ddirt DD-WRT Novice
Joined: 14 May 2013 Posts: 8
|
Posted: Fri May 17, 2013 5:18 Post subject: Strange network misdirections... was I hacked? |
|
Here is my home network setup:
Router#1 at subnet#1
Wifi - Windows/Linux laptop
4 wired LANs: WindowsPC1, WindowsPC2, VOIP Box, DDWRT router (into its WAN port) DDWRT Router (subnet#2 with DHCP on) Wifi to/from Macbook upstairs
I spoke with an experienced hacker "friend" about security questions a month ago, and accidentally revealed that I had called him from my VOIP line (is an actual phone#), and he asked what kind of Box I had. I am not sure if what happened a week later is related...
--VOIP Box and DDWRT were not able to be online. Other computers were surfing fine.
--Instead of the usual foreign IPs, many U.S. consumer IPs had tried to enter Router#1... Botnet?
--My Macbook's MAC address was on Router#1's device list. I have NEVER input that Wifi key nor tried connecting. (hasn't occurred again after replacing Router#1)
--WindowsPC1 asked me to set network as "Home or Public," as if it was on a new network
My ISP claimed network upgrades had caused some area routers to flake out, and they replaced mine. However, 2 days later, the SAME problem happened on the new router... the VOIP connection stopped working. I called my ISP, who remoted in to check Router#1, and during the phone call, the VOIP connection problem suddenly resolved. My ISP either accidentally fixed the connection, scared away a hacker, or knocked off a hack VPN.
I changed passwords offline for the DDWRT and Macbook. Strangest thing: the VOIP Box was on my DDWRT router's LAN list as a connected device (DHCP client)!! Not sure if it was active or old. After rebooting the DDWRT, I haven't seen this again (although granted, anyone can simply push a trashcan button). There have since been Screensharing log errors on my Macbook (sharing should be off!). I have not reflashed DDWRT yet, as I'd like to investigate the murder scene first... how did “cats and dogs mate,” not even just once, but twice?!
Questions:
--Are the U.S. consumer IPs on firewall evidence of a Botnet?
--For the 2 abnormal misdirections, did 2 routers have to fail (too much of a coincidence) i.e. suggestive of a hack?
--Why/how did my Macbook on subnet#2 show up on Router#1's device list?
--How did the VOIP Box on subnet#1 connect upstream via LAN to WAN of the DDWRT router, which is subnet#2?
--I’m not using VPN, but it appears that VPN passthrough settings are enabled on DDWRT by default... Is there an exploitable vulnerability, with a default password?
--Is it possible to hash (checksum) my installed DDWRT binaries, to see if a “backdoor” has been installed? --How do I get to them; can we SSH/root to them?
--If there was a VPN, would that even show up as a bad hashcheck on the base binaries, or is a VPN simply a configuration? |
|