Tweaking.com Support Forums
Main Forum => General Computer Support => Topic started by: jraju on January 16, 2016, 10:11:52 pm
-
Hi, I want to know if it is possible to change the settings in your reuter settings by virus or trojans even if it is giving NAT mode security ISP ? Normally reuters are secured as long as you do not allow anybody to your computer. But, could it be done by virus, to stop the internet access?
Did you come across? If , how to be secured even in this.
what the virus would do to penetrate the security connections of individual bband wifi
-
This router infection was found in 2014 but others may not be restricted to Linksys routers.
http://www.pcworld.com/article/2880189/watch-out-for-malware-on-your-router.html
I think there was something else going around that affected certain router chipsets but I can't find the thread anymore on www.billion.uk.com/forum where users were posting their concerns.
Generally, keeping your router's firmware up to date should protect you, but there was a White Hat infection doing the rounds at one time that actually protected routers from infection.
http://www.theverge.com/2015/10/1/9434521/router-virus-fights-off-malware-security
-
Hi, How could i update the firmware, is it not risky. all the settings have been done by them for me. Is it not? If suppose, i update the firmware, would it not amount to their security being touched without their consent.
Please tell . if i can , how to to in router website
-
It depends upon whether you are using an ISP supplied router or not and whether the ISP is up on threats, but checking the firmware level of your router and Googling for firmware for your make & model otherwise, can show if you have the most current.
-
Hi, Router , you mean modem. Ofcourse, i have purchased teracom modem from them. I access the router page thro the general access at the said gate point.
I did see some options in the pages of the server connection details there. But i just checked as was told by the ISP.
-
In some areas, separate modem and routers are still used by ISPs but they are gradually moving over to modem/router combos where you just have one device.
In the UK ISP devices are usually combos.
Terminology is another thing - some people still call their combo routers, modems.
What are you using ?
-
Hi, I am using the terra com modem, on which both bb and wifi settings are configured by the ISP.
-
Then you would be reliant upon your ISP keeping abreast of things for their firmware updates, but you could contact your ISP to see if your device is up to date.
-
hi, when my son tries to connect thro wifi using his android phone, a security alert he received by avast . On scanning that, it shows Rom O vulnerability found. What is that? Please say, how it would have been possible to affect my router. Is that mean, all the router of this ISP are affected, or a particular machine like mine.
-
Here you go J. Expand the 3rd section "Details". Contact your iSP for any firmware update/ patch.
https://help.avast.com/en/ws_android/1/alert_vulnerable_router.html
-
Hi, Samson.
Thanks for the link. I want to know, whether it is common attack for this kind of modem or only my modem.
Is there any thing that would get rid of it , by scanning thro computer to which the wifi modem is attached.?
-
You could try factory resetting it if it has that facility but you would first need to log into it for the details that needed to be input when it was first set up, but I'd contact your ISP for advice.
-
Now, my network is shown as Public, with a bench icon. Can i change to Home , with home icon without affecting the internet access or wifi access
-
Yes, just click on it and change, but Public is the most secure of all.
However, if you are on a Home group then I believe it needs to be set to Home.
-
Hi, I do not understand a bit. I just selected Home group when i first installed the OS . Thats all. How Public is secured.
What is meant by Home group. Is it sharing between members having computers more than one at home. How Public is better. How it is assigned home or public? How come my Home changed to Public, when i configure the modem after advice from ISP
-
I'm not sure why yours changed from Home to Public - mine has done that before, but you are right in that a Home Group is sharing between computers in the home environment.
While at home, the Home setting should be fine.
http://www.digitalcitizen.life/network-locations-explained
-
Hi, samson,How can i disable the wifi, when i do not want it. It is the question. Avast confirmed that the router is affected with Rom vulnerability, which it says that it prevents from ROM memory to totally erase when RAM has to cease to exist, when powering off.
i followed the instruction to trial vpn, by them. But it has not resolved my issue, instead downloaded their sub softwares to the phone.
I went to the LInk by samson, which i think that it goes to the check page of avast check on my router page. It also lists the vulnerability and it says to update firmware or contact ISP.
Hi, boggins.
If the router is affected, it means the modem of the particular person is affected. Is it correct , pl confirm.
Or if the router is affected that it affects all the router pages of the service provider
Actually we are least bothered about problems in secured connection, but when this sort of sudden change of internet access to nil, we have to think of getting rid of so called wifi attacks.
-
Hi, Samson,
This is the Details in that page
We have identified the following problems with your router:
ROM-0
Severity: High
This vulnerability allows an attacker to easily gain control of the router and therefore your Internet connection. The attacker can use a specially crafted HTTP request to download all important and secret data stored in your router -- your router login/password combination, your Wi-Fi password and your configuration data.
To overcome this vulnerability, aside from applying the firmware update that addresses the issue, there is one more technique that can be used: setting up port forwarding for port 80 on the router to an unused IP address on your network. To do that, enter your router configuration page and find the "Port forwarding" section. Here, set up a rule that tells the router to send all http traffic to an unused local IP address (for example 192.168.0.255, if this address is not used by any other device on the network).
I wish to bring to your notice the ONe more technique, which says change the port settings of 80 to some numbers if this address is not used by any other device on the network. Ok, can i do that in router settings.
Pl clarify, that it is the ultimate control of the service provider or the user. How to know the device used by the said ip address. pl educate
-
I'm not sure about that - you could disconnect the router and wire directly to the modem and see what Avast reports then.
If you log into the router, there may be a manual wireless settings page where you can uncheck the box for Wireless, but your ISP will be better able to advise on this, but you should contact them anyway and report the infection and they may send you out another router with upgraded firmware.
-
hi, so you mean the router is nothing but my modem. So it gives the settings inside the modem. Avast report that in his android phone, but of course, in the link Samson gave.
But i have panda antivirus and malware bytes, which i think they never touch router.
Eset online scanner is also not touching the router.
-
Do you have two devices as in http://www.tp-link.com/en/faq-618.html or just the one with a number of LAN ports ?
-
If you can access the modem interface via 192.168.1.1 search for admin> firmware upgrade > check for updates
Is you ISP BNSL?
What is the modem model number?
-
Hi, Boggins.
I have only one device that is bbwifi modem.
It has DSL,Power, and lan 5nos provision in the back.
It has, powerlight, dsl light, internet light, lanlight and wlanllightWhen i power on with telephone wire in DSL and ethernet cable then i get all the light glows including wlan. I think, i made it clear
-
Yes samson. the modem no. is TDSL 300 w2 (type ws),adsl+cpe/wireless router, made by terocom
-
So have you tried to update the firmware?
The warning from Avast on your son's android device was not saying that your modem is infected, but highlighting a potential vulnerability, which may or may not have been exploited. I would be very wary aabout using such a device, you said earlier that you have an older non wifi modem that you could use?
I would certainly contact your ISP and politely inform them about the situation and request a safe replacement, either a firmware upgraded or newer model.
-
Hi, Samson,
Thanks . But i could not access the default gateway. I am getting user pw screen. If i enter, then it goes and inform that the ROM o page is protected. I do not know, how the thing came to my router.
They will not exchange the modem if it is working. Moreover, i was thinking of upgrading the firmware, but i could not log on to the page itself.
If i reset the modem or router, i think both are one and same, then it has to be reconfigured with the ISP again. Is it easy to configure after resetting. Because, i once reset, but i could not get internet access, even though all lines are clear,but the router settings changed.
-
I am getting user pw screen. If i enter, then it goes and inform that the ROM o page is protected.
Both accessing via Android and Windows?
They will not exchange the modem if it is working.
It is n't working (properly) is it.
-
Hi, Samson
Wifi connection by android , and bb thro computer, with the same modem.
Regarding working of modem, it is perfect hardware wise, but the page of modem, reuter is having some problem. If i reset, the modem often, then i need to reconfigure again and again. If only i know how to reconfigure the modem pages, in the default gateway. I could make some changes.
The error i get is
Protected Object
This object on the RomPager server is protected
So, reset is necessary atleast this time.
-
Have you ever changed the login details?
If not, try Username : admin, Password : admin
From what I have found these are the defaults.
If you do a factory reset, then you will need to enter your ISP settings, WiFi settings etc, do you have these?
-
Hi, that is the problem why i have not resorted to reset again.
-
You say "again"..so does that mean that you do have all the ISP details at hand to re enter? If you do and decide to bite the bullet and reset it, then follow Shane's 30/30/30 guide :wink:
http://www.pcwintech.com/how-do-hard-reset-aka-303030-reset-your-router
-
The problem is when i reset, the router page turns to default. I have to reconfigure those settings to get my access back. Eventhough it is minimum, they are not giving the details. Without knowing how to go about it, i find approaching the configurer, techman often a kind of making irritation. This problem may be experienced by so many in their routers, but they would not say about how to keep your router page safe. I mean the settings secured. Now, how can i go to the gateway. That is the first problem. I could not log on to gateway. I receive the error message i posted a while ago. Thanks for all your tips.
-
J, We need to recap here..... :wink:
Have you reset the router before?
Do you have the ISP settings to input after a reset?
Have you tried the Username: admin
Password: admin
Failing the above, then contacting your ISP, like it or not is probably your only recourse to a successful outcome.
-
Hi, Samson
today i brought the modem to the ISP configurer. He told that there might be something fishy about the whole thing. I asked him to check. he tried by getting my tele line , and started accessing the gateway. He asked me whether i reset anything. I said, i had not done after configuration recently. He tried and he also had the same error. It does not let past the password screen, saying object is protected.
Believe me or not, he tried successful reset and factory reset . He tested some ping test, and lastly he could get the internet light . I was getting all the lights including connection, but could not access gateway.
I already told him that every time i contacted the help desk, they will give a sort of numbers to reestablish the connection. I said that this had been annoying , as always one would not know, when my internet connection will go, and to get another points from help desk. He says that there is no setting of port 80 in the modem settings.He aslo ruled out the possibility of updating firmware. He says that i may loose all acess if i do so, without analyisng the whole thing.
At last after four trials i could get back my internet access. He advised me to use the internet and disable the wiifi in the settings , if at all to get rid of this problem.
Does the usage of android phone injected the so called Rom 0 or the reverse is yet to be analysed.
he says frequent configuration may completely make the modem unusable.
the modem i bought when i got internet connection, manufactured by the company itself lasts till today without any problem. The terracom modem has this problem.
Now , how to get riod of this so called hidden page virus. Is there any safety scanner without any side effects like internet connectivity loss?
His experience in going to cmd and typing some commands, checking with his modem on the settings applied , his technical expertise were spent on my modem for nearly one hour to get the kind of response .
I tried one scanncer, but it could not first of all recognize the wifi connection, as it is included in the internet modem as one. So whenever one switches , the wifi comes alive. I did not share the password of my wifi.
-
J, I don't know what you mean by "Hidden page virus".
Again the Avast warning was NOT that you are infected, but that the router is vulnerable to attack, what was the tech's response to that?
Unless you aare looking to get another router, you may just have to live with what you have got :sad:
-
Hi, I mean router virus rom 0.
To live with what one has is content.
To aspire for what to have is success.
I also know in a way that avast is pushing you to buy their trial product . I am thinking of telling my son to uninstall avast from his mobile and to get some other protection which is not pushing you something.
Avast of late, is pushing so many things, like grime fighter,vpn etc.
I wish to inform all the readers that once you choose any trial, it will not only give any result on solved matter but would push you to buy their products. If you do that, your wifi access may get total protection, but you could not have any idea , what it is doing in the background or anyside effects.
I had to approach the configurer to break this protection, and to be relieved. Mere reset does not do any good. I also read some threads in the forums about the so called secureline. Please try instead products from pcwintools, which will give you protection with no side effects like no access, or reset errors. Today only i had seen some tools in that site. I think , i will try those
-
Is the Teracom router supplied by your ISP or did you buy it yourself?
Was the tech guy from your ISP (BSNL?) or from Teracom?
I have never heard of Teracom before. I am not a fan of ISP routers (they tend to lock them down). I prefer to use a reputable third party router, in my case I have always found Netgear to be reliable, well supported and reasonably priced.
Have you tried looking for BSNL/ Teracom forums in India, I cannot think that you are alone in facing this situation and others may have a solution.
-
hi, samson
I bought thro BSNL my service provider. I do not know about others having this problem. I am surfing the net. i have taken the prsc of the settings, of the modem. Incase anything fails. i have to search for the manual. I was given a cd for configuring. If i try again, that may lead to something , again prompting me to approach service personel.
Is there any wifi scanner, that would scan and fix this virus without affecting the internet access?Thank you for all the tips.
-
You keep calling it a "virus", Avast has flagged it as a vulnerability, NOT a virus. This can only be fixed by a firmware update/ patch.
Can you now access the router's settings via 192.168.1.1 from your earlier post, the tech managed it.
-
Yes . of course. i said that i have taken prscr of my settings. Now, if that vulnerablity is touched, who knows.
-
Now, if that vulnerablity is touched, who knows.
"This vulnerability allows an attacker to easily gain control of the router and therefore your Internet connection. The attacker can use a specially crafted HTTP request to download all important and secret data stored in your router -- your router login/password combination, your Wi-Fi password and your configuration data."
"There is a severe vulnerability in a lot of routers of various brands, models and software versions. The bug allows unauthenticated anonymous HTTP requesters from outside network (from WAN interface) to download configuration file from the router including its passwords to configuration web interface. Attackers massively abuse this vulnerability to gain access and change DNS servers that are used by the router as well as the computers behind it and they redirect high-profile and generally trusted web pages to malware or phishing sites."
You can get a second opinion on Avast's findings here.
http://rom-0.cz/
It is circumstantial and speculative, however you seem to have suffered the symptoms of the vulnerability to which you are exposed. Specifically the inability to be able to login to your router interface could have resulted from the admin password being changed by a malicious source. Coincidence?
-
Is there a setting in the router for remote access that you can disable ?
This is what ISP techs use to access the router but I suppose could also allow an attacker the same access.
See what Netalyzr makes of your WiFi - this requires Java.
http://netalyzr.icsi.berkeley.edu/
Can you let us know the make & model of the router - this can be viewed by going Start - click on Computer and in the left pane, click on Network.
Let's see if we can find some info on its settings.
-
My network icon on the left if opens show only my printer hp 1300.
I will give the modem name It is teracom modem,TDSL 300 w2 type 2 adsl2+wireless router
The adapter is RealtekRTL8139/810x family fast ethernet NIC.
I ran the netlyzer, but test complete and waiting for results. How to go about getting the results
-
Hi, Boggins.
there was a feed back session and I sent. I stored the results in png form. The results are some major and minor aberrations. to put it simple.
I will give some results in the next post.
Meanwhile, if it is dynamic ips on every login, how the results could be gauged. If suppose, I quit the browser and then log in , I will be given a different log in by the ISP, as natural and how it is to be analysed. I appreciate the task it took to give those results. Would it be applicable to dynamic ips log ins.
I will analyse the results and if possible, I would like to pm. how to do I do not know
-
This is mine which I just used the normal right click on the URL then selected Create shortcut and pasted it into the reply box.
Link removed.
At one time, it used to warn of a vulnerability in the router but I cannot see it this time.
I'll do a search later to see what info I can find on your router.
To check if you are getting a different IP address every time you log in, run this program before and then again after a new log in to see if it changes.
http://whatismyipaddress.com/
EDIT - It looks like not being able to log into this router is a known issue and the only workaround of a factory reset has already been suggested.
http://www.netvuze.com/2013/04/dsl-broadband-modem-configuration.html
-
Your router may have the option to make a backup of your current settings to a file that you can save and then use to restore the next time that you have to do a reset. Look for a backup option in "maintenace" or "management" in the router interface. This would save time and hassle in future.
-
Hi, It is the direct link to the site. Is not?
If you are having dynamic ip address, then this is ok.
But if you have static ip, then would it not be pinpointing your ip. Please, if it is static ip, then anybody could use this . Pl clarify. I had not sent the details, even though it is dynamic.
Whenever you log in , you will find new .
Another question: the settings in the router is not that i typed. like the 5 points in ip4 configurations. But when i do not get the internet access, when i call the help desk, i am given some other 5 access points address, which is not found in the router. It is entirely different, but i am getting access.
Is it not that these two are different and getting the access. Pl clarify. If Boggin things, he could just take out the link, giving his internet results.
edit: I set ip4 to auto detect internet and also dns server in present settings.
Still, the internet light first gives red, and after troubleshooting is done, giving the access.
-
Hi, Boggins Yes checked on this computer
If i plug in after restart , the first time, i got the same ip address
on second attempt after some more minutes, it gives the different ips. I checked with pcwintools site as well as in your link.
While sometime, i get all the lights blinking, sometimes, i get the internet light red on clicking troubleshooting, internet light also starts glowing, and troubleshooter ends with no problem screen.
-
Hi, Boggins,
so there is no chance of saving the settings from the link. If you copy the link location, you could view the things of result.
I will check the result with the changed ip and try to give the changes noted if any.
Hi, samson,
Thanks for the tip. But going to the page and saving the thing.I want to know that i need not kind of saving the settings, after progressive bar in the maintenance tab. Is it correct.
I could just save the settings in which format. could i able to view on my pc in selected folder or file location.
-
I think you need a new router - how long have you had this one and is it still under warranty ?
My ISP - TalkTalk supplies a free router, although now you have to pay for the postage which was once free.
Their routers initially were little better than doorstops but have improved immensely and in the early days when I first signed up to them because of the instability of the connection, I bought my own router.
Do you have an alternate Internet provider who has better facilities.
Are you using wireless or Ethernet as that Realtek that you listed is an Ethernet adapter.
The results for Netalyzr just come up when its tests are complete, but I've never run it on just wired - I'll give it a go and get back to you on that as I'll need to allow Java in browsers which requires a restart of the browser to effect.
I can still view my Netalyzr results by clicking on my link.
-
Hi,
When you are logged on to another isp, when you start a new session, some results are same. But it differed from the first findings. What i did to save is , pr scrn by expanding the + marks in the link.
I think that the server is redirected to some domain.error com, and it list as a commercial adware peeking site. I enclose the findings without the access points.
One of the solution given is to change the dns server to 8888 and 8844. When i opt auto detect the internet access, then i do not have the option. Ok
Or is it possible, that i use the following and entering the above 3 with my previous numbers and the last two dns and alte dns as 88888844. What this stand for , i do not know.
I remember Shane saying something about change to Google dns server in some other posts. Is that belong to google?Pl remove those findings , which is not decipherable
HI, boggins, what about the query on bold lines.
-
Hi, boggins, Pl also remove the 1st link in your 44 post in this thread.
-
Hi,
can i change the dns server to the 88888844, by use this following ip
-
To change the DNS server settings in your computer which will override the router's ISP DNS settings - go Start - type ncpa.cpl and press enter.
Right click on the adapter you are using and select Properties.
Click on (TCP/IPv4) then on Properties then click on the lower radio button for Use the following DNS server addresses.
8.8.8.8 / 8.8.4.4 are Googles primary and secondary DNS server addresses, but you can also use OpenDNS which are -
208.67.222.222 / 208.67.220.220
I use these and have changed them so the primary is 220.220 as Netalyzr found it to be fractionally quicker than 222.222 and also faster than Google's.
Below is what mine look like using OpenDNS and after changing them, check the box for Validate settings upon exit - OK - Close and that will invoke the trouble shooter which should report no problems found.
After changing the settings I run a cmd prompt as an admin and enter -
ipconfig /flushdns
ipconfig /registerdns
shutdown /r /t 00
EDIT - If you use 8.8.8.8 and 8.8.4.4 you will have each digit of 8 in the upper row of boxes and 8 8 4 4 in the lower row.
-
Hi, As in the post, i changed and tested . No problem in accessing . But the router settings in the router form is different, which is shown as vulnerability. It is said NAT vulnerability in configuration. I will again check tomorrow and report, if any improvement. I will give the results after analysing myself . Thanks .
-
Is that NAT vulnerability from the ROM 0 vulnerability ?
-
Hi, I do not know. May be . When scan by avast using smartphone , the rom0 vulnerablity shown.
-
I think that is what I was referring to for my ISP's router - you could contact your ISP but I doubt if they would do anything about it as that is a money making thing for them - a bit like a browser hijack that sends you to adverts.
You can ignore that error - I do as I doubt TalkTalk's "techs" would know what I was talking about :)
-
I doubt TalkTalk's "techs" would know what I was talking about :)
:cheesy: "Doubt"? Boggin, you KNOW that they would n't! :cheesy:
(You have to be in the UK to get it :wink:)
-
It probably wouldn't be in their script and once they have to go off that - they are screwed :D
I was talking to one "tech" about the hidden devices in Device Manager and he said I shouldn't go in there - I didn't stay on the phone much longer after that :rolleyes:
-
Hi, Samson, It seems from Boggins posting, that the config files could not be read easily in note pad. I take it , what you say may mean that you could save the cfg file in your computer as a file and if you want to restore , you could browse to the location from the router page. Is that correct?I will try that
But accessing that page, and mere save would not , try to save the settings as was done by the configurer when he reset my modem and entered fresh entries . That was a query to you in my earlier post.
Hi, boggin,
when i tried to test with the site, the tool ran but no results shown. Probably it would allow only once with the same ip number log in. I will try to day . I want to know, whether the settings of open google settings would show some improvement.
But one more query comes to my mind. Spam filter sites, show infected ips list . I think that i have seen in some site. If a person is logged to a ip infected , without his fault and his actual knowledge of ip he logs, then it may be possible to change the dns settings by virus attackers, though he is well protected, irrespective of whether he changed to secure dns google.
I also read that if it is shown as infected, then i could not log on to secured sites, like tweaking.com. It shows an alert that i am a spammer and alerts some maths calculation to enter in to this site.
when i log off and and log in in new ip, not infected ,this problem does not arise.
Even Panda says, that it expects attacks on router much more than pcs in this year 2016.
I also say that in these days of infected ips, by malicious sites adware and lottery softwares, one would not have enough security unless you change the security level of your firewall to not to allow anything. If you do that , you may not also wish genuine sites.
Hi, boggins your idea on that. My router settings has an option default secured
-
Hi, Boggins, when the scan is being done by ntlyzer, i get windows firewall blocking message. I do allow for the session. But i am not getting the results after waiting. Should i change anything. I open the page with internet explorer, as firefox does not allow java
-
Direct TCP connections to remote PPTP Control servers (port 1723) succeed, but do not receive the expected content.
The client received an empty response instead of our normal banner. This suggests that a firewall, proxy, or filter initially allowed the connection and then terminated it, either because it did not understand our server's reply or decided to block the service -I have given public access also in java to get the result
Your computer's clock is 6 seconds fast- what to do
Your host, NAT, or firewall acts as a DNS server or proxy. Requests sent to this server are eventually processed by 218.248.233.3*. Nb: i have changed to google dns and yet this alter dns is being accessed Why.
*This is probably a bug in your NAT's firmware, and represents a minor security vulnerability.
-
Hi, I have seen only now about your cmd commands, boggin. should i do to correct those errors of having accessing 218.248.233.3. Shall i issue these commands.
-
6 seconds isn't a lot of inaccuracy but check to see if your clock is being corrected by Internet time - set it back up if you have an accurate time source and then keep an eye on it.
218.248.233.3 is the ISP's IP address DNS server and the last digit could go all the way up to .255
The info in your post before last is what I get and is derived because of security settings in the router set up by your ISP - so nothing to worry about.
I don't have an answer as to why Windows Firewall should be blocking the report - I've never had that problem.
-
Hi, Boggin , glad that you are at your desk
Even if you buy new modem, the wan settings do not change, is that correct?
This program touches that access point, because it was the first modem configuration, i suppose, which i very well know that it is configured in that place.
But , why it is not touching the adapter settings ip4, which is to be checked, I forgot to click one box over there. I will do it now.
Should i do the command prompts you describe in your post , like flushdns etc. I will check box with exit down.
So, it becomes clear that the result of the test is depending upon the log in time and log in ip. Is that correct?
Then why the ISPs are allowing infected ips? Could not they cure the infection? please
I have this access point in the overview page of the router please clarify
-
The /flushdns and /registerdns cmds are optional - it's just something I do and the DNS resolver cache is cleared anyway when the machine is shutdown.
When you shutdown a machine and then reboot you can be given a new IP address, this is normal, but I'm not sure where you are getting the info that an IP address is infected.
Say if your email has been hacked and is being used to send out spam, then you would be identified by your IP address and possibly blacklisted as a spammer.
Changing your email password to something more secure would stop that.
I've just run Netalyzr again so that you can compare your report to mine - use the + signs to expand any section for more info.
http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-2725-386c20c5-e4f4-4adc-aef9
Have a run through these tests https://www.grc.com/x/ne.dll?bh0bkyd2 and this one will check your router's UPnP for vulnerability.
https://www.grc.com/su/upnp-rejected.htm
-
Hi, I clicked that link and it shows no concern. You could not surely know that it is infected ip or not. I visited some spam filtering sites, where i found so much infected ips given in neighbouring ips. I forgot. Once upon, i logged and it would protect me from any spam. I also queried this with shane, This was when i attempt to this link, i was alerted that i am a spammer and to get that link, i have to solve some simple additions. After that i queried about this and Shane has replied that he has a program, which would detect that it is blacklisted in those programs and advised me to start a new log in session , by closing the existing one. The next was without any problem.
If you do not know, which ips are infected with spammers, then how to get that information, except, trying thro netalyzer.
I do not have any email hack. I only open genuine email and panda would block any thing suspicious.
-
Hi, Please see the pst
particularly 9 onwards
http://www.tweaking.com/forums/index.php/topic,872.0.html
-
If you still get notified you are a spammer when you visit certain sites, then it would be advisable to change your email password as a matter of course.
Something or someone has been sending out spam from that IP address and unless someone has spoofed your IP address, then your email would be suspect.
-
Hi, No. Please see the date of the thread . It is long ago. I am not getting any spam.
I only point out one thing. If you log on to a session of infected ip, then you get different results from Netalyzer. I wrote to them about this , and expecting reply. If i receive , i will share.
I have checked all the access points, and noted that it is from service providers. But there is a problem in the router. Hence this thread.
I do not get any spam emails.Only from known sources.
Thanks for all the advices from you and samson.
-
Well, if you are concerned about the vulnerability of your router or you are still unable to log into it and finances permit it, then I would advise getting something else.
-
Hi, Samson, It seems from Boggins posting, that the config files could not be read easily in note pad. I take it , what you say may mean that you could save the cfg file in your computer as a file and if you want to restore , you could browse to the location from the router page. Is that correct?I will try that
But accessing that page, and mere save would not , try to save the settings as was done by the configurer when he reset my modem and entered fresh entries . That was a query to you in my earlier post.
Yup, it is a backup, that can restore the settings. As with all backups it is snapshot of a particular time, so if you took one at the time when he reset and entered fresh entries, then you could revert to that point in time.
How much did BSNL charge for this device? You could get a Netgear D500 for Rs 1000, not an all singing and dancing router/ modem combo, but my guess is it would be more reliable than what you have.
-
Hi, Please also seen from two results of the netalyzer by boggin would prompt me to say again, that one reading shows some aberration, while the last , without any aberration all in green only denotes that the log in session is important to the result. I will give the reply if i receive from that organisation.
In his earlier result, some concern, though minor has been given. In his second result recently, he has posted a clean green, without any concern oks.
I think he has also dynamic ips.
I already took to the note of my ISP, of what precautions they are taking to give us secured experience both on bb and wireless. They say they are escalating the issue to the top authorities.i also visited the other site by shane, and found so many tools . But i could not get to know the things to manipulate. That site reveals too much technicalities that could be understood only by engineers. For eg, i tried his toool port reading. I do not know , what i have to give as input in port. without clicking next gives error page.
I think that his software also has auto router updates, without you going to the usual procedures to the router access point. YOu could easily update. I became member of that forum also.
Shane, i think that you need more than 24 hours for all these sharings and free downloads, which few sites would allow for free
-
Hi,
I tried avast free laptop. It also alerts vulnerabilities in my terracom router in rom 0 position. I further expanded the results, that the router is not configured correctly to by pass this vulnerability. But one thing, avast has free secure line enabled in free version.
Yesterday i tried the same tool Boggins suggested. There was no major aberrations and only minor aberrations. My session ip , shows as not having any major defects, 95 percent green oks.
So, I wish to make it clear that the logon session ip has more to do with router risk than any body else. If you log on to a ip, not infected, then you are safe. Otherwise, the risk at the time of login increases.
So, is there any immediate command or tool to auto detect this and so we could as well power off our pc for some time to login to the next session to pray HIM to give the good ips.
-
Hi, Long time no see to this topic.
To Shane, boggins and samson:
The avast scan showed vulnerability and i tried with whatever i could do, but still vulnerabilities.
Then i thought of downloading the zone alarm , to fix , but i think , it will disable the windows firewall. I raised a thread on this subject, as i had limited knowledge.
coming to the story. I waited for reply for that thread, and in the meantime, concentrated the settings in the firewall, windows firewall.
I just thought, of going to the advanced settings, and in the firewall settings, i clicked advanced, click inbounds, new rule, and then in the browsed page, selected ports instead of default and in the port, mentioned 21,80, http and ftp ports, and selected all domain, priv,public and other, and selected BLOCK, without knowing what i would have to face.
I ran the avast network scan, Oh! the vulnerability has gone and green ticks with words, that router configured correctly and no vulnerability. Ofcourse, i had changed the admin pw to avoid weak password message. Please see the result for yourself. Thank god, the solution is the settings in the firewall, which default allows these ports, i suppose.
A sub query: would this affect my normal internet experience,
-
It's difficult to know - run ShieldsUp again to see what reports.
I saw your thread about Zone Alarm and Windows Firewall but as I have no experience of Zone Alarm - I didn't respond.
-
GRC Port Authority Report created on UTC: 2016-02-21 at 14:56:53
Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000
0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.
-
The router's own firewall should deal with any vulnerabilities without having to do it from the computer.
I don't what the effect of blocking those will be.
-
J, You should be fine with that. I have ALL inbound blocked on my router, never had any problems.
By the way, looks like you have ditched that Teracom piece of junk for a decent D-Link? :cheesy:
-
Hi, Samson, How did you do that in router. I have done the settings in firewall. Yes of course, but it is really working fine . Only i do not know the firewall settings.
to boggin:
Please explain that part of the answer that you need not do any extra in firewall settings and could do in the router. Of course, the router gives NAT protection and SPI protection, but it does not have any protection on http and ftp protection. These are said to be not enabled in router. But, actually those ports are enabled for http and ftp traffic, so avast finds them as vulnerabilities.
Hi, samson, Now i have 3routers/ one dlink, other two, dataone and terracom all are working without any problem.
The ports open problem is the one avast thinks as vulnerability, is it ?
-
Hi, ssamson, and bboggins, Betaal returns to his tree
Now the vulnerability is back
-
Hi, Samson, How did you do that in router. I have done the settings in firewall. Yes of course, but it is really working fine . Only i do not know the firewall settings.
Under "Firewall Settings" in my router (Netgear) The default setting is to block ALL inbound traffic. I have left this unchanged.
In answer to an earlier Q, ports 21 and 80 are only needed if you are running some kind of server. In my set up they are blocked by the default incoming setting and everything works fine for me.
I don't use Windows 7 (XP guy here :wink:), but I'm sure that if you need to you can block all incoming in the Windows firewall, without having to add ports under advanced settings, a Windows 7 expert (Boggin) can put you straight on that :wink:
The problem in your screenshot appears to be a weak password.
-
Hi, I changed to that admitted password , only alphanumeric.
How could the same av is doing these tricks, even they do not know. They asked me to send the logs, which i did sent to them for analysis.
Still some new head technician again calling for logs, and i asked him to look at his server.
I think , there is glitch in the HNS, by avast. i rely on this av, as it is using reduced cpu for scans. I do not know, if this is correct.
I will try to surf the net further to get rid of this problem.This is with the new router, samson.
Boggins, by this time would have enough of my router/s. Let him take some time so that i try something , getting the error, and he comes to the rescue. Where is shane?
-
J, I use Avast too, but a much older version that does n't include that network tool so I cannot offer any advice there I'm afraid. If it is a new feature it could have teething problems? I would place more reliance on the GRC ShieldsUp report, which looks good to me.
-
Of course, Samson.
Yesterday i used 2015 avast, which had network scanner, but which says everything is ok.But the recent update, turned everything positive to negative.
i also sent the same results to the chief technician, who is yet to give a reply. Can i switch back to previous version, using properties for this. I will try.
You please visit the grc.com and see the videos Security now, a list of 5 to 6 videos, which hacked the grc.com for some days, before it could come back again. It is there in the google search.It will be interesting to know that , a calling bell could play a havoc, with a huge server to immobilize it totally. I could not hear the tech terms, that the grc.chief says, but could well understand the agony he has gone. He says about DDOS attack . By persons, who used a antenna like thing to capture the wifi settings and intruded to the system pl see those videos.