dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2204
share rss forum feed


aglennon

@sbcglobal.net

[Midwest] Pace 4111N hijacked?

After uninterrupted DSL service from AT&T, this week our DSL was out. Service light was solid Red 4111n. At first, I just thought ATT was working on something. It never went back online. So I unplugged it, waited a few minutes and plugged it back in. DSL working again but I thought it was a strange occurrence, so took a look at the 4111N Event Logs and found several lines "hijacked".

Example:

INF 2013-03-18T19:52:27-05:00 hurl host=api.mywot.com uri=/0.4/query hijacked

There were ones for each website I had been browsing at the time of disconnect in Firefox! The example above I'm guessing was when WOT add-on was checking for an update? There was a line for Comodo checking server for update also.

Wireless is not used on this gateway; disabled it as soon as I got it from ATT in January. It's firewall is on. After getting back online, I changed the System password from default which Pace has as all numbers(?)

So after finding the hijacked entries in the log, I called ATT. At first they said it's "normal" to see these entries, but then referred me to Level 2 support. After checking with someone for a few minutes, he said he didn't know why those were listed, that he'd never heard of this before. Guessed either someone hacked the gateway or someone hacked the IP address. He asked that the router be unplugged each night for a few days so it will get a new IP address each time. He followed up a couple of days later and still had no idea what caused this outage and "hijacking". Only other suggestion was to get another router(?!)

So is it normal to see hijacked entries in the logs? What would cause this? Does this mean that every wired connection can be remotely disabled? Every modem/router at risk to be tampered with?

Our computers are updated and have zero malware - ran scans for Comodo, Spybot, AntiMalwarebytes and SuperAntiSpyware - nothing found.


aglennon

join:2013-03-22
Wood River, IL

So, no replies? The event log still shows occasional "hijacked" entries for common sites I visit, like Ebay. No malware here - clean pc.

Would this happen be related to the news stories today about the government monitoring online activity such as emails, connections, instant messages, etc...? Odd coincidence.



David
I start new work on
Premium,VIP
join:2002-05-30
Granite City, IL
kudos:101
Reviews:
·DIRECTV
·AT&T Midwest
·magicjack.com
·Google Voice
reply to aglennon

I believe what you are hitting is a security function inside the pace 4111n. If you run such tools and such you may have to disable those functions as the router is designed to protect against page intrusions and stuff like My web of trust (WOT) would be considered a page intrusion by the pace 4111n. If memory serves there is a page in the 2wire that has certain checkboxes for these things under the firewall settings.
--
If you have a topic in the direct forum please reply to it or a post of mine, I get a notification when you do this.
Koetting Ford, Granite City, illinois... YOU'RE FIRED!!