Someone has hijacked my router! What now?

Halo1999

Estimable
Apr 16, 2017
5
0
4,510
My NETGEAR C-7000 modem/router has been hijacked and my ISP (Comcast) refuses to help! I unplugged it from the wall and from coax for 2 hours in an attempt to reset my IP, which it did. However, no more than a minute or two later, the attacker was back. This time, he had changed the addresses of my devices to that of his own IP. In addition, my main PC which has not been working since a day before having discovered this, had also been targeted and then changed to a new IP address.

I also have logs showing this info but I figured uploading 11 different links - one to each photo - would be a bit too much. I'm clueless as to how I should fix this. Any advice?
 
Solution
Try consolidating your log photographs into just three or four links.

Probably best at this time to take a look at the logs. Try to pick log entries that display the problem as you see it and in some order.
Please be aware that your modem router may be actually changing the IP addresses. It uses DHCP (Dynamic Host Control Protocol) to assign IP addresses to devices joining your network. Thus your computer may receive a different IP each time especially if there are many other devices on the network.

Do the following which is basically an installation "do over".

Unplug the modem/router from the ISP, do a factory reset by pushing the small reset button on the back of the router.

Check the User Guide/Manual for specific instructions.

You are now at Step 1 with respect to the installation process for a new modem/router out of the box.

Access the router's admin pages with the default login name and password.

Change the admin login name to a name of your chosing and also change the default login password to something more complex. Keep both secret - do not tell anyone.

Reconfigure the router for your network. Change the network name and wireless password.

Comcast does not have any obligation to support your modem/router.

However, it is very likely that you will need to call them to get it activated as "yours" with respect to your service acccount.

Reference:

]https://www.xfinity.com/support/internet/activate-purchased-modem/
 

Halo1999

Estimable
Apr 16, 2017
5
0
4,510


Well, as it turns out, I was able to see that for days, multiple IP's were running a plethora of DOS attacks, but then as of the 16th, the attacker must have gotten lazy or something, because once he gained access to my router, he (or she) began using the same address for every attack. I ran his IP through Whois and I tracked it down to a small subsidiary or Virgin Media in the U.K. I then contacted them and filed an investigation. A rep from Virgin Media stayed in contact with me and I had to give him everything under the moon for them to proceed with a case of "Internet Abuse". A portion of the email read:

"I can confirm that this IP address belongs to our network and is registered to an account.

We will now enforce the Acceptable Use Policy all users on our network must abide by, I can't confirm what specific action we have taken but rest assured it will be done with a view to making sure this does not reoccur."

It will probably be a slap on the wrists for him, but it should at least prevent further attacks, while try to (again) do as you stated earlier.

Btw: I had a question to ask you: since I had already registered this router/modem with Comcast over a year ago, I understand that they are not under any obligation to help me troubleshoot a NETGEAR device, but when my it involves not even being able to access my network to use their services, how come that would fall under someone else's obligation? All I was asking them to do was to give me advice on preventing this so I could use my (their) internet. Plus, (and yes, I know - this doesn't seem plausible; but neither did it to the Comcast Tier 3 rep I spoke with - that is, until I provided him with proof) this individual SOMEHOW managed - over the course of just one day - use 252 PEDOBYTES of data! It was more than I've used in a year! Now, wouldn't it be wise for Comcast to not allow that amount of bandwidth to be stolen from them? Especially since I'm on an unlimited business plan? Just makes zero sense?

Anyhow; hopefully it's resolved. Thank you for your time and attention to my issues.
 
Look at it this way:

If Comcast does not own the modem/router it is yours and they have no idea what you have done and may be doing via the modem/router. Plus any attempts to "be nice and help" that go astray would most likely bring about lawsuits etc.. "Of course the fire that burned down your house was caused by [insert claim here]."

And unfortunately there are way too many people around who think they have come up with some clever way to scam the system (any system) one way or another. And some of those people are very clever - others not so much.

Anyone (e.g., government, commercial businesses) who regularly deals with public quickly becomes quite hardened to such things. Main defense is just strict rules that amount to "No - cannot do". No exceptions. No returns if opened.....

And they can get fired if they do help or even try.

In your case I suspect that your proof provided enough information to escalate the matter up the chain of command. And once management was made aware of it all - action occured.

 

J_E_D_70

Honorable
Mar 21, 2012
395
1
11,060
It’s petabytes and certainly didn’t do that on your router in a day. If you had a gigabit fiber connection under perfect conditions (this isnt including overhead), your max download is 0.01 petabytes.