dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2087
share rss forum feed


hagbard72

join:2000-10-02
Kingsville
reply to hagbard72

Re: Modem security

I'm considering swapping the router out for my old wrt56g with tomato on it.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit

1 recommendation

reply to hagbard72
Is this a cable modem or DSL? I'm wondering if the modem is seeing something on the ISP's side.

If it's cable (shared) you might be seeing another customers (who's using a switch rather than a router) devices when they turn them on.
--
Don't feed trolls--it only makes them grow!


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to hagbard72
said by hagbard72:

00:25:71:01:D1:7F

Ok this is a Zhejiang Tianle Digital Electric Co.,Ltd - China (Zhejiang) MAC. They make TV's, Blu-Ray players etc.

»www.hktdc.com/manufacturers-supp···X05V1V2/

said by hagbard72:

00:90:A2:8E:36:AA

This belongs to CyberTAN Technology.

»www.cybertan.com.tw/
--
Don't feed trolls--it only makes them grow!


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

2 edits
reply to hagbard72
said by hagbard72:

No, it doesn't. But the UNKNOWN devices have these addresses according to the router:

00:25:71:01:D1:7F

00:90:A2:8E:36:AA

But they could just be some computer or phone that I'm not aware of.

The first belongs to Zhejiang Tianle Digital Electric Co.,Ltd and they appear to be primarily a TV manufacturer.

The second belongs to CYBERTAN TECHNOLOGY, INC. and they appear to be a somewhat generic manufacturer of phones, game devices and multimedia devices.

I think that you mentioned having an attached TV and an attached Blu-Ray player?

Out of curiosity, does your PC have a public IP address or a private IP address? If the PC runs Windows, open a command prompt and enter the command ipconfig /all. If you use a *nix OS (including OS X), open a terminal window and issue the command ifconfig. The command arp -a should also provide a list of recent active and connected devices with both their IP addresses and MAC addresses. The command netstat -r will also tell us something about your network architecture that might help with a diagnosis.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. -- US Constitution

When governments fear people, there is liberty. When the people fear the government, there is tyranny. -- Thomas Jefferson


hagbard72

join:2000-10-02
Kingsville
reply to hagbard72
Ran ipconfig /all, what am I looking for? BTW, I just switched out routers to my old wrt56g. When I called my ISP they said there was "nothing to worry about" regarding the additional devices showing up but did say I was having dropped packets. I pinged the ISP and it was up around 300ms. That's what prompted me to switch out routers. Didn't make any difference. The only thing that improved the ping rate was connecting directly to the computer.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
said by hagbard72:

Ran ipconfig /all, what am I looking for? BTW, I just switched out routers to my old wrt56g. When I called my ISP they said there was "nothing to worry about" regarding the additional devices showing up but did say I was having dropped packets. I pinged the ISP and it was up around 300ms. That's what prompted me to switch out routers. Didn't make any difference. The only thing that improved the ping rate was connecting directly to the computer.

You might get your questions answered more quickly if you just supplied the requested information instead of trying to filter information when you don't know what you are looking at.

Just to show that posting the information I requested is "safe", I will show you below the information I requested taken from my Windows server. I chose my Windows server because it has both public and private information, so that if you want to try to interpret the difference and filter your results, you can do so. However, if you filter too much, you might as well not bother since the information won't be very useful. I have edited the results to mask the last three segments of the MAC address using "-**-**-**" for directly attached devices (that is really the only thing that someone using your ISP could use to cause you problems, and even that is very unlikely).


C:\>ipconfig /all
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : dcs-srv
   Primary Dns Suffix  . . . . . . . : dcs-net
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dcs-net
                                       dcs-net.net
                                       dyndns-ip.com
 
PPP adapter RAS Server (Dial In) Interface:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.9.208
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
 
Ethernet adapter Local Area Connection 2:
 
   Connection-specific DNS Suffix  . : hsd1.tn.comcast.net.
   Description . . . . . . . . . . . : Intel 21143-Based PCI Fast Ethernet Adapter (Generic)
   Physical Address. . . . . . . . . : 00-40-F4-**-**-**
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IP Address. . . . . . . . . . . . : 174.49.12.155
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Default Gateway . . . . . . . . . : 174.49.8.1
   DHCP Server . . . . . . . . . . . : 69.252.196.197
   DNS Servers . . . . . . . . . . . : 192.168.9.2
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Disabled
   Lease Obtained. . . . . . . . . . : Wednesday, January 02, 2013 12:37:37
   Lease Expires . . . . . . . . . . : Sunday, January 06, 2013 12:37:37
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : dcs-net
   Description . . . . . . . . . . . : NETGEAR GA311 Gigabit Adapter
   Physical Address. . . . . . . . . : E0-91-F5-95-BE-AC
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.9.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : 2601:5:c80:91:e291:f5ff:fe95:beac
   IP Address. . . . . . . . . . . . : fe80::e291:f5ff:fe95:beac%4
   Default Gateway . . . . . . . . . : fe80::1e7e:e5ff:fe4c:e6ff%4
   DNS Servers . . . . . . . . . . . : 192.168.9.2
                                       75.75.76.76
                                       fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Automatic Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : C0-A8-09-D0
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : fe80::5efe:192.168.9.208%2
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Automatic Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : dcs-net
   Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : C0-A8-09-02
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : fe80::5efe:192.168.9.2%2
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Automatic Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : hsd1.tn.comcast.net.
   Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : AE-31-0C-9B
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : fe80::5efe:174.49.12.155%2
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
C:\>arp -a
 
Interface: 174.49.12.155 --- 0x10003
  Internet Address      Physical Address      Type
  174.49.8.1            00-01-5c-3c-f4-41     dynamic
  174.49.10.238         00-1e-90-**-**-**     dynamic
 
Interface: 192.168.9.2 --- 0x10004
  Internet Address      Physical Address      Type
  192.168.9.3           e0-91-f5-95-a8-79     dynamic
  192.168.9.16          00-17-a4-e3-e7-cf     dynamic
  192.168.9.64          00-22-68-59-40-0c     dynamic
  192.168.9.100         e0-91-f5-95-b6-9d     dynamic
  192.168.9.254         1c-7e-e5-4c-e6-ff     dynamic
 
C:\>netstat -r
 
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 40 f4 2a 31 1e ...... Intel 21143-Based PCI Fast Ethernet Adapter (Generic)
0x10004 ...e0 91 f5 95 be ac ...... NETGEAR GA311 Gigabit Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       174.49.8.1    174.49.12.155     30
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
       174.49.8.0    255.255.248.0    174.49.12.155    174.49.12.155     30
    174.49.12.155  255.255.255.255        127.0.0.1        127.0.0.1     30
   174.49.255.255  255.255.255.255    174.49.12.155    174.49.12.155     30
    192.168.1.248  255.255.255.248      192.168.9.9      192.168.9.2      6
    192.168.8.248  255.255.255.248      192.168.9.9      192.168.9.2      4
      192.168.9.0    255.255.255.0      192.168.9.2      192.168.9.2     10
      192.168.9.2  255.255.255.255        127.0.0.1        127.0.0.1     10
    192.168.9.208  255.255.255.255        127.0.0.1        127.0.0.1     50
    192.168.9.255  255.255.255.255      192.168.9.2      192.168.9.2     10
    216.146.35.35  255.255.255.255    192.168.9.254      192.168.9.2      8
    216.146.36.36  255.255.255.255    192.168.9.254      192.168.9.2      8
        224.0.0.0        240.0.0.0    174.49.12.155    174.49.12.155     30
        224.0.0.0        240.0.0.0      192.168.9.2      192.168.9.2     10
  255.255.255.255  255.255.255.255    174.49.12.155    174.49.12.155      1
  255.255.255.255  255.255.255.255      192.168.9.2      192.168.9.2      1
Default Gateway:        174.49.8.1
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
    192.168.8.248  255.255.255.248      192.168.9.9       4
    192.168.1.248  255.255.255.248      192.168.9.9       6
    216.146.35.35  255.255.255.255    192.168.9.254       8
    216.146.36.36  255.255.255.255    192.168.9.254       8
 
IPv6 Route Table
===========================================================================
Interface List
  5 ...ff ff ff ff ff ff ff ff  Teredo Tunneling Pseudo-Interface
  4 ...e0 91 f5 95 be ac ...... NETGEAR GA311 Gigabit Adapter
  3 ...e0 91 f5 95 ............ 6to4 Pseudo-Interface
  2 ...c0 a8 09 d0 ............ Automatic Tunneling Pseudo-Interface
  2 ...c0 a8 09 02 ............ Automatic Tunneling Pseudo-Interface
  2 ...ae 31 0c 9b ............ Automatic Tunneling Pseudo-Interface
  1 ........................... Loopback Pseudo-Interface
===========================================================================
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  4   1016 2601:5:c80:90::/60       fe80::1e7e:e5ff:fe4c:e6ff
  4   1256 ::/0                     fe80::1e7e:e5ff:fe4c:e6ff
  2   1004 fe80::5efe:192.168.9.208/128
                                    fe80::5efe:192.168.9.208
  4   1004 2601:5:c80:91:e291:f5ff:fe95:beac/128
                                    2601:5:c80:91:e291:f5ff:fe95:beac
  4   1008 2601:5:c80:91::/64       On-link
  2   1004 fe80::5efe:192.168.9.2/128
                                    fe80::5efe:192.168.9.2
  2   1004 fe80::5efe:174.49.12.155/128
                                    fe80::5efe:174.49.12.155
  5   1004 fe80::ffff:ffff:fffd/128 fe80::ffff:ffff:fffd
  4   1008 ff00::/8                 On-link
  4   1004 fe80::e291:f5ff:fe95:beac/128
                                    fe80::e291:f5ff:fe95:beac
  1   1004 ::1/128                  ::1
  1   1008 ff00::/8                 On-link
  1   1004 fe80::1/128              fe80::1
===========================================================================
Persistent Routes:
  None
 



To make your posted information display properly, you may need to put the information between "code" brackets as shown below:
[code]
Put whatever you need to post
between the two "code" brackets
[/code]

If you post the requested information, I can look at it and tell you if there is anything that would help to explain the symptoms you are seeing. However, it would help if the symptoms were present before you bother to post it. OTOH, it would not hurt to save the information if you do it while the symptoms are not present, and then compare the results to when the symptoms are present.

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


hagbard72

join:2000-10-02
Kingsville

4 edits
reply to hagbard72
No offence, but you didn't actually ask me to post the results. I thought you thought I'd know what I was seeing and go from there. I'll run it again and post it.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
reply to hagbard72
May I assume that the previously posted (but now deleted) "ipconfig /all" information is using the second router, and also that you are not at this time seeing the mysterious devices?

If so, if/when you see the symptoms again, do the "ipconfig /all" again and also the "arp -a" command (if the problem returns, that arp information can be helpful, and it would be helpful to also have that information saved from when you were not seeing the mystery devices).

One thing that is already helpful is knowing that your PC is connected using WiFi instead of via a direct ethernet cable connection (that could explain why your connection was better when connecting the PC directly to the modem):
" I pinged the ISP and it was up around 300ms. That's what prompted me to switch out routers. Didn't make any difference. The only thing that improved the ping rate was connecting directly to the computer."
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


hagbard72

join:2000-10-02
Kingsville
Ping tests were all done with direct (not wifi) connection. When doing the testing, at the end, I reset the modem so yes, only one device is showing now. I'll rerun the above if more devices show up again, should I post the results then?


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
said by hagbard72:

Ping tests were all done with direct (not wifi) connection. When doing the testing, at the end, I reset the modem so yes, only one device is showing now. I'll rerun the above, should I post the results then?

If the "ipconfig /all" and "netstat -r" did not change, then you could probably just note that. The "arp -a" results could definitely be helpful (both before and after).
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
reply to hagbard72
said by hagbard72:

Ping tests were all done with direct (not wifi) connection. When doing the testing, at the end, I reset the modem so yes, only one device is showing now. I'll rerun the above if more devices show up again, should I post the results then?

Since you are now using WiFi, and I seem to recall you saying that the router currently in use runs Tomato, do you have your WiFi setup in the router to isolate WiFi clients from each other (and/or from your LAN)? If so, that would limit the usefulness of using a WiFi connected PC for troubleshooting since a WiFi connected PC would not be able to see what needs to be seen.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


hagbard72

join:2000-10-02
Kingsville

1 edit
reply to hagbard72
I have tomato and no, I don't think so but don't really know (I'm more techie than the average guy but not that much more so).

Update: problem appears to have cleared up with removing the router and replacing it with an old wrt56g.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit

1 recommendation

said by hagbard72:

Update: problem appears to have cleared up with removing the router and replacing it with an old wrt56g.

I am not too surprised by that. From the symptoms you posted it sounded as if you either had a wiring/connection problem, or the router was passing packets between the WAN and LAN that should have been blocked.

If the router in question is a "better quality" router and/or has certain features that you like/need, you might consider doing a "30-30-30"* factory default reset on it and manually reloading any special config that it needs (restoring the config from a saved file might also restore the problem) and trying it again. I have had the "30-30-30"* factory default reset procedure fix a lot of strange problems with residential and soho grade routers.

* The 30-30-30 factory default reset is to keep the router's reset button depressed while you:
1. Wait 30 seconds
2. Power the router off and wait another 30 seconds
3. Power the router on and wait another 30 seconds
The reset button must remain depressed for the entire 90 seconds.

That procedure may sound hokey, but I have seen "bricked" routers and routers with really strange symptoms fixed by doing this. Just recently I had to use that procedure to "unbrick" my brand new D-Link DIR655 after it went belly up while doing a required firmware upgrade.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. -- US Constitution

When governments fear people, there is liberty. When the people fear the government, there is tyranny. -- Thomas Jefferson


hagbard72

join:2000-10-02
Kingsville
No, it was a cheap, crappy router destine for the trash pile. I had a wrt320n with tomato before, but the WAN port died. Tried all the above to bring it back to life, then tried reinstalling tomato and finally killed it. The 30/30/30 couldn't bring bring it back to life. I've ordered a wrt310n router for twenty bucks, will put tomato or dd-wrt on it and hope it lasts longer than the last one. After that, I'll spend the big bucks and get the Asus RT-N66U. Thanks for the help!


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
said by hagbard72:

No, it was a cheap, crappy router destine for the trash pile. I had a wrt320n with tomato before, but the WAN port died. Tried all the above to bring it back to life, then tried reinstalling tomato and finally killed it. The 30/30/30 couldn't bring bring it back to life. I've ordered a wrt310n router for twenty bucks, will put tomato or dd-wrt on it and hope it lasts longer than the last one. After that, I'll spend the big bucks and get the Asus RT-N66U. Thanks for the help!

Consumer routers don't seem to last long from what i have seen. See »How long do Linksys routers last? ...
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


hagbard72

join:2000-10-02
Kingsville

1 recommendation

reply to hagbard72
Bought my WRT56g nearly ten years ago...been rock solid.