My Netgear R6900P router hacked

Topic

New Reply

My network was hacked over Christmas.  I noticed because there were several devices shown in the “My Network” folder on the computer that didn’t belong to me and the internet access was going crazy.  I ended up pushing the factory reset button on the router to start over and entered all new settings.  I think that solved the problem but I noticed upon on reboot that any computer using a wired connection has its corresponding LED start blinking immediately once the power has been reset and before the router is actually set up. Is this a normal occurance?  I had the router on a shelf up high before and never watched it.  I’m wondering if the hacker put some code on my computers to gather the router data before it starts up.  I have firmware version 1.3.2.126 on the R6900P router.  I’m using Windows 10 on a laptop and a desktop with current updates.  Everything seems to be operating normally but I am nervous for security reasons.  Any help would be appreciated.  Thanks

Reply | Quote

Replies

… I noticed upon on reboot that any computer using a wired connection has its corresponding LED start blinking immediately once the power has been reset and before the router is actually set up. Is this a normal occurance?…

Yes, if the computers on the other end of the networking cable are turned on as well. What this normally shows is that the computer at the other end of the cable is trying to establish a connection with the router and is considered normal behavior. This behavior will also occur if you unplug the networking cable with the router and computer both turned on and then plug it back in.

As part of the reset effort, did you change the password to get into the router’s settings pages? Also, it would be a good idea to change the password for wireless networking as well if you haven’t already, provided that you’re using the wireless capabilities of the router.

Another thing…if there’s a feature in the router’s settings pages to be able to access the router’s settings pages via the wireless network, please disable that feature. What that will mean is that you shouldn’t be able to get to the router’s settings pages from a computer connected to the router through the wireless network, only from a computer that’s connected to it via a networking cable. This should help thwart someone from accessing your router without physically being in your house.

I had to help a neighbor back in 2011 with a similar problem…they had lousy internet speed and asked us if we had poor speed as well. I said no we were doing just fine, after which they asked me to take a look for them to see if anything was wrong on their end. Boy was it ever, with several folks in the neighborhood mooching off their wireless signal for internet access. With their permission, (and assistance…I had them enter passwords they came up with on their own to replace default passwords from the factory they’d been using), I promptly put a stop to it as you did by changing some of the wireless networking settings on their router. Needless to say, the local cable company installers were in the neighborhood a few days later installing new internet access for some folks!

Reply | Quote

If you want to read up on router security, there’s a website that’s got a ton of router security info called routersecurity.org. The link is https://routersecurity.org , and there are no ads or other junk on the site. It’s run by Michael Horowitz who also occasionally posts here. There is info for every day folks as well as some really technical info as well. When looking over the info on the site, definitely take your time to make sure you under stand everything.

By the way, when I said

if there’s a feature in the router’s settings pages to be able to access the router’s settings pages via the wireless network, please disable that feature

in my post above, the name of the feature is very often called “Remote Administration” and ships from the factory with the default setting of “on” in some router models. As I mentioned above, if you find it set to “on”, please turn it “off”.

Reply | Quote

Well, I need to apologize. I misspoke earlier when I said that Remote Administration is another name for allowing a computer that’s part of the router’s wireless network to have access to the router’s settings pages. It is not.

What it really is: A way to get to the router’s settings pages from anywhere on the internet and change the settings without having to use a special portal to do so. Convenient, but it opens a hole in the router’s defenses for the miscreants out there to try to get in. Because of this, please turn Remote Administration “off” if you haven’t already.

Wireless access to the router’s settings pages is a separate feature, but still something you don’t want to enable, so if it is enabled, you want to disable it. It allows anyone whose computer is part of the router’s wireless network to have access to the entry page to the router’s settings pages. All they need to get in is the user name and password, and there are programs out there to guess that info in what’s called a “brute force” attack.

Again, I offer my apologies for the misstatement in my earlier post, and this post is to remedy that misstatement by adding clarification.

1 user thanked author for this post.

Old Engineer

Reply | Quote

Old Engineer wrote:

its corresponding LED start blinking

The physical connection and speed determination is done in hardware on both your router and computer. The router software plays no part in this – on consumer routers.

cheers, Paul

1 user thanked author for this post.

Old Engineer

Reply | Quote