Protect yourself online
kennyhendrick's profile

Teacher

 • 

13 Messages

Monday, November 6th, 2017 7:16 AM

Hijacked ?

ARE YOU SEEING "HIJACKED" in your router logs?  
 
I made 6 videos that recorded the activities of the Att router, the following might help you to determine the source of your hijack problem.
 
TRY THIS:
 
First delete all your logs!
 
Disconnect your phone line from the router/modem provided by our trusted internet provider (you should now have absolutely no ties to the ip provider).
 
Go ahead and take your time to wait for the computer to be able to access the control system by logging into the router as you normally would (usually 192.168.1.254).
 
Delete all your logs again.
 
 
Without connecting to the phone line that brings service to your router, Restore the router to factory, either by using the reset button on the back of the router, or by waiting for the unit to allow you to log into it and choosing reset from within the software.
 
 
Check the logs (they should be completely empty), if not delete them again.
 
 
The router/modem takes quite a long time so be patient and just wait till you get a couple of red lights indicating no service (I have two lines coming in).
 
Go ahead and change your password and add the extra precautionary measures that you might ordinarily do with your trusted portal (for me it is time to open ports and assign a computer to those ports).....be sure to try this test with several computers that have been restored to factory (I was so amazed at what I found that the test was repeated over and over using two distributions of linux on two separate machines, then a virtual disc, then a windows machine, then a mac).   The results were identical.   The router is a trojan horse and we can rule out op sys or manufacturer of computer.
 
Now look at your logs.  You're not connected to the internet provider so how is it coming back with HIJACKED firefox and the other warnings?   The problem was that I wasn't even using firefox throughout all my testing (midori, safari, opera, chromium, internet explorer, and firefox yielded same results when watching the logs).   PLEASE NOTE, DON'T WATCH THE LOGS....WALK AWAY AFTER CHANGING YOUR USUAL SETTINGS AND GIVE IT A FEW MINUTES MORE.
 
 
DO YOU SEE HIJACKED/PHONE-HOME PROGRAM RUNNING EVEN THOUGH YOU AREN'T CONNECTED TO THE INTERNET PROVIDER?!
 
I did.
 
So I took 4-6 hours duplicating over and over via software and then via the restore button on the back of the att provided trojan horse modem and to my surprise. The router is the hijack.
 

Teacher

 • 

13 Messages

5 years ago

Interestingly, the modem rebooted all by itself after posting the aforementioned post.  

 

After checking out the logs, wow, a whole new array of data but was relieved to find that at&t bothered to :

5268.install:  xxxxxx

 

WOW, A WHOLE SET OF NEW CONTROLS IN THE UPGRADE FIRMWARE!!!  Firewall rules just like we use in our computers via iptables!!  (now I can chase that rabbit)  Okay, I'll hold off publishing the videos (videos don't lie).  Your techs can come out and watch the videos if you question my word.   I had formerly planned on editing the long-dragged out videos into one compilation (taking out the time to wait for the router to reboot, reset, blah blah blah).

 

Thanks!   It's about time.

Teacher

 • 

13 Messages

5 years ago

Well this thread is probably on selected mute, but thought it mindful to at least attempt to offer some information that might aid the next person that might slip through to work on a better system (of monitoring, if nothing else).

 

So either AT&T edited remotely my rented busted hijacked modem (LOL) or whomever had control of it decided to lay back for a spell (whether it be a hacker or disgruntled employee or our neo-governmental embedded control units, etc.).

 

In any event here is what has transpired since I first made this post concerning the hijacked modem (or a modem with a selective operator, whether ported or otherwise).

1.) The modem did in fact seem to have an immediate effect and since I cannot read the logs for the particular unit  following whomever remotely edited the modem, the mouse on my server flowed freely (as if I were not pushing a mouse here....and the observers remote screen).

2.) Although I stated that ipv6 is religiously turned off (and it is), it is on.   I no longer need a proxy to access local machines or the server, etc.

3.) The wireless light no longer is on (yet I have full wireless access).

4.) The number of logs showing either: "Drop Unknown Incoming Packet" or the usual outrageous number of "Port Scan"'s immediately discontinued entirely, then resumed about 5hours later but at a MUCH less frequent occurrence.

5.)  The injection of malware/spyware elements into my infrequent downloads of various operating systems and files has apparently discontinued (file hashes/checksums are matching now).

 

I think it's time to develop another stripped-down linux router soon (which I had formerly been utilizing prior to At&t with that elusive TimeWarner/Spec...whatever they're calling themselves these days monopoly).   However since I have the AT&T modem and its hardware, it might be time to look into something more....possibly a modem.   Since the software inside the unit is bsd/linux already (with a minimal of proprietary controls), it's possible to trick the system to allow connection (but probably not likely to trick any observers who suddenly haven't any remote access to the unit anymore).

 

Please note, I am NOT complaining.  This is par for the course when our choices are controlled and limited (in other words, if I'm the only computer repair tech allowed to service an area, YOU WILL pay whatever price I charge and you WILL be subject to a potential control population....you will be in my test-tube so-to-speak).

 

My guess is whatever might have been going on remotely found me to be too boring to monitor (America's Least Wanted?).

 

ooga

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.