- Sep 9, 2013
- 13
- 0
- 10,510
To make a long story short... I was recently hacked. It started with a DoS attack, but then I was infected with some sort of malware. I believe I have cleaned-out the malware, but... there's another issue.
I am receiving (or blocking) packets from random, (but similar) IP addresses. Most of them originate in China. (Also seeing Thailand, Netherlands, Russia, and Philippines.) I was getting bombarded by packets at first, but now it's every ~5 minutes. I suspect someone is using an anonymous network (like tor or something) to wage war on my router.
The simple solution would be to block the IP address ranges in the router right? Well... I have a bad situation there. My router is a netgear 7550. The firmware cannot be replaced, and is horrible. Netgear sold these things to AT&T "as-is", then AT&T sold them to other companies. (Which is how I got mine, basically.) Netgear refuses to provide any support for my model. I cannot block a range of addresses. It will only allow me to block a single IP address at a time. I've gone into the windows firewall and blocked all the ip addresses... but it's constantly shifting... so... i don't even know.
(My only option with the router/modem firewall is to block everything and whitelist only what I want to use. This would be difficult as I have many different games I play online. It would be time-consuming to figure-out how to whitelist every port for every game.)
Here's an example of the kind-of thing I'm seeing in the router firewall log:
Time; xx:xx:xx
Direction/Severity; In: ppp0
Rule/Process: Blocked
Src IP: <LIKELY OFFENDER IP ADDRESS> Port: 6000
Dest IP: <MY MODEM/ROUTER IP ADDRESS> Port: 22
Proto: TCP
Len: 44
I am receiving (or blocking) packets from random, (but similar) IP addresses. Most of them originate in China. (Also seeing Thailand, Netherlands, Russia, and Philippines.) I was getting bombarded by packets at first, but now it's every ~5 minutes. I suspect someone is using an anonymous network (like tor or something) to wage war on my router.
The simple solution would be to block the IP address ranges in the router right? Well... I have a bad situation there. My router is a netgear 7550. The firmware cannot be replaced, and is horrible. Netgear sold these things to AT&T "as-is", then AT&T sold them to other companies. (Which is how I got mine, basically.) Netgear refuses to provide any support for my model. I cannot block a range of addresses. It will only allow me to block a single IP address at a time. I've gone into the windows firewall and blocked all the ip addresses... but it's constantly shifting... so... i don't even know.
(My only option with the router/modem firewall is to block everything and whitelist only what I want to use. This would be difficult as I have many different games I play online. It would be time-consuming to figure-out how to whitelist every port for every game.)
Here's an example of the kind-of thing I'm seeing in the router firewall log:
Time; xx:xx:xx
Direction/Severity; In: ppp0
Rule/Process: Blocked
Src IP: <LIKELY OFFENDER IP ADDRESS> Port: 6000
Dest IP: <MY MODEM/ROUTER IP ADDRESS> Port: 22
Proto: TCP
Len: 44
Facebook
Twitter
Instagram