Man in the middle attack - now what?

VABelleVABelle Member Posts: 59
10 Comments First Anniversary 5 Likes Name Dropper
✭✭

I spent, literally, all day yesterday resetting my router to factory & changing passwords, etc. It was no time flat before Fing notified me that my router had changed & asked me to “trust it.” Although I have the intruder’s device blocked, I don’t believe it really is. My cameras are offline; Fing is reporting them as being in range. Fing is reporting my Xfinity Xfi router/modem as being in range, then offline, like a constant battle of the wills as the true router tries to go back online.

I’m grateful for the notification & awareness of the attack but what now? I could reset everything but this intruder obviously has some powerful hacking code to break through all of this so-called security.

Answers

  • ProTecKProTecK Member Posts: 53
    10 Comments First Anniversary 5 Agrees First Answer
    ✭✭

    You would need to be a whole lot more specific about what devices you have on your network, how they are interconnected and at what point you are getting this warning. My gut feeling tells me you have duplicate services running on your network and they are causing problems without any outside help.

    Ciaran
  • VABelleVABelle Member Posts: 59
    10 Comments First Anniversary 5 Likes Name Dropper
    ✭✭
    I suspect the same, as in an unauthorized device has been installed SOMEWHERE and is re-routing my network traffic. I have Comcast's Xfi router, Fingbox, and a few Amazon devices like Echo Dot, Echo Show and two smart plugs.
  • ScoobyScooby Member Posts: 151
    100 Comments 25 Awesomes 25 Likes 5 Answers
    ✭✭✭
    I have a feeling it has to do with you factory resetting your router. As you have a Fingbox, it was connected to your "old" network, and it "remembers" all of the information from it. When you factory reset your router, and renamed the network to something else, the Fingbox "sees" it as a new network. It doesn't know you factory reset your router. As the "new" network has a similar name, and is using the same MAC address as the "old" network, the Fingbox may believe it is a "man-in-the-middle" attack, even though it isn't. I think your Fingbox is "confused", as it is still remembering information from the "old' network, and could be why it "thinks" the cameras are online, even though they aren't, and why your Xfinity Xfi router/modem as being in range, then offline - it can't tell the difference between the "old" network and the "new" one. Unfortunately, I don't have a Fingbox (I just use the app), but maybe @Robin may have some information for how to reset the Fingbox, after a router factory reset.
  • RobinRobin Administrator Posts: 3,121
    2500 Comments 100 Answers 250 Likes 100 Awesomes
    admin
    Hi @Scooby

    To reset your Fingbox to a new network, follow these simple steps:

    • Locate the network name in the middle of the top bar of the screen – click on the drop-down arrow next to this.
    • This will take you through to the My Networks screen which contains a list of all your networks.
    • Swipe left on the Network or long hold the network with the Fingbox on it and click on the Deactivate that appears. This will remove the network you have already configured, freeing up Fingbox to be assigned to a new network.
    • After you have deactivated the Fingbox, you will be able to connect the box to the new network you’d like it to be on. 
    • You can press the reset button for 10 secs and then Fingbox will delete all the information and will be factory reset.
    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
  • RobinRobin Administrator Posts: 3,121
    2500 Comments 100 Answers 250 Likes 100 Awesomes
    admin
    Hi @VABelle
    Thanks for your post. In order to address your query, We have come to realize that if you have multiple access points and if some devices are connected with both then you might find these kinds of alerts. Even if the new device get connected to a different access point and Fingbox is connected to another access point, then Fingbox will detect it as some other access point is redirecting the traffic and thus giving you with an alert. Every router has multiple network interface cards which is the reason, routers are able to provide multiple frequencies(2.4 Ghz and 5Ghz). These are different access points that have their own MAC address(BSSID). And I believe the traffic is being re-routed by either another access point or different frequency.

    I would like you to follow these steps: 

     

    1) Turn off the router/extenders and Fingbox 

    2) Wait for a minute or two. 

    3) Make the connection of Fingbox with the router directly if not done already. If you are using an extender/switch, then make the connection with it. 

    4) Only Turn on the router and then wait for another minute or Two. 

    5) Turn on the other network device like Switch/Extenders and then wait for a minute or two. 

    6) Turn on the Fingbox and then re-install the Fing App after clearing up the cache as well. 

    7) Sign in with the Fing App 

    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
Sign In or Register to comment.