Linksys Router - Settings changing
Park_7677
Missouri Member
The router is a BEFSR41 v2--which I've had for as long as I can remember. Currently using the latest Firmware: 1.45.7, Jul 31 2003.
Recently, the settings are being changed without my doing so. It's no one else on the network doing it either, as they don't know the password.
WAN Connection type has been changed to PPPoE, when it should be DHCP (Cable Modem). Private IP and Port ranges have been set, UPnP filters have been enabled, and AOL Controls have been enabled (where internet only works through AOL WebBrowser). Not all at the same time, they're just the ones I've seen change.
Remote Management has always been turned off by me, but the default port has been changed just as the other settings change without me doing so. Again, I, nor anyone else here, did this. Block WAN requests, IP Spec pass-thru--all messed with.
This is seriously pissing me off. I have changed the password for the router, and am going to go to each node on the LAN and check it out.
Anyone know what could be doing this? Virus? Trojan? I'm about to hook the modem straight to me and let Knoppix STD monitor the activity...
Recently, the settings are being changed without my doing so. It's no one else on the network doing it either, as they don't know the password.
WAN Connection type has been changed to PPPoE, when it should be DHCP (Cable Modem). Private IP and Port ranges have been set, UPnP filters have been enabled, and AOL Controls have been enabled (where internet only works through AOL WebBrowser). Not all at the same time, they're just the ones I've seen change.
Remote Management has always been turned off by me, but the default port has been changed just as the other settings change without me doing so. Again, I, nor anyone else here, did this. Block WAN requests, IP Spec pass-thru--all messed with.
This is seriously pissing me off. I have changed the password for the router, and am going to go to each node on the LAN and check it out.
Anyone know what could be doing this? Virus? Trojan? I'm about to hook the modem straight to me and let Knoppix STD monitor the activity...
0
Comments
1) Restore factory defaults for Router, then re-configured it to my settings.
2) Got new IP from ISP
3) Changed password for router (again)
4) Ran "Unplug & Pray" -- UPnP disable tool
5) Virus scans on all computers
I'll keep watching it.. ;[
The logs are crap. That's the only thing I dislike about this router. They only seem to get 1/4 of the actual traffic, so I never have them enabled. Thus, if it were to get anything, they weren't turned on.
And I'm glad to hear that the problem with logging isn't just "me".
Unfortunately, with SNMP active, the ISP can set the modem, and the router can pick up on that change. My router SNMP is off, but I do not have a Linksys. Modem picks up DHCP changes, it got the modem IP. I have a fixed IP, told Comcast I had a baby router, they said "we cannot support it to extent of telling you how to mamange it, but ok, and set me up to a DHCP server for the router accounts that feeds a fixed IP). Some ISPs CAN set things up so teh modem defaults to SNMP, simply so they can program it, and soem routers will turn that back on if hooked to a modem with that on. I have a separate option for router accepting SNMP, from the remote mgmt(remote mgmt lets you manage from outside LAN, SNMP on in router config itself lets ISPs manage the thing through MODEM).
One other seemingly very oddball thing, if your router likes to get time ticks remotely, with NNTP, it may go semi-nuts without the time ticks available to it, so watch out that you do not block the NNTP ports. I accidentally blocked those on mine, got a mess of no logs, time and date wrong, and the dang router started locking every three days. Turn on the NNTP, it picks up time ticks from the router MFR (Netgear). Logs work, the lease time went to an expiration in 2038 for Widnows boxes, and it emails me logs right. You might ask Linksys if the thing needs NNTP enabled to log right, and in my case I had to work through 3 layers of tech support to find out the answer was "YES, it needs that!"
The tech explained why, once I got to engineering level, essentially without time ticks, on a router without a battery backed-up clock, time resets to mfr time default every time router is reset. Suddenly you have logs that have duplicate time entries, and the router then wipes the old logs asit goes to write the entries and finds that the things will have duplicate time stamps. My router wipes old logs as it comes up from a power outage anyways, and a reset with power off and on is a power outage to the router. A reconfig results in a reset situation, so I tell it to email logs with anything in them (I have a log viewer and a SEND button in the log manager in the netgear, from browser mgmt cosole) before I majorly or minorly change settings.
Of course, I had turned that off by blocking the NNTP ports on router. Now my port block rules surround those UDP and TCP ports and it works fine. With time ticks off, it also managed to reset to default a lot, and default for it WAS PPPoE.
PPPoE is often used for both DSL and Cable where your ISP does not know you have a router, as each login can get you a different IP address once every 6-12 days. Could be time\date not being fetched, could be ISP does not know you have a router. When Comcast bought up the AT&T Broadband, they found so many AT&T Broadband folks had routers, they had to compensate-- so they relaxed the router rules. They CAP on upward and downward feed rates per modem connect, per fee rate.
Another thing, is that lots of baby routers have a tiny maximum log size in their innards(one of the reasons I need remote email for my personal domain is that my router emails me logs when it reaches full size, and funny thing is it also emails me when I change settings(if I tell it to before changing them) once I enabled email-- so you might try emailling to an email that is not hyperpublic your logs, see if you start to get better logging results), it is fairly small, and they record only blocks and not packets. So, my Windows boxes also have firewalls installed on each box.
John D.