I'm having issues with a huge amount of packets being received vs sent on every one of my NIC cards attached to the network. The ratio is usually 2,000,000 to 60,000,000 with hardly any time of use going by or things internet tasks being done. Getting to that many packets can take easily no longer than an hour simply checking email or doing other work. In my experience this is abnormal. At first I naturally thought if malware or outdated network LAN/wireless cards on the various PC's, but after several formats and DBan's that simply isn't the case.
My next assessment was the possibility that my router firmware itself could possibly be infected by malware? Not knowing how to see if that's the issue, that idea is still on the table. Nevertheless I decided to see exactly what these packets were doing by looking at them via Wire-shark. what i "THINK" i saw (being a novice to the program) was not good. Lots of red indicated packet re-transmissions and and lots of stuff talking with each other, much of it being the router to the STB boxes or vise versa asking who is 191.168.1.1 tell 0.0.0.0 or who is (mac id) tell 0.0.0.0 or default domain or IP addresses in not familiar with and lots lot of group joining, again to IP's I'm not familiar with. Basically tons of packets being sent much of it being duplicates but also a lot of WireShark warning indications of potential problems that the program estimated is going on. After seeing all that red and indications that something is wrong with my network traffic I figured my suspensions are most likely correct, but I have no idea on how to mitigate these issues with the router.
Investigating further I notice some odd things that may or may not be normal, possibly the potential that my router is compromised by someone near in my apartment complex. Either someone connecting directly into the ONT and basically hijacking the service I pay for, or simply the fact that 2 households share an ONT and traffic going over it is being received on my end somehow. Here are the weird things I've seen that has me suspect though. For instance I've see NAT's being assigned to the same IP address more than once. Normal? Also I'm seeing that same instance with the automatic port forwarding this router does for the STB boxes. Instead of a rule for each box, there are either several individual rules for (one for TCP and one for UDP) for the same IP. Something I never noticed before on my old router. Also a weird instance where I see my set top boxes being assigned IP 2,3,4,5 in their specific range, but also IP 1 in that same range in addition showing as an Ethernet connection and as my one of my devices, not Verizon's.
The biggest indicator of all, leading me to suspect my traffic is being hijacked/spied upon as well is actually two instances -1, my account being changed somehow as well as my telephones doing weird things. Messages and calls not showing or not going where they should as well as an obvious change in tone in the background noise on the phone. I can hear all this clicking and sometimes the sound of a keyboard typing; it's very odd. The phones going to crap aside... I installed a high powered wireless network card and saw some interesting things there too. I'm seeing my 2 bandwidths as and my guest account. The MAC ID's are showing the 2 bandwidths as AS-**-**-**-**-21 and AS-**-**-**-**-23 and the guest as AB-**-**-**-**-24 for example. Also showing is a hidden network that is nearly identical to the Guest but showing as the missing "22" sequential number in the mac ID end digits. This connections seems to be controlled by someone else because it turns off and on randomly in edition to another network obviously not belonging to me doing the same. Is that normal or am I seeing proof of someone mac spoofing that missing 22 mac and making it hidden and possibly their own to conduct whatever malicious activities their *beat-less* heart(s) desire. So...What's going on here?
↧