Possible Cisco Router Hack?


We have a Cisco EPC3928AD EuroDocsis 3.0 2-PORT Voice Gateway from
our ISP. The router is connected to a firewall (an Ubuntu-box running
iptables and Wireshark). Our LAN (10.0.0.1/24) is beyond the firewall.
No other equipment is connected to the router. The router's WIFI has
been disabled.



A few days ago we noticed problems when fetching mail or browsing.
The connection started to get slower and sometimes we do not have a
connection at all. This behavior seem to occur at random and during
irregular time periods (1-30 minutes approx.). All equipment on the
LAN is affected. Certain services like Skype are not affected.



The ISP did a checkup of the router and the connection to the rest
of the WAN. They found no problems, neither with the modem itself nor
the signal strength or the cable. They also set up monitoring of the
WAN segment that the modem is on and that ran for several days without
finding any problems.



Our LAN has no DHCP. We also had the DHCP in the modem was switched
off. The NIC on the firewall facing the WAN was set to 192.168.0.201.
Although our LAN has static addresses and DNS configurations on each
NIC are set to the ISP's recommended DNSs, they told us that
activating the DHCP in the router "sometimes helps"...



We proceeded to activate the DHCP with starting address
192.168.0.201 and with a range of 1. We also reserved 192.168.0.201
for the MAC of the NIC facing the modem. What happened next puzzled
us: in the router's "Preassigned DHCP IP Addresses"-list an unknown
MAC, 00:11:e6:de:ad:07 (00:11:e6 belongs to Scientific Atlanta, part
of Cisco), was occupying 192.168.0.201. Moreover, in the router's
"Connected Devices Summary", the same MAC was showing up, but this
time with an IP (10.0.0.74) on the LAN!



We restarted the router, but to no avail. The same unknown MAC
showed up again, this time with a LAN address (10.0.0.2) already in
use by a workstation on the LAN. Blocking the MAC in IP-tables made
the MAC disappear from the "Connected Devices Summary", but is still
in the "Preassigned DHCP IP Addresses"-list. We have set the IP-range
to 2, so it now occupies 192.168.0.202 instead of 192.168.0.201.



Restarting the router or disconnecting it from the firewall does
not help. The unknown MAC keeps on reappearing. The intermittent
problems with the connection persist. What is going on? Is this a hack
of some kind? Any input will be much appreciated.

I have NOT bought this router. But before I make a decison, is it
LINUX compatible? It requires a special USB device. Implies
"issues".
PC Magazine review: Cisco Valet Plus />CNET Review: Cisco Valet Plus The CNET Review has a video.
Ubuntu
I have one computer connected to port one router that I can not see in
my home network with other computers connect to other router. I assume
its an IP address and Gateway issue. How do I setup so I can see it
with other computers. How do I configure so I can see computer hooked
to both routers?
Ubuntu
first off sorry if this is in the wrong section - haven't been on this
forum in a while.
I'm getting a little worried after looking at
my sky dlink router log stats in the security section. Usually i will
get hack attempts in the following format:
kernel: Intrusion from
a random ip to my external ip address.
sometimes i will get : />kernel: Firewall Log if i have been downloading torrents or accessed
my pc through ssh.
but recently i have seen kernel: Firewall from
a random ip to one of my internal ip's . In one day i had 4 attempts
from an ip in china to port 80 on my PS3's ip which is 192.168.0.3
(baring in mind i h
Ubuntu
Hi There,
I have been trying to connect my linux machines to the
share created by my router (Cisco X3000 DSL router). It is a 1TB USB
drive connected by USB - if that is important to know.
I set up
the share in router setup and I can see it on the network if I use: />
class="bbcode_description">Code:
class="bbcode_code">smbtree -N
which gives me:
class="bbcode_container"> class="bbcode_description">Code: class="bbcode_code">WORKGROUP
       
CISCO02437               
    DSL
Ubuntu

I have a fibre line at home including IPTV, i have to use my own
router to be able to use VPN etc. this functionality is not supported
in the ISP supplied router.



The internet connection is perfect using my own router, however the
tv box is not working properly.
I can see the channels in the overview and use NetFlix from the box,
but i am unable to watch any television channels, my ISP say its
because the box is not recieving any multicast IGMP traffic from the
router.



I have enabled IGMP Proxy in the router, and according to the
manual that should be enough. "NOTE By default the device will
forward multicast packets which are originating from its immediate WAN
network."



Cisco RV180 Manual



Configuring Internet Group Management Protocol (IGMP)

Internet Group Management Protocol (IGMP) is an exchange protocol for
routers.
Hosts that want to receive multicast messages need to inform their
neighboring
routers of their status.

In some networks, each node in a network becomes a member of a
multicast group
and receives multicast packets. In these situations, hosts exchange
information
with their local routers using IGMP. Routers use IGMP periodically to
check if
the known group members are active.

IGMP provides a method called dynamic membership by which a host can
join or leave
a multicast group at any time.

The Allowed Networks table lists all the allowed networks configured
for the device
and allows several operations on the allowed networks:

• Network Address—The network address from which the multicast
packets originate.
• Mask Length— Mask Length for the network address.

In this table you can perform the following actions:

• Check Box—Select all the allowed networks in the table.
• Delete—Deletes the selected allowed network or allowed
networks.
• Add—Opens the Allowed Network Configuration page to add a
new network.
• Edit—Opens the Allowed Network Configuration page to edit
the selected network.

NOTE By default the device will forward multicast packets which are
originating from its
immediate WAN network.

Adding Allowed Networks

To configure IGMP:

STEP 1
Choose Firewall > Advanced Settings > IGMP Configuration.

STEP 2
Check the Enable box to allow IGMP communication between the
router and other
nodes in the network.

STEP 3
Choose the Upstream Interface (WAN or LAN). Select the interface
(LAN or WAN) on which
the IGMP proxy acts as a normal multicast client.

STEP 4
Click Save.


I have added this network address to the "Allowed Networks table":
87.104.38.1 with a netmask length of 25 (The address 87.104.38.1 uses
subnetmask 255.255.255.128)
But it had no effect.



How can i troubleshoot this problem? what tools do i have
available?



I think i should somehow verify that no IGMP traffic is reaching
the TV box, and i dont know how to do that.



Any help is very much appriciated.

Computers

We have a Cisco EPC3928AD EuroDocsis 3.0 2-PORT Voice Gateway from
our ISP. The router is connected to a firewall (an Ubuntu-box running
iptables and Wireshark). Our LAN (10.0.0.1/24) is beyond the firewall.
No other equipment is connected to the router. The router's WIFI has
been disabled.



A few days ago we noticed problems when fetching mail or browsing.
The connection started to get slower and sometimes we do not have a
connection at all. This behavior seem to occur at random and during
irregular time periods (1-30 minutes approx.). All equipment on the
LAN is affected. Certain services like Skype are not affected.



The ISP did a checkup of the router and the connection to the rest
of the WAN. They found no problems, neither with the modem itself nor
the signal strength or the cable. They also set up monitoring of the
WAN segment that the modem is on and that ran for several days without
finding any problems.



Our LAN has no DHCP. We also had the DHCP in the modem was switched
off. The NIC on the firewall facing the WAN was set to 192.168.0.201.
Although our LAN has static addresses and DNS configurations on each
NIC are set to the ISP's recommended DNSs, they told us that
activating the DHCP in the router "sometimes helps"...



We proceeded to activate the DHCP with starting address
192.168.0.201 and with a range of 1. We also reserved 192.168.0.201
for the MAC of the NIC facing the modem. What happened next puzzled
us: in the router's "Preassigned DHCP IP Addresses"-list an unknown
MAC, 00:11:e6:de:ad:07 (00:11:e6 belongs to Scientific Atlanta, part
of Cisco), was occupying 192.168.0.201. Moreover, in the router's
"Connected Devices Summary", the same MAC was showing up, but this
time with an IP (10.0.0.74) on the LAN!



We restarted the router, but to no avail. The same unknown MAC
showed up again, this time with a LAN address (10.0.0.2) already in
use by a workstation on the LAN. Blocking the MAC in IP-tables made
the MAC disappear from the "Connected Devices Summary", but is still
in the "Preassigned DHCP IP Addresses"-list. We have set the IP-range
to 2, so it now occupies 192.168.0.202 instead of 192.168.0.201.



Restarting the router or disconnecting it from the firewall does
not help. The unknown MAC keeps on reappearing. The intermittent
problems with the connection persist. What is going on? Is this a hack
of some kind? Any input will be much appreciated.

Network & Servers

- Technology - Languages
+ Webmasters
+ Development
+ Development Tools
+ Internet
+ Mobile Programming
+ Linux
+ Unix
+ Apple
+ Ubuntu
+ Mobile & Tablets
+ Databases
+ Android
+ Network & Servers
+ Operating Systems
+ Coding
+ Design Software
+ Web Development
+ Game Development
+ Access
+ Excel
+ Web Design
+ Web Hosting
+ Web Site Reviews
+ Domain Name
+ Information Security
+ Software
+ Computers
+ Electronics
+ Hardware
+ Windows
+ PHP
+ ASP/ASP.Net
+ C/C++/C#
+ VB/VB.Net
+ JAVA
+ Javascript
+ Programming
Privacy Policy - Copyrights Notice - Feedback - Report Violation 2018 © BigHow