Strange network misdirections... was I hacked?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
ddirt
DD-WRT Novice


Joined: 14 May 2013
Posts: 8

PostPosted: Fri May 17, 2013 5:18    Post subject: Strange network misdirections... was I hacked? Reply with quote
Here is my home network setup:
    Router#1 at subnet#1
      Wifi - Windows/Linux laptop
      4 wired LANs: WindowsPC1, WindowsPC2, VOIP Box, DDWRT router (into its WAN port)
    DDWRT Router (subnet#2 with DHCP on) Wifi to/from Macbook upstairs
I spoke with an experienced hacker "friend" about security questions a month ago, and accidentally revealed that I had called him from my VOIP line (is an actual phone#), and he asked what kind of Box I had. I am not sure if what happened a week later is related...
    --VOIP Box and DDWRT were not able to be online. Other computers were surfing fine.
    --Instead of the usual foreign IPs, many U.S. consumer IPs had tried to enter Router#1... Botnet?
    --My Macbook's MAC address was on Router#1's device list. I have NEVER input that Wifi key nor tried connecting. (hasn't occurred again after replacing Router#1)
    --WindowsPC1 asked me to set network as "Home or Public," as if it was on a new network
My ISP claimed network upgrades had caused some area routers to flake out, and they replaced mine. However, 2 days later, the SAME problem happened on the new router... the VOIP connection stopped working. I called my ISP, who remoted in to check Router#1, and during the phone call, the VOIP connection problem suddenly resolved. My ISP either accidentally fixed the connection, scared away a hacker, or knocked off a hack VPN.

I changed passwords offline for the DDWRT and Macbook. Strangest thing: the VOIP Box was on my DDWRT router's LAN list as a connected device (DHCP client)!! Not sure if it was active or old. After rebooting the DDWRT, I haven't seen this again (although granted, anyone can simply push a trashcan button). There have since been Screensharing log errors on my Macbook (sharing should be off!). I have not reflashed DDWRT yet, as I'd like to investigate the murder scene first... how did “cats and dogs mate,” not even just once, but twice?!

Questions:
    --Are the U.S. consumer IPs on firewall evidence of a Botnet?
    --For the 2 abnormal misdirections, did 2 routers have to fail (too much of a coincidence) i.e. suggestive of a hack?
    --Why/how did my Macbook on subnet#2 show up on Router#1's device list?
    --How did the VOIP Box on subnet#1 connect upstream via LAN to WAN of the DDWRT router, which is subnet#2?
    --I’m not using VPN, but it appears that VPN passthrough settings are enabled on DDWRT by default... Is there an exploitable vulnerability, with a default password?
    --Is it possible to hash (checksum) my installed DDWRT binaries, to see if a “backdoor” has been installed? --How do I get to them; can we SSH/root to them?
    --If there was a VPN, would that even show up as a bad hashcheck on the base binaries, or is a VPN simply a configuration?
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum