to something like 192.168.1.254 so its on the same network but doesn't conflict with the primary router
  2. Make sure DHCP is disabled on the secondary router
  3. Make sure nothing is ever plugged in the secondary router's Internet port
 
ATT has true bridge mode disabled on all there gateway devices. DMZ plus and IP Pass are the only options with out creating a double nat. Using a router as a AP is also an option but you lose most features.
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
O US lawmakers urge probe of WiFi router maker TP-Link over fears of Chinese cyber attacks General Network Security 14
J CSA rates router security and lifespan General Network Security 5
M How to prevent being hacked again - Router & devices? 😢 General Network Security 24
J Are you thinking about a Totolink router? General Network Security 1
PR3MIUM News Mirai DDoS malware variant expands targets with 13 router exploits [D-Link, TP-Link Archer, Yealink, Zyxel...] General Network Security 10
J Could a router be hacked from WAN end if firmware always up to date, no portwarding, no upnp and wifi disabled. General Network Security 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 820 (members: 19, guests: 801)
Top