Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Netgear security breach?

Started by Kristin25 , Oct 16 2013 03:23 PM

  • Please log in to reply

#1
Kristin25
Posted 16 October 2013 - 03:23 PM

Kristin25

    New Member

  • Member
  • Pip
  • 6 posts
Hi please help!
I have a Netgear Genie router.. I believe my password was given to my neighbors by my landlord. I immediately changed the wifi password. Is there any way to view website logs to confirm this? I did not check the attached devices before changing... did not know that option was there until afterwards. I am not sure what to do. I need to know if they have been on my connection or not.

Can anyone tell my why my router logs are just showing dos attacks and logins... but not the websites visted?

Here are a log of the DoS attacks.. can anyone confirm someone else was accessing either my wifi connection or my router config? Sorry if I posted this in the wrong spot. This is my first post. Any help/advice on what to do now would be greatly appreciated. Thanks. If this mac address below has been accessing my wifi or router configs please let me know. My landlord I think is coming into my apt.


[DHCP IP: 192.168.1.3] to MAC address 00:15:af:ef:f3:xx, Wednesday, October 16, 2013 03:25:15

The aboove is listed many times in between all these attacks also...

[DoS Attack: RST Scan] from source: 96.56.219.170, port 22763, Tuesday, October 15, 2013 22:37:18
[DoS Attack: TCP/UDP Chargen] from source: 94.102.63.27, port 60064, Tuesday, October 15, 2013 22:07:11
[DoS Attack: TCP/UDP Chargen] from source: 94.102.49.25, port 34160, Monday, October 14, 2013 18:39:25
[DoS Attack: TCP/UDP Chargen] from source: 89.248.171.103, port 36830, Monday, October 14, 2013 17:01:42
[DoS Attack: TCP/UDP Chargen] from source: 142.0.41.10, port 35961, Monday, October 14, 2013 14:40:19
[DoS Attack: TCP/UDP Chargen] from source: 93.174.93.178, port 43350, Monday, October 14, 2013 08:58:08
[DoS Attack: WinNuke Attack] from source: 125.210.224.141, port 0, Sunday, October 13, 2013 22:46:06
[DoS Attack: TCP/UDP Chargen] from source: 93.174.93.178, port 39896, Sunday, October 13, 2013 15:47:10
[DoS Attack: TCP/UDP Chargen] from source: 89.248.171.103, port 34880, Sunday, October 13, 2013 14:20:48
[DoS Attack: TCP/UDP Chargen] from source: 142.0.41.10, port 49817, Sunday, October 13, 2013 14:07:57
[DoS Attack: ACK Scan] from source: 89.39.13.106, port 8085, Sunday, October 13, 2013 12:17:16
[DoS Attack: ACK Scan] from source: 89.39.13.106, port 8085, Sunday, October 13, 2013 11:51:15
[DoS Attack: ACK Scan] from source: 89.39.13.106, port 8085, Sunday, October 13, 2013 08:04:22
[DoS Attack: TCP/UDP Chargen] from source: 94.102.51.117, port 50863, Sunday, October 13, 2013 07:58:24
[DoS Attack: ACK Scan] from source: 89.39.13.106, port 8085, Sunday, October 13, 2013 03:48:31
[DoS Attack: ACK Scan] from source: 89.39.13.106, port 8085, Sunday, October 13, 2013 01:25:20
[DoS Attack: TCP/UDP Chargen] from source: 192.3.170.134, port 45447, Sunday, October 13, 2013 01:17:38
[DoS Attack: ACK Scan] from source: 89.39.13.106, port 8085, Sunday, October 13, 2013 00:15:41
[DoS Attack: TCP/UDP Chargen] from source: 80.82.65.186, port 39227, Saturday, October 12, 2013 23:42:16
[DoS Attack: ACK Scan] from source: 89.39.13.106, port 8085, Saturday, October 12, 2013 23:08:03

Edited by Kristin25, 16 October 2013 - 03:38 PM.

  • 0

Advertisements

#2
RKinner
Posted 17 October 2013 - 05:20 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You can ignore the attacks. They are always there. The Internet is a dangerous place. Better to look at the Network Map and see if there are any users on there you do not recognize. On a Windows PC you can open a command prompt and do arp -a and it will list all of the users on the network.
You will get a cryptic output like this:


C:\Windows\system32>arp -a

Interface: 192.168.11.44 --- 0xe
Internet Address Physical Address Type
192.168.11.1 00-18-3a-12-88-50 dynamic
192.168.11.37 80-1f-02-bc-1d-37 dynamic
192.168.11.46 00-1e-58-97-ae-8f dynamic
192.168.11.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static

You can ignore the static entries. The first one is my router. My PC is the next one and the third one is an XP I have for test purposes. So I can account for all of the dynamic entries.



When you changed your Wifi password (hopefully you are using WPA2 as WEP can be easily be broken) did you also change the router's password? If you don't then anyone who has access to the router can plug in a laptop and find out what the wireless password is. (There is usually a button on the back called Reset that if you press it for 10 second will reset it to the default password so if you log on one day and the password has been reset to password then your landlord or someone has been there.)

Netgear Genie is just a program to control your router. What is the exact part number of the router? Usually if you point a browser at your router you will have more options and better logs than you get through Netgear Genie. Usually it is possible to lock the router so it will not accept any new connections. Then it will only allow PC's with MACs that it already knows.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP