Network sabotaged?

Log Out | Lost Password? | Topics | Search Contact | Register | My Profile | SO home | MOL home

Thread Originator Last Poster Posts Pages Last Post   Closed: New threads not accepted on this page

Author Message   sac Supporter Username: Sac Post Number: 3003 Registered: 5-2001 Posted on Tuesday, January 3, 2006 - 9:08 am:        I'm trying to figure out if my family's computers have been victimized by a virus or a program change in one of our operating software products or ???? Over the weekend, one of our computers suddenly lost its network access. So, no Internet and no access to the other computers or network printers we have. That particular computer was having some other problems so we thought that they were all related. Then, within a few hours, another computer (mine!) suddenly lost connectivity. After some sleuthing on both computers we discovered that the IP and DNS addresses were incorrect in the network settings. After manually resetting the addresses (where before the setting had been to automatically obtain them), we were back up and running. One of the other computers was still working fine, as before, with the setting to automatically obtain the addresses. Then, the next day, that computer had the same problem. We are working "fine" now, with all of the IP/DNS addresses now explicitly set in the network properties, but can't figure out what may have caused this or why it happened when it did in the way that it did. I will note that my computer's loss of connectivity occurred at the exact moment that I pressed "OK" on a Norton Internet Security warning screen that wanted me to confirm that it was OK for Outlook to access the Internet. (I was downloading email at the time, so it needed to be OK.) As noted, we do have Norton installed for the firewall as well as antivirus. The definitions are continuously updated automatically and the auto-protect is enabled. All three of the computers in question are running Windows XP Pro and we have a Linksys router and Linksys network switch. Do any of the experts in MOL-land have suggestions on what happened and whether we still need to be concerned or can just continue as now configured?   growler Citizen Username: Growler Post Number: 872 Registered: 11-2001 Posted on Tuesday, January 3, 2006 - 10:34 am:        That's weird. Our Linksys router coughed up a big hairball over the weekend too. Same thing. Total loss of network access. I too had to reset the router with the IP addresses and DNS. I think it may have to with Norton, as on both computers, the laptop and desktop, there is a pop up to remind me to renew the virus protection. However both computers have had a complete virus scan and we use Zone Alarm for firewall protection. Sleuth on MOL!   Tom Reingold Supporter Username: Noglider Post Number: 11701 Registered: 1-2003 Posted on Tuesday, January 3, 2006 - 10:38 am:        Your router hands out network addresses. Congratulations on figuring out what addresses to take, but I would suspect the router failed to assign addresses for some reason. You may want to reset it to factory defaults. The procedure for that is in the manual. But before you do it, poke around on the administrative web interface. See if it thinks it has assigned IP addresses. The protocol is called DHCP (dynamic host configuration protocol).   Tom Reingold Supporter Username: Noglider Post Number: 11702 Registered: 1-2003 Posted on Tuesday, January 3, 2006 - 10:39 am:        Hmm, I just realized that there some security vulnerabilities. Maybe some evil program out there is scanning for and invading home routers. Update the firmware!   sac Supporter Username: Sac Post Number: 3004 Registered: 5-2001 Posted on Tuesday, January 3, 2006 - 1:26 pm:        Tom - I think the only thing that saved us on figuring out the addresses was the fact that the one computer was still working for awhile so we could look at its configuration. We knew that the only part of the address that differed for the various computers was the last digit and we also knew the range for that last digit was 1-20. Once we figured out the addresses of the two printers and the still-working computer, we were able to assign free addresses to the other computers. And, I had the presence of mind to print those screens and record what I had done in a file which proved handy when the other computer went belly-up the next day. I'll share the information from this thread with my spouse this evening and let him play with the router   Dave Supporter Username: Dave Post Number: 8257 Registered: 4-1997 Posted on Tuesday, January 3, 2006 - 1:47 pm:        Kind of sounds like the Blaster.D worm or a mutation thereof.   sac Supporter Username: Sac Post Number: 3005 Registered: 5-2001 Posted on Tuesday, January 3, 2006 - 5:09 pm:        Well, I updated Norton and then ran a complete scan of my system and it didn't turn up anything. Does Blaster.D evade those virus scans?   Case Citizen Username: Case Post Number: 951 Registered: 2-2005 Posted on Tuesday, January 3, 2006 - 7:36 pm:        Try this: http://www.trendmicro.com/cwshredder/ http://housecall.trendmicro.com/ If you like, you can run this program and post the "logfile" that it creates - please do not make any registry changes, though... bad things can happen: http://www.majorgeeks.com/download3155.html   Dave Supporter Username: Dave Post Number: 8259 Registered: 4-1997 Posted on Tuesday, January 3, 2006 - 9:22 pm:        There's a new security exploit in Windows and there's nothing you can do about it for the moment other than stop accessing the internet until Jan. 10. http://www.wired.com/news/technology/0,69953-0.html?tw=rss.technology (insert obligatory buy a Mac next time statement)   Gatica Citizen Username: Katracho Post Number: 218 Registered: 11-2002 Posted on Tuesday, January 3, 2006 - 9:35 pm:        Also check that the firmware on your router is the latest revision. Go to the manufacturer's web site and it should be under "support/downloads" or something to that effect.   TarPit Coder Citizen Username: Tarpitcoder Post Number: 3 Registered: 12-2004 Posted on Friday, January 6, 2006 - 8:29 am:        If your running a WRT54G or GS Linksys the older firmware has some issues where it will ocasionally just stop giving out DHCP addresses over the wireless interface. The Wired interface seemed OK. I've never spent enough time finding this intermittent fault - but you definately want to think about running the latest firmware. If you *ARE* running a Linksys WRT54G/GS then there's some decent open-source firmware out there (They use Linux in them). If your running a linksys BEFW11S4 (Look on bottom of unit) - Ive also seen a problem where if you run too much VPN traffic thru it it seems to slow down and slow down and then eventually start moving at a crawl. Best quick fix for both of these is to just pop the power plug out the back of the unit for say 10 seconds and pop it back in. RE WMF Exploit: Make sure your patched for the Microsoft WMF exploit. It's really a *BAD* one. I've been watching this since last year - I actually installed the unofficial patches on my home boxes because MS took so long to release the official patch. The worst thing about the latest WMF exploit is that you can't be sure to pick it up with a virus scanner - even with the latest signatures installed. It's possible to craft the exploit in a whole bunch of ways - with a whole bunch of extensions (It doesnt have to be WMF) Anyway - Microsoft really dropped the ball on this one - and were extremely lucky that more machines didn't get exploited. The IT security industry was screaming at them to get with it. So if you haven't done it yet - first thing to do is to patch those windows boxes from windows update. WMF Exploit details: http://www.kb.cert.org/vuls/id/181038 http://www.incidents.org --Tarp   Tom Reingold Supporter Username: Noglider Post Number: 11808 Registered: 1-2003 Posted on Friday, January 6, 2006 - 10:22 am:        Welcome to MOL, TarPit Coder!   TarPit Coder Citizen Username: Tarpitcoder Post Number: 9 Registered: 12-2004 Posted on Friday, January 6, 2006 - 11:17 am:        Thanks Tom. Good to be here mate.   LazyDog Citizen Username: Lazydog Post Number: 107 Registered: 6-2005 Posted on Friday, January 6, 2006 - 5:45 pm:        Similar problem a couple of days ago with Linsys WRT54G. Two wired Win PC's are fine. Win XP laptop was disconnecting every couple of minutes. Reconnect and everything was OK, again just for a few mins. On my Powerbook, the wireless network connection was lost completely. After investigating, the router settings had changed !! The SSID had returned to its default "linksys ..." and the security mode had changed to WPA-2 from WEP. Changing security back to WEP and reentering full security keyword/password on Mac did the trick. The only thing I could determine that MIGHT be an issue (I do have Norton on 3 PC's but not on the Mac, and no updates around time of incident) was that the digital cable TV signal was cutting out continually around same time. Don't know if maybe the modem took a hit that somehow !@#$% the router. However, alls well at the moment.   monster Supporter Username: Monster Post Number: 1836 Registered: 7-2002 Posted on Saturday, January 7, 2006 - 3:27 pm:        It's your ISP provider, COmcast was doing this a couple of years ago too...   Grrrrrrrrrrr Citizen Username: Oldsctls67 Post Number: 194 Registered: 11-2002 Posted on Wednesday, January 11, 2006 - 11:11 pm:        If you ever need to know the ip address of a particular computer, go to the dos prompt and type in the command: ipconfig.