Jump to content

Recommended Posts

Posted

Hi, I appreciate the "Connected Home Monitor" feature on the ESET product. But after having a hacking or router warning of a double router on the system I checked the Home Monitor and found what looks like an additional router with a dissimilar IP address but with a mac address the exact same as my main router. Is this a hacking attempt? I suspect my downstairs neighbor has hacked into my AT&T wired line and inserted a router to monitor traffic. Any help is appreciated. thx.

arrisintrusion1.png

Arrisintrusionfull.png

  • Administrators
Posted

Please continue as follows:
- enable advanced network protection logging in the adv. setup -> tools -> diagnostics
- click Scan your network
- after the scan has completed, disable logging
- gather logs with ELC and provide the generated archive.

Posted

Appears to me Eset created a duplicate network connection for your router. It happens on occasion.

Open Eset GUI and then "Setup." Click on "Network Protection" and then "Firewall." Then proceed as shown in the below screenshot:

Eset_Known_Networks.thumb.png.928fe4933f259ad170f5fde86b2c3850.png

Check if the detail info. for attlocal.net(2) connection is identical to that shown for the attlocal.net connection. You do this selecting each network connection and then clicking on the Edit tab. Then click on the Network Identification tab as shown in the below screen shot. If the connection details are identical, you can delete the attlocal.net(2) connection.

If the details for both  connections are different, post a screen shot of the Network Identification data for each connection that shows the data differences.

Eset_Known_Networks_2.thumb.png.803b2e39a864cfa6c73da4a29d9210cd.png

 

Posted

Marcos- I am still trying to navigate the eset reporting tool..once I do I will post the results. Itman..the DNS suffix is the same but there is more to tell. I have been a victim of repeated hacking, I believe by a neighbor. Running malicious scripts, changing my login passwords, mapping my keyboard to other keys, etc. I am not too computer savvy but enough to get me in trouble. :). My main concern is there any way to block the router which has a different IP address but had an exact same mac address as mine now it is changed one digit?

  • Most Valued Members
Posted (edited)
2 hours ago, JayCouture said:

Marcos- I am still trying to navigate the eset reporting tool..once I do I will post the results. Itman..the DNS suffix is the same but there is more to tell. I have been a victim of repeated hacking, I believe by a neighbor. Running malicious scripts, changing my login passwords, mapping my keyboard to other keys, etc. I am not too computer savvy but enough to get me in trouble. :). My main concern is there any way to block the router which has a different IP address but had an exact same mac address as mine now it is changed one digit?

Question is how your neighbor connects to you? , so as you have said he has set up a MITM monitoring your traffic and getting everything going to him in terms of traffic , so he needs to be connected through something like a cable or wireless , let's say he is connected using wireless , I think you need to disable wireless for now till you get rid of him outside and secure your Router login , maybe reset it and update the firmware of the router , and get a good password for your wireless and change the admin username and password of the router login page

As in terms of connecting using a cable how in the hell he got access to your LAN?

Here you can read more about MITM : https://en.wikipedia.org/wiki/Man-in-the-middle_attack

Edited by Rami
Posted (edited)
5 hours ago, JayCouture said:

Itman..the DNS suffix is the same but there is more to tell. I have been a victim of repeated hacking, I believe by a neighbor. Running malicious scripts, changing my login passwords, mapping my keyboard to other keys, etc.

The issues you describe are symptomatic of malware being installed on your PC.

It is doubtful your neighbor was somehow able to access your router remotely and somehow set up a connection for himself. Regardless, ensure the router admin interface has a strong password. This should not be an issue with AT&T issued routers; their provided router password is strong to the point of being a bit extreme. Now if your neighbor somehow acquired your router's password in the past, you need to change the password/access code.

If when you created a Wi-Fi connection on the router, you didn't specify an encryption protocol or choose a weak one; differences explained here:  https://searchnetworking.techtarget.com/feature/Wireless-encryption-basics-Understanding-WEP-WPA-and-WPA2 , that could be an issue. At most I would suspect your neighbor might be trying to access your Wi-Fi connection to spy on your Internet activities.

Getting back to your original question, the fact that two routers were shown with identical MAC address indicates their are indeed the same device. Eset's network connection setup has issues at times properly identifying a device. This can occur when multiple network connections; e.g. Wi-Fi, Ethernet, VPN, etc. exist for a device. The result is Eset will create a new network connection for each network adapter connection that has been set up.

Edited by itman
  • ESET Moderators
Posted

Hello,

The ARRIS Group device is likely a Motorola-branded device like a cable modem with an integrated router and USB port for sharing disks or printers.  The second IP address may be assigned to the disk/printer share.  Disabling that functionality in the modem/router device nat make the second IP address go away.

Regards,

Aryeh Goretsky

 

Posted
11 hours ago, Aryeh Goretsky said:

The ARRIS Group device is likely a Motorola-branded device like a cable modem with an integrated router and USB port for sharing disks or printers. 

These are DSL routers issued by AT&T to support their TV set top boxes for U-Verse and the like. If wireless set top boxes are used, a WAP is also provided. This is connected to the router and is used to connect to the wireless boxes or anything else wireless based that is manually configured on the router.

The Motorola Arris routers also go under the Pace name; Motorola bought then out. They support NAT, are stateful, and have an excellent two-way firewall.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...