I keep deleting different devices in my Fing account

Sally99
Sally99 Member Posts: 30
10 Comments
edited March 30, 2021 in Fing App #1

Doesn’t matter if I delete them it doesn’t even matter they just keep coming back immediately why is this happening


Best Answer

  • Scooby
    Scooby Member Posts: 178
    25 Answers 100 Comments 25 Awesomes 25 Likes
    ✭✭✭
    edited March 28, 2021 #2 Accepted Answer
    It appears you may have connected to your own, or a neighbors Xfinity WiFi Home Hotspot:

    As a Comcast Xfinity subscriber/customer, the Xfinity WiFi Home Hotspot is enabled, by default, with your modem/router, and is separate from your "home" network and is seen as "xfinitywifi". It is not a fake access point. You may have connected to it, when you factory reset your router. Note, the gateway for the "xfinitywifi" network you are connected to is 10.240.0.1, which is completely different from your "morningTea" network, which is 10.0.0.1. Anyone and everyone can connect to the "xfinitywifi" hotspot. If you use Fing to scan for devices, while connected to "xfinitywifi", it will display the devices of anyone who is currently connected to it. Again, the "xfinitywifi" network is not connected with your home network, so those devices are not on your home network.

    Here is a link to the Arris TG1682G moden/router you appear to have:
    Page 23 shows where to find, on your modem/router, your default SSIDs and password to connect. When you factory reset your modem/router, it will default back to those settings. Are you seeing those SSIDs? If so, are you able to connect to them with the default password? If you are, then see if you can connect to 10.0.0.1, and change your modem/router's settings.


    SRP

Answers

  • KGale
    KGale Member Posts: 2
    First Comment
    edited March 26, 2021 #3

    Hi,

    Your device is being controlled by a hacker that has access to your router...it is called internet router hacking.….. Comcast should have a router page for you to view...study the pages......

    Sally99
  • Sally99
    Sally99 Member Posts: 30
    10 Comments

    There is a router page 10.0.0.1 but it’s saying my password isn’t correct. I keep resetting the router but apparently it’s not correctly resetting??? And how come Comcast don’t care that this is happening. Btw. I’m the one who named the device if you look closely ones called feds. I called it that so I could know I don’t believe it’s me so who ever these people are I believe there on a device called a surfboard by the MAC address

  • SRP
    SRP LAMember Posts: 117
    100 Comments 25 Agrees 25 Likes 5 Awesomes
    ✭✭✭
    edited March 27, 2021 #5
    Hi @Sally99, Do you have physical access to your Arris TG1682G modem/Wi-Fi Router? This is connected to the cable from your ISP.

    I’m not sure if the modem/router identified in your scans is an Arris TG1682G but if Fing has correctly identified it here’s a link to the user manual. https://www.cox.com/content/dam/cox/residential/support/internet/print_media/TG1682G_UsersGuide.pdf

    If the answer is ‘yes, that’s my device’, then have you factory reset the modem/router using the recessed button at the back?

    Regardless, assuming this is in fact your device, in order to hopefully resolve your issues I’d try the following. I’m not familiar with the specifics of this Arris router, it’s features or web interface but you should be able to figure out how to achieve most of the steps below I hope. Not all of these may be available to you but I’ll note the ones that are critical IMO. If you have a different modem/router model you should be able to ascertain all the things you’ll need like default local IP address, default admin username and password, default Wi-Fi SSIDs and passwords and how to manually hard reset by searching for this information your particular device and model online before attempting any of this. Substitute those details into the steps below,

    Disconnect the WAN cable connection from your modem/router. This is the one that screws in. From your scan it doesn’t appear that you have any wired LAN devices connected to this router but if you do disconnect these too.

    Check the base of the router and you should see a sticker with the default router admin and login password, plus additionally the names of the default 2.4GHz and 5GHz network SSID names and a default Wi-Fi password sometimes written as a pre-shared key. If the answer to these questions is yes then reset the Arris using the hard reset button and a paper clip, You often have to hold this down for quite a few seconds to perform a factory reset, according to the manual for the Arris it is 15 seconds. If you have a different model follow the instructions on hard resetting you found online.

    The next step is to connect a PC, phone or tablet to the reset modem/router., via cable or Wi-Fi to the default SSID. If it’s a Wi-Fi device remember the SSID and connection password will have now reset to the factory defaults (in the case of the Arris these are on the base sticker - if not, they’re the ones you noted from your prior online search).

    Open a web browser and type the default local IP address of your modem/router into the address field to get to your router’s web interface. In the case of the Arris this is 10.0.0.1 - if another modem/router the default IP address from your online search. 

    Log in using the default admin username and password for the router (on the base sticker if the Arris - from prior web search if not).

    Step 1. Reset the admin username and password using a strong password (one from a password generator that’s resistant to brute force attacks) immediately. Critical IMO. 

    Step 2, if your router allows you to turn on/off UPnP turn this off (any modern router should provide this functionality) - your’e doing this lest unbeknownst to you one of your devices is connecting with the remote intruder to transfer information via opening a UPnP connection or this is how the remote device is getting onto your network. Turning off UPnP is vitally critical IMO.

    Step 3,  reset all the default Wi-Fi SSID names and passwords using strong passwords from a password generator. Use at least WPA2 - WPA3 if your router allows it. If you’re connected via Wi-Fi then this step will disconnect you and you’ll need to reconnect using the new SSID name and password and login to the modem/router again using all the new usernames and passwords you set to continue down the list. This is critical too because they’re now in their default state following the reset.

    Step 4, if you know the MAC address of all your trusted devices turn on MAC address filtering/Access control and enter these as allowed devices and block all others, Critical in your case too I think if your router provides this (it should) because you want to block out the remote device from your previous scans.

    Step 5, if your router has a firewall turn it on. Critical.

    Step 6, change your WAN IP address assigned by your ISP if you can. These are usually assigned dynamically so if you leave your WAN connection disconnected and powered off long enough you’ll often be reassigned a new one, it just depends on the ISP. If you don’t get allocated a new one, try contacting your ISP and asking them to change the one assigned to you if not. This could be critical in your case because your public IP address is potentially a part of the access route into your system for the remote device although some of the other steps above will hopefully already have blocked the path.

    Step 7, if your router has a built in VPN turn it on (note this can slightly impact your average DL/UL speeds because of encryption and the extra internet hops involved but if security is your main concern then that’s a trade off you’ll likely make).

    Step 8, plug back in the WAN and check that you have access to the internet. You might be lucky and be allocated a new IP address for your ISP as described in step 6 in the time you’ve been disconnected depending upon your ISPs IP address lease time. You probably want to perform a reboot of your modem/router at this point. If it’s the Arris short press the reset button at the back as described in the manual link.

    Step 9, Now the internet is back log back into the router’s web interface using the new admin username and password you set in Step 1 and ensure your router’s firmware is up to date. Critical IMO.

    Step 10, run Fing and check to see if the rogue device is no longer there. Hopefully, it’s no longer connected.

    Step 11. Change any login and passwords using strong passwords from a password generator for each of your network devices, run trusted anti-virus software on any PC, tablet or phone, and reconnect them to the router one at a time checking they function as expected. You might want to run Fing after each additional reconnection to see if the rogue device appears at any step. Remember Wi-Fi devices will need to use the new SSID and password you set in Step 3. :)

    Step 12. Make sure you’re running the latest OS and security updates on any PC, phone or tablet. 

    Step 13, related to step 12 as a general practice once you connect any device back to the internet that isn’t a PC. tablet or phone make sure you have the latest firmware installed on this device to plug known vulnerabilities - search online for how to achieve this for each device.

    Step 14, if your local network topology has other routers or access points in it you probably want to repeat the router based steps above for each of these. Some of the features won’t likely be available depending on whether you’re running routers in AP mode or if they’re basic APs - like UPnP and firewall, for example.

    Step 15 run Fing regularly to check the remote device hasn’t reappeared.

    By turning off UPnP you may find you need to add port forwarding rules to your root router for some of your devices in order for these to function correctly once you’ve done all this. This will entail assigning fixed IP addresses to devices that require port forwarding. However, most device manufacturers that require certain ports be open in order to function correctly provide information on how to do this online. 

    I hope this makes sense and is helpful to you.

    Good luck.

    S.
  • Sally99
    Sally99 Member Posts: 30
    10 Comments
    Let me start off by saying that I only have one Wi-Fi name I used to have more than one but I realized it was too hard to keep up with the Intruder how did you different names so I have one name for both the 2.5 in the five next going to say I always change the password I always change the name I always reset the router it's an everyday basic thing I just do I gave up on doing it honestly I didn't do any good actually I've been trying to reset it for a few days now and it won't reset I pushed paper cup in the back sometimes for 2 minutes straight and it still won't reset part of me if any of this does not look right or isn't isn't said right I did talk to text also let me let you know I was in the middle of reading your comment I was connected to supposably Xfinity I've known for a long time that there's a fake Xfinity out here actually right in my neighborhood apparently because I've downloaded apps that told me I wasn't on Xfinity's I was on AT&T tower there's lots of reasons why I say I've known for a while but I'll show you some screenshots that just now. Appeared
  • Sally99
    Sally99 Member Posts: 30
    10 Comments
    Sally99 said:
    Let me start off by saying that I only have one Wi-Fi name I used to have more than one but I realized it was too hard to keep up with the Intruder how did you different names so I have one name for both the 2.5 in the five next going to say I always change the password I always change the name I always reset the router it's an everyday basic thing I just do I gave up on doing it honestly I didn't do any good actually I've been trying to reset it for a few days now and it won't reset I pushed paper cup in the back sometimes for 2 minutes straight and it still won't reset part of me if any of this does not look right or isn't isn't said right I did talk to text also let me let you know I was in the middle of reading your comment I was connected to supposably Xfinity I've known for a long time that there's a fake Xfinity out here actually right in my neighborhood apparently because I've downloaded apps that told me I wasn't on Xfinity's I was on AT&T tower there's lots of reasons why I say I've known for a while but I'll show you some screenshots that just now. Appeared

  • Sally99
    Sally99 Member Posts: 30
    10 Comments

  • SRP
    SRP LAMember Posts: 117
    100 Comments 25 Agrees 25 Likes 5 Awesomes
    ✭✭✭
    edited March 28, 2021 #9
    Hi @Sally99,
    I assume the modem/router that now has a faulty hardware reset switch is provided by your ISP, correct? If so, you’re likely paying a monthly rental fee for it and the ISP should immediately send you a replacement if it is faulty. If you are now locked out of the web interface of your modem/router by a username and password you did not set then use of the factory reset button on the back is the only other way I know of to factory reset the device. I know many ISPs can send a soft reboot signal to their hardware remotely but I’ve not heard of one being able to factory reset it, perhaps they can?

    When you reset the router in the past are you saying you reset the admin and user password for the router as well as the Wi-Fi SSIDs and passwords too? Did you do the other steps such as disconnecting the WAN cable first, disabling UPnP, turning on a firewall, blocking MAC addresses, flashing the firmware etc? 

    Regardless, it sounds like you need to get a new modem/router from your ISP as a next step.

    As to the other screenshots they look like unprotected local Wi-Fi SSIDs you seem to have joined which is never good. Perhaps you’ve joined them in error before and your phone is now switching to them occasionally. I’d go into your phone Wi-Fi settings and delete any record of a Wi-Fi you don’t own or trust completely.

    Again I hope this helps.

    S.
    Sally99
  • SRP
    SRP LAMember Posts: 117
    100 Comments 25 Agrees 25 Likes 5 Awesomes
    ✭✭✭
    edited March 29, 2021 #10

    That's wild @Scooby. They ship their modem/routers with a totally open 'guest' Wi-Fi SSID turned on by default, albeit on a different subnet, that anyone can join? Can you only turn that on/off at the account level from an app, not rename it or encrypt it?

    I can only imagine how many Xfinity routers are getting mooched off out there...

    I was intrigued enough to look into this devilry. It turns out only existing Xfinity customers can mooch off your service. If you're not an existing customer, Xfinity sells 'covenient' tiered packages to allow temporary access to the bandwidth of their paying customers without giving those folks a discount when their service is used. That's some double dipping corporate chicanery! :)

    I'd turn that off straight away personally.

  • Sally99
    Sally99 Member Posts: 30
    10 Comments

    I changed my wifi name and password. Didnt do any good.

    Actually those are my devices all logged in. Btw I finally got the router to reset. Its the Xfinity voice modem/ router all built into 1. I know for a fact they're aware of what's going on they don't care. Every now and then I'll see in my app ty for your purchase. And be ready for your installation today blabla bla but I confront them they transfer me to and 5 diff people one after another. Recently they hang up on me. Bs. The last device n this pic is the xtra router. Oh yeah check out my 10 dollar a month internet speed. Sometimes I see it in the 800 how???? And usually we use at least 2000 gigs easily a month. Well 2 months ago we used 50. This month 450. Whatecer that can't even be cl ok so to a good like. Wtf ever

  • Sally99
    Sally99 Member Posts: 30
    10 Comments


  • Sally99
    Sally99 Member Posts: 30
    10 Comments

    That's like 2 weeks ago


  • SRP
    SRP LAMember Posts: 117
    100 Comments 25 Agrees 25 Likes 5 Awesomes
    ✭✭✭

    @Sally99 Congratulations on getting the modem/router to reset! :)

    I see you changed the Wi-Fi passwords and SSIDs. Did you also change the router login/password too?

    I don't believe the device you're worried about is connected to your network via Wi-Fi because your trace route to the device had multiple hops involved. Local devices on Wi-Fi or local cable involve a single hop. The fact I believe it is remote is why I recommended disconnecting your WAN cable while you reset all the network steps I mentioned before. If you've got no connection to the broader internet then no remote device can reach your network via the cable.

    If the attack is remote then the steps around protecting your router from afar are crucial. Sorry to sound like a broken record but...turn UPnP off to block any unauthorized opening of ports (the router factory reset should have got rid of any existing port forwarding rules but check none of these are still running), turn the firewall on, use a VPN if the router has one built in, block any MAC addresses bar trusted ones especially this questioned device, block access to your router settings page with strong passwords and flash your router's firmware to the latest version to ensure any attacker hasn't installed their own firmware with a backdoor into your system and close any vulnerability that the older firmware may have. If you can get Xfinity to assign you a new WAN ISP number that would be awesome too. It sounds like their customer service is a real pain but persevere.

    Wishing you continued good luck.

    S.

  • Sally99
    Sally99 Member Posts: 30
    10 Comments

    Thanks For everybody’s help I appreciate it yes I reset it yes I’ve change passwords just have change names yes I’ve change change change just save and plug things yes I plug them back in yes I reset the admin page nothing is going to work our Xfinity accidentally admitted to me during a chat that I had another router in my network he actually told me I need to bring it back up to the local UPS store because I’m going to get charged very heavy charges apparently he thought he was talking to the person the only other Router because he basically told Me that I need to get my Xfinity bE3or something I need to get it back at the UPS store immediately and return it I’m thinking what. Wow I new it this whole dang time I new it. I didn’t know what else to say so I just said OK have a good day so what’s going on I’m creeped out bad I can’t handle it I’m bout to just get the crap disconnected but my kids need it for e-learning

  • Sally99
    Sally99 Member Posts: 30
    10 Comments

    But yes I will try the steps above maybe that will help thank you very much it’s gonna be hard for me to do it because I’m not a professional this but I will try at least