Was my ASUS RT-N66U attacked/hacked

[jerryk]

Hi,

A day or so ago I got up and discovered that every site I tried to go was directed to my router via 192.168.1.1/admin. That is if I typed in http://Google.com it sent me to 192.168.1.1/admin. I power the router off and when I restored everything appears normal. But, when I look at the router's log I see a weird discontinuity in the log. The log is below, but some background. As far as I can remember and have been told, the router was working properly until late on the night of May 28 or early (earlier than 02:00:00) May 29. I power cycled the unit at around May 29 06:23:00.
But the log has a strange hole and is missing all activity from May 20 until the power cycle. Also the Dec shifts to Dec 31 16:00:00 somewhere in this hole.

Any thoughts on what is going on? Am I being hacked? Is there some malware on the router? I recently installed a new ENGenius EAP900 access point, could that be doing something strange?

Thanks,

Jerry




May 20 21:57:00 dnsmasq-dhcp[308]: DHCPINFORM(br0) 192.168.1.152 bc:5f:f4:e7:70:45
May 20 21:57:00 dnsmasq-dhcp[308]: DHCPACK(br0) 192.168.1.152 bc:5f:f4:e7:70:45 Krysta-PC
May 20 22:07:03 dnsmasq-dhcp[308]: DHCPINFORM(br0) 192.168.1.152 bc:5f:f4:e7:70:45
May 20 22:07:03 dnsmasq-dhcp[308]: DHCPACK(br0) 192.168.1.152 bc:5f:f4:e7:70:45 Krysta-PC
Dec 31 16:00:07 syslogd started: BusyBox v1.17.4
Dec 31 16:00:07 syslog: module ledtrig-usbdev not found in modules.dep
Dec 31 16:00:07 syslog: module leds-usb not found in modules.dep
Dec 31 16:00:07 kernel: klogd started: BusyBox v1.17.4 (2014-02-21 14:34:42 CST)
Dec 31 16:00:07 kernel: start_kernel
Dec 31 16:00:07 kernel: Linux version 2.6.22.19 (root@asus) (gcc version 4.2.3) #1 Fri Feb 21 14:37:25 CST 2014
Dec 31 16:00:07 kernel: CPU revision is: 00019749
Dec 31 16:00:07 kernel: Determined physical RAM map:
Dec 31 16:00:07 kernel: memory: 07fff000 @ 00000000 (usable)
Dec 31 16:00:07 kernel: memory: 08000000 @ 87fff000 (usable)
Dec 31 16:00:07 kernel: Built 1 zonelists. Total pages: 585216
Dec 31 16:00:07 kernel: Kernel command line: root=/dev/mtdblock2 noinitrd console=ttyS0,115200
Dec 31 16:00:07 kernel: Primary instruction cache 32kB, physically tagged, 4-way, linesize 32 bytes.
Dec 31 16:00:07 kernel: Primary data cache 32kB, 4-way, linesize 32 bytes.
.......
Dec 31 16:00:17 rc_service: waitting "stop_ntpc" via udhcpc ...
Dec 31 16:00:19 WAN Connection: WAN was restored.
Dec 31 16:00:29 dhcp client: bound 50.156.25.113 via 50.156.24.1 during 202675 seconds.
May 29 06:23:53 rc_service: ntp 419:notify_rc restart_upnp
May 29 06:23:53 rc_service: ntp 419:notify_rc restart_diskmon
May 29 06:23:53 rc_service: waitting "restart_upnp" via ntp ...
May 29 06:23:53 miniupnpd[418]: received signal 15, good-bye
May 29 06:23:53 syslog: SNet version started
May 29 06:23:53 miniupnpd[428]: HTTP listening on port 41415
May 29 06:23:53 miniupnpd[428]: Listening for NAT-PMP traffic on port 5351
May 29 06:23:54 dnsmasq-dhcp[308]: DHCPINFORM(br0) 192.168.1.152 bc:5f:f4:e7:70:45
May 29 06:23:54 dnsmasq-dhcp[308]: DHCPACK(br0) 192.168.1.152 bc:5f:f4:e7:70:45 Krysta-PC
May 29 06:23:55 disk monitor: be idle
May 29 06:23:58 dnsmasq-dhcp[308]: DHCPDISCOVER(br0) 90:6e:bb:a8:8d:7b

 

[stevech]

A quick read.. My estimate is no hack. Just a "glitch" (software bug in router)

 

[fistv]

I've seen some weird stuff when there is a momentary power failure, like blinking light fast, I've also seen weird when the cable co does a config change in the middle of the night. I also never allow remote management all the time. I've noticed that when the router is on a UPS it is less prone to these glitches.