Man, Sometimes This Stuff Is Just Weird...

[daverich4]

On 4/29/2019 at 12:47 AM, Paul R said:

Hate to say it bro, but have you got something like Bitdefender's Box2 or Netgear's Armor running on the router? 

If not, you need to look into that. Sounds to me like someone tried to pull an old fashioned DNS poison run on your home network. A couple hundred bucks a year for point defense against stuff like that is really worth it. 

 

I really really get annoyed with those wannabe hacker people. I mean, I understood fending off 20K attacks at day at the office, that even through Level-3 filtering. 

 

But I get 20-30 silly people attempting to get into my network here at home every day. I really like Armor. It is not, of course, my only defense, but so far, nobody has managed to burn through it, at least not successfully. Managed to get the router fouled up enough to have to reboot it. Once. 

 

Oh wait, the was me foolishly challenging some friends who break into systems for a living. And they had a bit of "inside information." 🙄

 

-Paul 

 

 

 

This might be a little off topic but as I assume everyone here uses a router connected to the internet, maybe not. I've run the Netgear Orbi setup for a couple of months and based on your post I took a look at the log for the first time. Last night I apparently had over 30 attacks, most of them DOS attacks. (Why that type I have no idea, it's not like I'm running an online service or anything) Should that be a source of concern? If I need to do something about it do you prefer one of the methods you mentioned over the other? Something else? On another note, I'm under the impression that to get into the router settings as an administrator you need to be on the same network as the router. Is that correct? The password I use for admin access is a combination of letters and numbers that mean something to me (not my birthday or anything you could look up). Do I need to create some super password for my router or would someone have to be at least in my driveway and know the wifi password to get into it?

[daverich4]

1 hour ago, crenca said:

 

The answer to this question is usually/generally "no" given your situation (home network, not running web service, etc.).  

 

 

Yes...unless you have intentionally/accidentally enabled your router's management to be allowed on the public (internet or ISP) facing port.  You can confirm this in the management interface.

 

 

This is always a balance and a pragmatic matter.  You want a fairly "randomized" password with a mix of letters, numbers, and characters  (such as ^ and !), but you have to be able to remember it.  

 

Thanks for the response. As far as I can tell, I haven’t accidentally opened my router to the outside. For sure not on purpose. As far as the password goes, that only applies to keeping out people from the wi-fi network? Like my neighbors? 

[daverich4]

1 hour ago, Paul R said:

Chances are those 30 or so reports are not really a problem. The only way I know of to tell is to look up the IP addresses and see if anything inside your network is accessing them. May be Google or Amazon or some other relatively innocent thing. From there you can make a reasonable judgement of whether you need to find out what they actually are. May be nothing, may be some nusiance malware, or may be a legit program on one of your devices. 

 

This is where home class systems like Orbi (which I also use) are a little limited compared to more robust commercial solutions.

 

If you want to post a few log samples, perhaps in a new topic, We can look em up and perhaps give you a bit if help. 

 

I did notice that at least a third of the attacks came from the same IP address but didn’t really pay a lot of attention to it. I’ll go back and dig a little deeper. Thanks. 

[daverich4]

8 minutes ago, crenca said:

 

There are at least two passwords you should have configured (assuming a standard wifi/router and/or ISP router):  

 

1)  one for end users to be be able to access your wifi broadcast (i.e. obtain an IP address via DHCP)

2)  one for the management interface itself, which you access from the private (i.e. non routable IP address space) network on your side (opposite the web/ISP facing port), usually with a browser.  Many of these routers (most?) also allow you to manage the router itself from the web/ISP port as well, but this is a risk and not usually recommended.  If you have turned this turn it off.

 

edit:  If it is not obvious, don't have these two passwords be the same!

 

I just checked and remote management is turned off which is what I think is what you mean by the web/ISP port. Yes, the two passwords are different. 

[daverich4]

15 hours ago, AudioDoctor said:

 

Jud, you seem a bit paranoid about all this?  Are you hiding state secrets on your computer or communicating with Julian Assange?

 

Who on earth is going to go through all the trouble to circumvent 2FA to get at my computer only to see how boring I am?

 

Maybe to get access to your email? Pretty much anyone will send a reset password link to your email. Your broker, your bank, your?

[daverich4]

7 hours ago, AudioDoctor said:

 

Everything else has 2FA authentication as well as alerts immediately upon an email being sent to reset a password.  Heck, even this website has 2FA enabled.

 

My email consists of fundraising emails from every single politician on the planet, you want them just ask, I'll forward them all to you... 😉

 

I run Mojave on my Mac. Recently I started getting pop ups when using 2FA that you just click on to put the code into the right spot. My computer is password protected but if it’s open, 2FA doesn’t mean anything. I can fix that by turning off text messages on that computer which is too bad because that’s a convenient way to do them.