| [Midwest] Pace 4111N hijacked? After uninterrupted DSL service from AT&T, this week our DSL was out. Service light was solid Red 4111n. At first, I just thought ATT was working on something. It never went back online. So I unplugged it, waited a few minutes and plugged it back in. DSL working again but I thought it was a strange occurrence, so took a look at the 4111N Event Logs and found several lines "hijacked".
Example:
INF 2013-03-18T19:52:27-05:00 hurl host=api.mywot.com uri=/0.4/query hijacked
There were ones for each website I had been browsing at the time of disconnect in Firefox! The example above I'm guessing was when WOT add-on was checking for an update? There was a line for Comodo checking server for update also.
Wireless is not used on this gateway; disabled it as soon as I got it from ATT in January. It's firewall is on. After getting back online, I changed the System password from default which Pace has as all numbers(?)
So after finding the hijacked entries in the log, I called ATT. At first they said it's "normal" to see these entries, but then referred me to Level 2 support. After checking with someone for a few minutes, he said he didn't know why those were listed, that he'd never heard of this before. Guessed either someone hacked the gateway or someone hacked the IP address. He asked that the router be unplugged each night for a few days so it will get a new IP address each time. He followed up a couple of days later and still had no idea what caused this outage and "hijacking". Only other suggestion was to get another router(?!)
So is it normal to see hijacked entries in the logs? What would cause this? Does this mean that every wired connection can be remotely disabled? Every modem/router at risk to be tampered with?
Our computers are updated and have zero malware - ran scans for Comodo, Spybot, AntiMalwarebytes and SuperAntiSpyware - nothing found. |
