Network settings changed

J

Joe

I have a Wireless Router Modem which stays on 24/7. Password protected.

Belkin N. - W7 OS Ult



Today I accessed my emails then browser for about 10minutes then my

internet access stopped working.



Yet another PC XP OS still could access the web. Both these computers

are wired. And testing the Laptop wireless - also worked.



Tracing the cause, cable, swap cable , port, reboot modem, Could access

the modem through the setup IP. So PC to Modem OK.



Went to network settings found that the network had changed to Public

without internet access.



Could not change this back to my LAN settings of Network 2. Tried the

wizard as well for internet access.



Went back to a restore point two days earlier and applied this.



My Network 2 setting was restored and internet access restored.



Can/could someone remote access my PC and change these settings or a virus?



I have now changed the passwords on the modem. Another concern is that

my data download seems high (8Gb)in my offpeak allocation when I rarely

use the PC off peak anyway. (far too much normal data allocation to sit

up all night making downloads.



Any suggestions as to why this happened or hacked etc. or a better

security solution.



thanks



j
 
G

GlowingBlueMist

On 4/6/2010 8:54 PM, Joe wrote:

> I have a Wireless Router Modem which stays on 24/7. Password protected.

> Belkin N. - W7 OS Ult

>

> Today I accessed my emails then browser for about 10minutes then my

> internet access stopped working.

>

> Yet another PC XP OS still could access the web. Both these computers

> are wired. And testing the Laptop wireless - also worked.

>

> Tracing the cause, cable, swap cable , port, reboot modem, Could access

> the modem through the setup IP. So PC to Modem OK.

>

> Went to network settings found that the network had changed to Public

> without internet access.

>

> Could not change this back to my LAN settings of Network 2. Tried the

> wizard as well for internet access.

>

> Went back to a restore point two days earlier and applied this.

>

> My Network 2 setting was restored and internet access restored.

>

> Can/could someone remote access my PC and change these settings or a virus?

>

> I have now changed the passwords on the modem. Another concern is that

> my data download seems high (8Gb)in my offpeak allocation when I rarely

> use the PC off peak anyway. (far too much normal data allocation to sit

> up all night making downloads.

>

> Any suggestions as to why this happened or hacked etc. or a better

> security solution.

>

> thanks

>

> j

>

Couple of things might have happened but anything's possible when it

comes to software based devices.



PC temporarily locked onto another routers signal that had another IP

range configured. Easy if no security is active on the wireless side on

either router. If possible power off your router and then reboot or

power cycle your PC and see if it still finds a network to play with.



One of those mystical updates that like to mess with people's minds

rather than just the PC's software. Suspected when a system restore

fixes things but then the problem returns with in 24 hours. Time to

check the log files looking for an update that was automatically

installed, especially if the PC rebooted while you were away from it.



As for your nightly data load, you may have updates going on, like

anti-virus, Windows, RSS or other information feeds, Other user loaded

software looking for a update or handout...



If your router's log file is on and still has nothing usable you might

want to give the router monitoring software WallWatcher a try.



I don't see your router on the actively supported list but if it can be

configured to send log messages on ports 514 or 162 the program should

be able to handle it. With luck it will work as installed with no

configuration changes needed to the router.



You can get it directly from the author's web site at

http://www.wallwatcher1.com/



It is listed as Shareware but with a present price of $0.00 so you have

nothing to loose but some time giving it a try.
 
J

Joe

On 7/04/2010 8:04 PM, GlowingBlueMist wrote:

> On 4/6/2010 8:54 PM, Joe wrote:

>> I have a Wireless Router Modem which stays on 24/7. Password protected.

>> Belkin N. - W7 OS Ult

>>

>> Today I accessed my emails then browser for about 10minutes then my

>> internet access stopped working.

>>

>> Yet another PC XP OS still could access the web. Both these computers

>> are wired. And testing the Laptop wireless - also worked.

>>

>> Tracing the cause, cable, swap cable , port, reboot modem, Could access

>> the modem through the setup IP. So PC to Modem OK.

>>

>> Went to network settings found that the network had changed to Public

>> without internet access.

>>

>> Could not change this back to my LAN settings of Network 2. Tried the

>> wizard as well for internet access.

>>

>> Went back to a restore point two days earlier and applied this.

>>

>> My Network 2 setting was restored and internet access restored.

>>

>> Can/could someone remote access my PC and change these settings or a

>> virus?

>>

>> I have now changed the passwords on the modem. Another concern is that

>> my data download seems high (8Gb)in my offpeak allocation when I rarely

>> use the PC off peak anyway. (far too much normal data allocation to sit

>> up all night making downloads.

>>

>> Any suggestions as to why this happened or hacked etc. or a better

>> security solution.

>>

>> thanks

>>

>> j

>>

> Couple of things might have happened but anything's possible when it

> comes to software based devices.

>

> PC temporarily locked onto another routers signal that had another IP

> range configured. Easy if no security is active on the wireless side on

> either router. If possible power off your router and then reboot or

> power cycle your PC and see if it still finds a network to play with.

>



My PC is wired







> One of those mystical updates that like to mess with people's minds

> rather than just the PC's software. Suspected when a system restore

> fixes things but then the problem returns with in 24 hours. Time to

> check the log files looking for an update that was automatically

> installed, especially if the PC rebooted while you were away from it.

>



I have actually turned the updates to download and ask before install.

Just in case one of those unwanted 1033's come through again.





> As for your nightly data load, you may have updates going on, like

> anti-virus, Windows, RSS or other information feeds, Other user loaded

> software looking for a update or handout...

>



No my updates are protected and W7 asks before you can install. I have

nothing that big to update.



> If your router's log file is on and still has nothing usable you might

> want to give the router monitoring software WallWatcher a try.

>



Ok Ill have a go at that. Just downloaded the two files so I will do an

install.



> I don't see your router on the actively supported list but if it can be

> configured to send log messages on ports 514 or 162 the program should

> be able to handle it. With luck it will work as installed with no

> configuration changes needed to the router.

>

> You can get it directly from the author's web site at

> http://www.wallwatcher1.com/

>

> It is listed as Shareware but with a present price of $0.00 so you have

> nothing to loose but some time giving it a try.



Thanks for the suggestions



its still got me stumped as to why or how it happened. I use PCtools AV

and Malwarebytes for nasties.



Changed two passwords in the router.



The log from the router the date was incorrect so something happened

or has been happening.



perhaps Ive altered too much and it may not happen again hopefully.



but I will have a look into other logging software if Wall watcher

doesn't work



Thanks again
 
G

GlowingBlueMist

On 4/7/2010 5:52 AM, Joe wrote:

Hi Joe,

The more I think about the problem it sounds more like the modem/router

either lost it's power, overheated, or picked up some interference from

an external signal, like a cell phone or other radio type device.



Wired devices as well as wireless can be affected by RF interference if

the signal is strong enough. Cell phones with in a couple of feet of

other electronic devices have been known to cause random problems.



The fact that the date in the router log file was wrong, but had been

right in the past usually indicates some kind of router reset had taken

place. True someone could have found a way to break in from the WAN

side but if the WAN access was set to disabled that seems unlikely.



I had one remote location where a router would randomly change settings

only to discover that the customer had placed a wireless access point

directly on top of the router in support of remote cash registers.

After having them separate the devices by 3 feet the problems all went away.



Good luck with the problem.
 
G

GlowingBlueMist

On 4/9/2010 5:05 AM, GlowingBlueMist wrote:

> On 4/7/2010 5:52 AM, Joe wrote:

> Hi Joe,

> The more I think about the problem it sounds more like the modem/router

> either lost it's power, overheated, or picked up some interference from

> an external signal, like a cell phone or other radio type device.

>

> Wired devices as well as wireless can be affected by RF interference if

> the signal is strong enough. Cell phones with in a couple of feet of

> other electronic devices have been known to cause random problems.

>

> The fact that the date in the router log file was wrong, but had been

> right in the past usually indicates some kind of router reset had taken

> place. True someone could have found a way to break in from the WAN side

> but if the WAN access was set to disabled that seems unlikely.

>

> I had one remote location where a router would randomly change settings

> only to discover that the customer had placed a wireless access point

> directly on top of the router in support of remote cash registers. After

> having them separate the devices by 3 feet the problems all went away.

>

> Good luck with the problem.



Had one last thought, of the paranoid kind...



Many cable and DSL providers maintain a backdoor access into

modems/routers using SNMP (simple network management protocol) that they

supply as a means of troubleshooting AND upgrading the firmware in the

devices. No amount of password changes by the user can keep them out if

they supplied the firmware in the box left a management level account

hidden in the firmware.



Firmware updates require a reboot, and many times this defaults the

device back to factory settings. True, usually the update is to fix a

bug but lately many have been done just to hinder access by other

providers, like internet phone providers that are not connected with

your ISP, Torrent style protocols, or those used by intensive gamers.



That is one reason I don't usually use a box provided by my ISP on my

personal feed but rather purchase a 3rd party modem/router that does not

have any firmware in it connected to my internet provider. I also

disable SNMP access as it can be used to remotely change things in the

box depending on it's settings. I don't like it when my ISP tries to

remotely configure my box to disable ports or protocals at my end rather

than network wide where they can be more easily caught in the act by

multiple parties. If I need a firmware update I go directly to my box's

support site and download/install it myself.



Any chance you had a printout of the old settings, showing the firmware

release and LAN settings that were in the box prior to your problem that

you can compare with what is in the box after the problems started?



If the box defaulted to the usual DHCP but at a different LAN network

subnet address than you were using a PC might report it as having

switched to a Public network. That is one reason many providers don't

like you to change the default network range on the LAN side. Having it

default to the "factory" subnet rather than remaining what you were

using as the LAN subnet makes it easier to catch them making changes to

the box at your end. Depending on the PC's operating software it might

just go along with the change and automatically request and use the new

LAN IP with out a blink while other software versions or firewalls may

complain like yours did.
 
You must log in or register to reply here.

Similar threads

V
Ethernet cable not appearing on PC, the cable works.
Replies
0
Views
61
vi
V
C
Lenovo Laptop running Windows 11 Will Not Connect to WiFi Router
Replies
0
Views
40
Cmstritt
C
C
After resetting TPM, Windows 10 no longer recognises ethernet adapter
Replies
0
Views
56
chaypearson
C
S
Connecting one PC to internet causes all internet to degrade
Replies
0
Views
62
SlowHowl
S
D
Network does not appear on Network & Internet list
Replies
0
Views
55
Denis107
D
Back
Top Bottom