Rt-Ac86U clients disappearing reappearing?

[OzarkEdge]

Has two threads merged here or something?

Back to me again :/ ... So anyone know why I'm getting millions of hits? I see talk of loops in the network but I've literally got the modem and the router here or the laptop and modem so the loop is before the modem? Thanks!

Yep, your thread has been hijacked... and it will take a wireshark person to decide if you are getting millions of hits.

@Darcy try a different browser and/or reset your router, and start your own topic.

OE

 

[Darcy]

Yep, your thread has been hijacked... and it will take a wireshark person to decide if you are getting millions of hits.

@Darcy try a different browser and/or reset your router, and start your own topic.

OE

Sorry


Sent from my iPhone using Tapatalk

 

[Diamond]

... Well possibly not the correct terminology ... Does look like some kind of loop going on but I'm unsure what could cause it... :/ ... Thx

 

[st3v3n]

Diamond, It could be that the threads have merged somewhat (it happens). Hard to know why you're getting million of hits, but that's what hackers do, that is every customers problem. Everyone is getting hit every day from all over the planet. You'll have to try to find where the addresses come from. If you can't do this on your own, or don't have a knowledgeable friend who can drop by to lay eyes on, it will take more than guesses from the forum. A call to your ISP. support may serve you better and faster instead of feeling frustrated, as they can help you faster. The problem can be quite complicated or as simple as an obnoxious neighbor trying to hack your or other customers services.

Have you performed a whois lookup on the addresses in the photo you posted? Doing that can help narrow down where they originate. The one I could read I checked at https://www.findip-address.com/ The address looks like it's coming from a Virgin residential address/node in GB. If you use a cable modem, the coax from their company would have to run into the modem; the output (CAT/Ethernet) plugs into your laptop from the modem. Wouldn't know how a loop could exist prior to the modem bit perhaps that's a typo.

If you plan on using your router's nameserver, you should consider turning it off while testing, and refrain from using the Asus device apps. Asus unfortunately has had many problems with some of them and they can be a security nightmare time. We don't use the name server or the apps for that reason.

Make sue your router's firewall switch is turned on, and that the DDOS switch is also on. Your wireless encryption should be set to WPA2 or above, and you may want to temporarily shut down all of your wireless capability on your router and turn off or silence your wireless devices while you're testing. The Trend Micro AI options used by the router are a very good way to stop a lot of bad traffic, so it's to your benefit to use Trend Micro suite. TM scans and halts tons of unsafe things and your own router logs will prove it. TM recommends turning your UPnP off; you don't need it for testing, and you can always turn it back on afterwards. Finally , try changing your router's gateway address to 192.168.1.1, then save and then power the router off and reboot it. Test again for the attackers.

Any alternate browser using a fresh window, such as Firefox or Pale Moon works fine. If you can't ID the whereabouts of the high number of inbound scans, a knowledgeable friend who can lay eyes on your setup, can be a good benefit and much easier than guesses given out over the web..

One address I could make out from your photo, seemed to be at https://www.findip-address.com/ and seems to point to a Virgin residential area node. It may be someone that's scanning/hacking locally, or could be unintentional (or worse) You'll likjely need help so you can more quickly resolve this, since you're weren't involved in causing the problem. If your downloading and streaming is legit, call your ISP, they want you to enjoy the service you're paying for, at least they're supposed to care. If the problem is local then they'll have the ability to help and an obligation to take care of you, the good customer. Hope this help, good luck.

 

[Diamond]

Thanks

Diamond, It could be that the threads have merged somewhat (it happens). Hard to know why you're getting million of hits, but that's what hackers do, that is every customers problem. Everyone is getting hit every day from all over the planet. You'll have to try to find where the addresses come from. If you can't do this on your own, or don't have a knowledgeable friend who can drop by to lay eyes on, it will take more than guesses from the forum. A call to your ISP. support may serve you better and faster instead of feeling frustrated, as they can help you faster. The problem can be quite complicated or as simple as an obnoxious neighbor trying to hack your or other customers services.

Have you performed a whois lookup on the addresses in the photo you posted? Doing that can help narrow down where they originate. The one I could read I checked at https://www.findip-address.com/ The address looks like it's coming from a Virgin residential address/node in GB. If you use a cable modem, the coax from their company would have to run into the modem; the output (CAT/Ethernet) plugs into your laptop from the modem. Wouldn't know how a loop could exist prior to the modem bit perhaps that's a typo.

If you plan on using your router's nameserver, you should consider turning it off while testing, and refrain from using the Asus device apps. Asus unfortunately has had many problems with some of them and they can be a security nightmare time. We don't use the name server or the apps for that reason.

Make sue your router's firewall switch is turned on, and that the DDOS switch is also on. Your wireless encryption should be set to WPA2 or above, and you may want to temporarily shut down all of your wireless capability on your router and turn off or silence your wireless devices while you're testing. The Trend Micro AI options used by the router are a very good way to stop a lot of bad traffic, so it's to your benefit to use Trend Micro suite. TM scans and halts tons of unsafe things and your own router logs will prove it. TM recommends turning your UPnP off; you don't need it for testing, and you can always turn it back on afterwards. Finally , try changing your router's gateway address to 192.168.1.1, then save and then power the router off and reboot it. Test again for the attackers.

Any alternate browser using a fresh window, such as Firefox or Pale Moon works fine. If you can't ID the whereabouts of the high number of inbound scans, a knowledgeable friend who can lay eyes on your setup, can be a good benefit and much easier than guesses given out over the web..

One address I could make out from your photo, seemed to be at https://www.findip-address.com/ and seems to point to a Virgin residential area node. It may be someone that's scanning/hacking locally, or could be unintentional (or worse) You'll likjely need help so you can more quickly resolve this, since you're weren't involved in causing the problem. If your downloading and streaming is legit, call your ISP, they want you to enjoy the service you're paying for, at least they're supposed to care. If the problem is local then they'll have the ability to help and an obligation to take care of you, the good customer. Hope this help, good luck.

Yes so had an engineer round from my ISP now and to be honest I got the feeling they had no idea...I started talking about my 15000 ARP hits in seconds and he said not sure what an ARP is. So it kind of stayed that way... He's trained to use certain apps and rules etc. ... Specific stuff not general knowledge of networks I guess .


So he checked the line and no noise etc. That type of stuff then swapped the ISP hub for a new one but so far it looks the same. Yes those ips are 'Virgin' and very similar to my IP and that's my ISP (virgin) . So still stumped...I guess it's something that maybe virgin does but why I have no idea as it basically messes up using it in modem mode.

Now I have found if I leave the ISP hub in router + modem mode and use the Asus router as my main network connected via ethernet from the Asus WAN port to one of the hubs sockets it all looks normal again... No flashing. I guess I could put a metal box around the hub to block it's signals if they clash but it's weird and I can't find anyone who also has this problem.

So i guess yes I just want to know if it's bad or going to mess something up later on or just normal for my ISP and it's just a crap system. I did point out to him that next door has virgin and it's wired up from our outside box which is a bit strange but he said no it's not that :S . And checked the line from the hub to outside ... So still stumped I guess....

 

[st3v3n]

Diamond, I don't know about VIrgin's internet service, and other than Sir Richard's Galactic, Nekker Island, ballooning and myriad ther adventures, he should take better care of his customers. If your neighbor is routed into your inter-connect box outside, we never would've allowed that in a single home. There are are some places that oversell their 'internet' service in larger western cities, by renting the cheapest router imaginable, for $60 per month, and tie it into a box on the roof that ties into a small wifi/mesh type of net that has no security, but there's no competition and they get a couple of Megabits down with very little else. No thanks. In the 90's we spent a summer in an area that had very limited 4 Mb DSL. The days the service was to be on, no one showed. Found the building inter-connect box and someone had hammered the front panel off, with an armload of cables hanging out in the weather. Plugged a phone into some neighbor's port to call the telecom to complain. They said, "if you don't have service you couldn't call us. The telecoms really think the population is filled with idiots who know what their jobs should really be. A couple of spiffy dudes came the next day to stare at the box and I took their photo; then they got busy..Two days later one of them managed to connect our new DSL line to a line that was monitoring an ankle bracelet box for a guy who was on home-arrest, on bail awaiting trial. Must've been serious, as ll manner of feds and marshals were beating our door down at 5 AM, scaring the wife to death because they looked where the ankle bracelet was telling them the would-be crook 'might' be, instead of just going to where he actually was. At least we didn't get shot for opening our door. The telecom sent us a written apology, but only after a senator we'd known for 20 years intervened. It's wild, but much worse happens to others who are too trusting.

That was over 20 years ago. In your current situation, without knowing which chinese company tendered the boxes to your ISP, you'd be hard-pressed to get any sort information, even if a basic user interface existed for it that they'd let you work with. Years ago you buy a Zoom modem/router but the telecoms hated them and there's little enough to invest in now. If you could get the standards for the most basic modem without any wireless capability, the ISP would still need the MAC before they'd e allow you to use their network, and if it died when they pushed an update that failed, you'd need to buy another one. We bought the same DOCSIS 3.0 model the ISP rents for $8-10 per month, that we paid $40 for and so far, 3 years later it's been great. If you need really high-speed, and put the box in another box, it would cook off pretty quickly without a set of fans to pull cool air through it. We have a couple of closed racks with exhaust fans in the top and even with A/C in the room it's plenty warm.

It's doubtful Sir Richard would come around to offer to help you, but a small thank you note to the company fellow who came out might get them to take an upstairs look at what's happening in your node. The government works with all of them though they don't like to talk about it, so they do know what's happening even if they say "huh, never knew about that.". There are so many who shrug and say there's nothing that can be done, because a generation of worldly millennials willingly gave all of their data to FB and the rest of the world. Take heart, think of studying basic networking and firewalls; with a small PfSense box that you can build for almost nothing, you can do a lot more than most ISPs are doing to keep the critters out of your LAN. Hang tough and good luck.

 

[Diamond]

:0 ...... Yes well I guess if this set up works I'll just carry on... Problems could be interfering signals or software I guess... And I suppose the main two things are: is the network safe and does it work and hopefully that's a yes now with the Asus router protection and functionality.

 

[OzarkEdge]

:0 ...... Yes well I guess if this set up works I'll just carry on... Problems could be interfering signals or software I guess... And I suppose the main two things are: is the network safe and does it work and hopefully that's a yes now with the Asus router protection and functionality.

After a new network setup, I like to test the firewall at GRC Shields Up! (Proceed, then ALL Service Ports... results should be all green). This is a reputable site by Steve Gibson. It will at least confirm that your firewall is up and running.

OE

 

[Diamond]

After a new network setup, I like to test the firewall at GRC Shields Up! (Proceed, then ALL Service Ports... results should be all green). This is a reputable site by Steve Gibson. It will at least confirm that your firewall is up and running.

OE

It appears it's pretty locked up/ stealthed thanks for that . Next I'm on to set up my pi VPN so that should finish the job .

 

[OzarkEdge]

Next I'm on to set up my pi VPN so that should finish the job .

Famous last words!

If the router install is new... you might want to live with it for a week before layering on more variables.

OE

 

[Diamond]

Famous last words!

If the router install is new... you might want to live with it for a week before layering on more variables.

OE

Yes don't worry I'm starting the pi offline then online as a PC then finally VPN media centre printer server ... Most things seem to be working now... My problems where a crap system on my ISP and a bug on the interface which is normal so all in all no actual problems in the end :/ . At least none yet :0