What's new

Hacked- network accessed from WAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

jcbw13196

New Around Here
Greetings!
I am hoping someone on this forum can help me understand what went wrong.
I recently set up a PC at home for my security camera system, the system runs windows 10 and a DVR application. The network is connected to an ASUS-RTAC68U, which is in turn connected to a Comcast modem. Since I want to monitor the cameras remotely, I set up a VPN because I do not want to deal with security issues related to port forwarding. In order to get it to work I had to bridge the Asus and the Comcast modem (I use the DDNS service built inside the ASUS router.)

upload_2018-11-22_2-26-57.png
upload_2018-11-22_2-26-57.png
upload_2018-11-22_2-26-57.png
upload_2018-11-22_2-28-14.png
upload_2018-11-22_2-28-26.png
.

I use OPENVPN on my iphone and it worked great for a few days. I MUST have done something wrong because last night I was no longer able to connect via VPN (while I was away from home)- when I got back home I found out that my VPN settings had changed and the login/passwords were changed. I downloaded the log from the router (see attached).
I replaced the "intruder's" IP address with "RUSSIANIP" and I replaced mine with "MYIP".

Since then I have made the following changes to the ASUS configuration:
1. Disabled SSH
2. Disabled UpnP
Any idea on what happened based on the log? I would like to understand what the hacker did? I have been studying this forum and found it very helpful but I am a newbie & I really need help/guidance. Any help would be greatly appreciated... What can I do to improve the security of my firewall?


upload_2018-11-22_2-26-57.png


upload_2018-11-22_2-27-59.png


upload_2018-11-22_2-28-14.png


upload_2018-11-22_2-28-26.png
 

Attachments

  • Book3 Log.txt
    16.4 KB · Views: 429
Your screenshots are too small to read and you don't say what version of the firmware you are running.

But going by the build dates in your log it looks like you're running a very old firmware version. These old firmwares are known to be hackable, especially if you have turned on the "Enable Web Access from WAN" option on the router.
 
I upgraded to:3.0.0.4.384_32799 the latest, but I didn't write down what version I was running previously and I cannot seem to get it from the log file.

Here are new screenshot- I have made the following changes to the ASUS configuration (not reflected in screen shots below):

1. Disabled SSH

2. Disabled UpnP

3. Disabled all NAT pass through


upload_2018-11-22_9-25-1.png


upload_2018-11-22_9-25-16.png


upload_2018-11-22_9-25-28.png


upload_2018-11-22_9-25-50.png


Enable Firewall: YES
ENABLE DOS Protection: YES
RESPOND ICMP Echo ping : No
Enable ivp6 Firewall: Yes
 

Attachments

  • upload_2018-11-22_8-54-34.png
    upload_2018-11-22_8-54-34.png
    107.8 KB · Views: 401

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top