Network sabotaged? Log Out | Lost Password? | Topics | Search
Contact | Register | My Profile | SO home | MOL home

M-SO Message Board » Technology & The Internet » Archive through January 25, 2006 » Network sabotaged? « Previous Next »

  Thread Originator Last Poster Posts Pages Last Post
  ClosedClosed: New threads not accepted on this page          

Author Message
Top of pagePrevious messageNext messageBottom of page Link to this message

sac
Supporter
Username: Sac

Post Number: 3003
Registered: 5-2001
Posted on Tuesday, January 3, 2006 - 9:08 am:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

I'm trying to figure out if my family's computers have been victimized by a virus or a program change in one of our operating software products or ????

Over the weekend, one of our computers suddenly lost its network access. So, no Internet and no access to the other computers or network printers we have. That particular computer was having some other problems so we thought that they were all related. Then, within a few hours, another computer (mine!) suddenly lost connectivity. After some sleuthing on both computers we discovered that the IP and DNS addresses were incorrect in the network settings. After manually resetting the addresses (where before the setting had been to automatically obtain them), we were back up and running. One of the other computers was still working fine, as before, with the setting to automatically obtain the addresses. Then, the next day, that computer had the same problem.

We are working "fine" now, with all of the IP/DNS addresses now explicitly set in the network properties, but can't figure out what may have caused this or why it happened when it did in the way that it did.

I will note that my computer's loss of connectivity occurred at the exact moment that I pressed "OK" on a Norton Internet Security warning screen that wanted me to confirm that it was OK for Outlook to access the Internet. (I was downloading email at the time, so it needed to be OK.)

As noted, we do have Norton installed for the firewall as well as antivirus. The definitions are continuously updated automatically and the auto-protect is enabled.

All three of the computers in question are running Windows XP Pro and we have a Linksys router and Linksys network switch.

Do any of the experts in MOL-land have suggestions on what happened and whether we still need to be concerned or can just continue as now configured?
Top of pagePrevious messageNext messageBottom of page Link to this message

growler
Citizen
Username: Growler

Post Number: 872
Registered: 11-2001


Posted on Tuesday, January 3, 2006 - 10:34 am:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

That's weird. Our Linksys router coughed up a big hairball over the weekend too. Same thing. Total loss of network access. I too had to reset the router with the IP addresses and DNS. I think it may have to with Norton, as on both computers, the laptop and desktop, there is a pop up to remind me to renew the virus protection. However both computers have had a complete virus scan and we use Zone Alarm for firewall protection.

Sleuth on MOL!
Top of pagePrevious messageNext messageBottom of page Link to this message

Tom Reingold
Supporter
Username: Noglider

Post Number: 11701
Registered: 1-2003


Posted on Tuesday, January 3, 2006 - 10:38 am:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

Your router hands out network addresses. Congratulations on figuring out what addresses to take, but I would suspect the router failed to assign addresses for some reason. You may want to reset it to factory defaults. The procedure for that is in the manual.

But before you do it, poke around on the administrative web interface. See if it thinks it has assigned IP addresses. The protocol is called DHCP (dynamic host configuration protocol).
Top of pagePrevious messageNext messageBottom of page Link to this message

Tom Reingold
Supporter
Username: Noglider

Post Number: 11702
Registered: 1-2003


Posted on Tuesday, January 3, 2006 - 10:39 am:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

Hmm, I just realized that there some security vulnerabilities. Maybe some evil program out there is scanning for and invading home routers. Update the firmware!
Top of pagePrevious messageNext messageBottom of page Link to this message

sac
Supporter
Username: Sac

Post Number: 3004
Registered: 5-2001
Posted on Tuesday, January 3, 2006 - 1:26 pm:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

Tom - I think the only thing that saved us on figuring out the addresses was the fact that the one computer was still working for awhile so we could look at its configuration. We knew that the only part of the address that differed for the various computers was the last digit and we also knew the range for that last digit was 1-20. Once we figured out the addresses of the two printers and the still-working computer, we were able to assign free addresses to the other computers. And, I had the presence of mind to print those screens and record what I had done in a file which proved handy when the other computer went belly-up the next day.

I'll share the information from this thread with my spouse this evening and let him play with the router
Top of pagePrevious messageNext messageBottom of page Link to this message

Dave
Supporter
Username: Dave

Post Number: 8257
Registered: 4-1997


Posted on Tuesday, January 3, 2006 - 1:47 pm:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

Kind of sounds like the Blaster.D worm or a mutation thereof.
Top of pagePrevious messageNext messageBottom of page Link to this message

sac
Supporter
Username: Sac

Post Number: 3005
Registered: 5-2001
Posted on Tuesday, January 3, 2006 - 5:09 pm:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

Well, I updated Norton and then ran a complete scan of my system and it didn't turn up anything. Does Blaster.D evade those virus scans?

Top of pagePrevious messageNext messageBottom of page Link to this message

Case
Citizen
Username: Case

Post Number: 951
Registered: 2-2005
Posted on Tuesday, January 3, 2006 - 7:36 pm:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

Try this:

http://www.trendmicro.com/cwshredder/

http://housecall.trendmicro.com/

If you like, you can run this program and post the "logfile" that it creates - please do not make any registry changes, though... bad things can happen:

http://www.majorgeeks.com/download3155.html




Top of pagePrevious messageNext messageBottom of page Link to this message

Dave
Supporter
Username: Dave

Post Number: 8259
Registered: 4-1997


Posted on Tuesday, January 3, 2006 - 9:22 pm:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

There's a new security exploit in Windows and there's nothing you can do about it for the moment other than stop accessing the internet until Jan. 10.

http://www.wired.com/news/technology/0,69953-0.html?tw=rss.technology


(insert obligatory buy a Mac next time statement)
Top of pagePrevious messageNext messageBottom of page Link to this message

Gatica
Citizen
Username: Katracho

Post Number: 218
Registered: 11-2002


Posted on Tuesday, January 3, 2006 - 9:35 pm:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

Also check that the firmware on your router is the latest revision. Go to the manufacturer's web site and it should be under "support/downloads" or something to that effect.
Top of pagePrevious messageNext messageBottom of page Link to this message

TarPit Coder
Citizen
Username: Tarpitcoder

Post Number: 3
Registered: 12-2004
Posted on Friday, January 6, 2006 - 8:29 am:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

If your running a WRT54G or GS Linksys the older firmware has some issues where it will ocasionally just stop giving out DHCP addresses over the wireless interface. The Wired interface seemed OK.

I've never spent enough time finding this intermittent fault - but you definately want to think about running the latest firmware.

If you *ARE* running a Linksys WRT54G/GS then there's some decent open-source firmware out there (They use Linux in them).

If your running a linksys BEFW11S4 (Look on bottom of unit) - Ive also seen a problem where if you run too much VPN traffic thru it it seems to slow down and slow down and then eventually start moving at a crawl.

Best quick fix for both of these is to just pop the power plug out the back of the unit for say 10 seconds and pop it back in.

RE WMF Exploit:

Make sure your patched for the Microsoft WMF exploit. It's really a *BAD* one. I've been watching this since last year - I actually installed the unofficial patches on my home boxes because MS took so long to release the official patch.

The worst thing about the latest WMF exploit is that you can't be sure to pick it up with a virus scanner - even with the latest signatures installed. It's possible to craft the exploit in a whole bunch of ways - with a whole bunch of extensions (It doesnt have to be WMF)

Anyway - Microsoft really dropped the ball on this one - and were extremely lucky that more machines didn't get exploited. The IT security industry was screaming at them to get with it.

So if you haven't done it yet - first thing to do is to patch those windows boxes from windows update.

WMF Exploit details:

http://www.kb.cert.org/vuls/id/181038

http://www.incidents.org

--Tarp
Top of pagePrevious messageNext messageBottom of page Link to this message

Tom Reingold
Supporter
Username: Noglider

Post Number: 11808
Registered: 1-2003


Posted on Friday, January 6, 2006 - 10:22 am:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

Welcome to MOL, TarPit Coder!
Top of pagePrevious messageNext messageBottom of page Link to this message

TarPit Coder
Citizen
Username: Tarpitcoder

Post Number: 9
Registered: 12-2004
Posted on Friday, January 6, 2006 - 11:17 am:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

Thanks Tom. Good to be here mate.
Top of pagePrevious messageNext messageBottom of page Link to this message

LazyDog
Citizen
Username: Lazydog

Post Number: 107
Registered: 6-2005


Posted on Friday, January 6, 2006 - 5:45 pm:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

Similar problem a couple of days ago with Linsys WRT54G. Two wired Win PC's are fine. Win XP laptop was disconnecting every couple of minutes. Reconnect and everything was OK, again just for a few mins. On my Powerbook, the wireless network connection was lost completely. After investigating, the router settings had changed !! The SSID had returned to its default "linksys ..." and the security mode had changed to WPA-2 from WEP. Changing security back to WEP and reentering full security keyword/password on Mac did the trick. The only thing I could determine that MIGHT be an issue (I do have Norton on 3 PC's but not on the Mac, and no updates around time of incident) was that the digital cable TV signal was cutting out continually around same time. Don't know if maybe the modem took a hit that somehow !@#$% the router. However, alls well at the moment.
Top of pagePrevious messageNext messageBottom of page Link to this message

monster
Supporter
Username: Monster

Post Number: 1836
Registered: 7-2002


Posted on Saturday, January 7, 2006 - 3:27 pm:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

It's your ISP provider, COmcast was doing this a couple of years ago too...
Top of pagePrevious messageNext messageBottom of page Link to this message

Grrrrrrrrrrr
Citizen
Username: Oldsctls67

Post Number: 194
Registered: 11-2002
Posted on Wednesday, January 11, 2006 - 11:11 pm:   Edit PostDelete PostPrint Post   Move Post (Moderator/Admin Only)

If you ever need to know the ip address of a particular computer, go to the dos prompt and type in the command: ipconfig.

Topics | Last Day | Last Week | Tree View | Search | User List | Help/Instructions | Credits Administration