Tell me more x
, there is a new speed test available. Give it a try, leave feedback!
dslreports logo
    All Forums Hot Topics Gallery


Search Topic:
share rss forum feed


[Midwest] Pace 4111N hijacked?

After uninterrupted DSL service from AT&T, this week our DSL was out. Service light was solid Red 4111n. At first, I just thought ATT was working on something. It never went back online. So I unplugged it, waited a few minutes and plugged it back in. DSL working again but I thought it was a strange occurrence, so took a look at the 4111N Event Logs and found several lines "hijacked".


INF 2013-03-18T19:52:27-05:00 hurl uri=/0.4/query hijacked

There were ones for each website I had been browsing at the time of disconnect in Firefox! The example above I'm guessing was when WOT add-on was checking for an update? There was a line for Comodo checking server for update also.

Wireless is not used on this gateway; disabled it as soon as I got it from ATT in January. It's firewall is on. After getting back online, I changed the System password from default which Pace has as all numbers(?)

So after finding the hijacked entries in the log, I called ATT. At first they said it's "normal" to see these entries, but then referred me to Level 2 support. After checking with someone for a few minutes, he said he didn't know why those were listed, that he'd never heard of this before. Guessed either someone hacked the gateway or someone hacked the IP address. He asked that the router be unplugged each night for a few days so it will get a new IP address each time. He followed up a couple of days later and still had no idea what caused this outage and "hijacking". Only other suggestion was to get another router(?!)

So is it normal to see hijacked entries in the logs? What would cause this? Does this mean that every wired connection can be remotely disabled? Every modem/router at risk to be tampered with?

Our computers are updated and have zero malware - ran scans for Comodo, Spybot, AntiMalwarebytes and SuperAntiSpyware - nothing found.


Wood River, IL
So, no replies? The event log still shows occasional "hijacked" entries for common sites I visit, like Ebay. No malware here - clean pc.

Would this happen be related to the news stories today about the government monitoring online activity such as emails, connections, instant messages, etc...? Odd coincidence.

I start new work on
Granite City, IL
·AT&T Midwest
·Google Voice
reply to aglennon
I believe what you are hitting is a security function inside the pace 4111n. If you run such tools and such you may have to disable those functions as the router is designed to protect against page intrusions and stuff like My web of trust (WOT) would be considered a page intrusion by the pace 4111n. If memory serves there is a page in the 2wire that has certain checkboxes for these things under the firewall settings.
If you have a topic in the direct forum please reply to it or a post of mine, I get a notification when you do this.
Koetting Ford, Granite City, illinois... YOU'RE FIRED!!