Menu
What's new
By:
Filters Better Search

SP-AC2015 - Please read my log. Laptop & network compromised??

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Miss P

New Around Here
Hi an thanx in advance for any help/advice you provide.
Please read my details and log. If you notice or think this is scripting software changing my router let me know, and please advise me what I should do to correct things, prevent it from occurring again, an steps to try an trace this to the person who did it. I did have a ex-house mate that broke into my room a couple times an could have possibly installed spyware.

My original network setup:
  • Arris DG1670A cable modem, originally set with dynamic routable IP (wan), and Lan ip of 192.168.0.1
  • SP-AC2015 asus wireless router. WAN 192.168.0.2 / LAN 192.168.27.1
  • My laptop ip 192.168.27.236 (hard wired [eth1])

Last night I wanted to check cable modem firewall but couldn't reach its LAN ip. Checked settings for Asus router and its WAN is now (somehow changed) a routable outside ip, which i didn't change. I'm guessing cable modem now bridged?
If my guess is correct, then I must reset the cable modem to log back in and see its settings. correct?
I copied the Asus log to a file to avoid it getting overwritten, and good thing i did because its different now. Maybe because I changed the admin password, not quite sure. I used a different computer to change the password.

Log when first checked (Asus router) last night:
  • first 6898 lines display "ntp: start NTP update"
  • Date range for first 6898 lines: Dec 7 to Dec 9, then date changes to Dec 1 and busybox launches
Hopefully someone can let me know whats happening here, and what I should do. And If this is foul play, can I do anything legally, if it can be traced to someone?

Logfile is attached
 

Attachments

  • Logfile.Asus.txt
    276.3 KB · Views: 443
Miss P said:
Hi an thanx in advance for any help/advice you provide.
Please read my details and log. If you notice or think this is scripting software changing my router let me know, and please advise me what I should do to correct things, prevent it from occurring again, an steps to try an trace this to the person who did it. I did have a ex-house mate that broke into my room a couple times an could have possibly installed spyware.

My original network setup:
  • Arris DG1670A cable modem, originally set with dynamic routable IP (wan), and Lan ip of 192.168.0.1
  • SP-AC2015 asus wireless router. WAN 192.168.0.2 / LAN 192.168.27.1
  • My laptop ip 192.168.27.236 (hard wired [eth1])

Last night I wanted to check cable modem firewall but couldn't reach its LAN ip. Checked settings for Asus router and its WAN is now (somehow changed) a routable outside ip, which i didn't change. I'm guessing cable modem now bridged?
If my guess is correct, then I must reset the cable modem to log back in and see its settings. correct?
I copied the Asus log to a file to avoid it getting overwritten, and good thing i did because its different now. Maybe because I changed the admin password, not quite sure. I used a different computer to change the password.

Log when first checked (Asus router) last night:
  • first 6898 lines display "ntp: start NTP update"
  • Date range for first 6898 lines: Dec 7 to Dec 9, then date changes to Dec 1 and busybox launches
Hopefully someone can let me know whats happening here, and what I should do. And If this is foul play, can I do anything legally, if it can be traced to someone?

Logfile is attached
Click to expand...
NTP messages seem to indicate it couldn't find the ntp server, which sets the correct time on the router. You might check your ntp settings to see if they are correct. Mine is pointed to pool.ntp.org.

Sent from my LG-V940n using Tapatalk
 
There doesn't seem to be anything particularly alarming in the log file.

1. Yes your combo modem/router/Wi-Fi does now appear to be in bridge mode. Maybe your ISP pushed out an update?
2. It looks like the Asus router rebooted at 04:45:00 on Sunday 24th September 2017 and then spent the next 9 days failing to get the correct time from NTP.
3. The router was then rebooted at 20:08 on 3rd October and the time was updated successfully.
4. On October 5th at 20:06:59 it looks like somebody pressed the WPS button on the router. Trying to connect to the wireless using a PIN instead of a password?
5. On October 6th between 05:56:54 and 05:56:59 your PC (192.168.27.236) tried and failed to log into the router 80 times! This usually happens when you have changed the router's password but have an automatic password manager on your PC.
6. The cable modem was restarted 5 times on October 24 at about 09:51.

N.B. The SP-AC2015 might be different from the standard Asus configuration, but eth1 is normally the 2.4GHz wifi and eth2 the 5GHz. Wired connections are on br0. If you are connected to the router by Ethernet but have not disabled your laptop's Wi-Fi that would explain all the "received packet with own address as source address" messages as the PC flip-flops between the two connections.
 
Last edited:
You must log in or register to reply here.

Similar threads

H
Need help. Is something trying to hack my network?
Replies
5
Views
1K
Crimliar
Crimliar
C
Wireless network (3 AiMesh nodes, AP mode) drops out every few days, requires hard reboot
Replies
9
Views
804
Sgamat
S
mekki
WAN Reconnect Problems Across ASUS Routers / Firmware Versions
Replies
10
Views
1K
brummygit
brummygit
C
Attempting to design an ASUS Mesh Network purposely using a double NAT? Good or bad idea?
Replies
7
Views
627
Tech9
Tech9
X
RT-AX58U sudden DNS problem - URGENT
Replies
14
Views
649
dave14305
dave14305
Similar threads
Thread starter Title Forum Replies Date
R Asus RT-AC88U, USB attached stick slow read just normal write speed ASUS AC Routers & Adapters (Wi-Fi 5) 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 729 (members: 23, guests: 706)
Top