Router hijacked

System · November 5, 2019

This discussion was created from comments split from: Router was hijacked.

PleaseItMustStop · November 4, 2019

I’m living this RIGHT NOW as I type this.

All started around this time last year. My husband of a decade had moved out in October and was dead less than three months later. An “accident.” I won’t get into all the details since you’ll likely think I’m a little nuts.

I’m an IT professional. The number of routers, modems, etc. that I’ve been through.

screenshots galore, yet Comcast doesn’t want to look at them, my friends are sick of hearing about it.

here’s a screenshot of what is “in range” right now (just tried a clean reset a few hours ago. Was up to device #3 when all hell started to break loose again. I’m at a loss.

yes they called themselves fingbox and used my router IP of 10.0.0.1 somehow 🤷🏻‍♂️

help? 🤦🏻‍♂️

VioletChepil · November 5, 2019

@PleaseItMustStop - thanks for your comment, I've just opened a new thread on this for you over here. So we can look into your situation.
I'm sorry to hear about this and we'll do our best to help.

VioletChepil · November 5, 2019

Hi @PleaseItMustStop

The device you mentioned on which the brand is appearing as fingbox is actually this

MAC Address/OUI - 00:11:22
Vendor {Company} - CIMSYS Inc

Do you know any device by this vendor?

Our block feature makes the targeted device to believe our fingbox is the gateway of the network. In this way, the fingbox can receive the packet and discard it. Moreover, we make the target device to believe that its IP is owned by another device. All of these low-level techniques can be bypassed by a few seconds or minutes if the router put in place some anti-spoofing or similar techniques.To explain: When the device will try to connect to the router, then the device will be able to make the connection until the Fingbox is checking the Blocklist if the device is in the list or not. Only after checking that list, the device will be able to maintain the connection or get blocked from the network. This verification of the list might take up to few minutes and then Fingbox is able to block that device.

vulcansheart · November 10, 2019

My first instinct is you have a compromised device on your network that you may or may not own. I would start my disconnecting all WiFi devices, then work your way back by adding them one at a time spread out over the course of a half hour or so until you identify the device trying to pose as your gateway router.

If you disconnect all of your devices and the "imposter" still exists, then it's time to change your SSID and key.

Tocki · November 10, 2019

I don’t use the CPE offered by the ISP for several reasons. The cable modem/WiFi combo boxes perform poorly & cost $10/month. There’s two of the Top 10 reasons not to use your ISPs equipment.

I would recommend upgrading to better networking gear. And most importantly : flashing your router to DD-WRT type firmware. doing this will improve your network performance and security exponentially.

TP-Link makes good, affordable home WiFi gear - as does Ubiquity.

VioletChepil · November 11, 2019

@PleaseItMustStop let us know any comments on the above feedback and we can help further.

VioletChepil · November 19, 2019

@VABelle just going to split this one off into a new thread!

Router hijacked

Comments

Categories