I noticed that there was something not right and I started to check my parent’s firewall settings. They have two computers setup on a wireless router. This computer has Windows Vista, as I think the other one does too. So after checking Windows Firewall I noticed that a lot of things were allowed to by pass the Firewall like remote assistance and such. So after unchecking all that and blocking all incoming everything, I went to the router’s firewall and noticed that Excessive Session Detection was unchecked. I had enabled it previously, but I started to notice now that every time I enabled it, it was automatically no longer enabled the next time I checked to see the firewall settings on the router.
I called my service provider, as they provided the 2wire 2701 router and they proceeded to tell me that they can only help with changing the password and nothing else. They said I had to do some virus check or something, like I didn’t press that button already. I wanted to know what to do because apparently the web says when the excessive session detection is unchecked, a blaster virus can infiltrate my computer or router or something. But the odd thing is that it keeps unenabling excessive session detection, even if I change my password to something really strong.
I would think the source of the problem is the router software, which would give the ability to access any wireless device on the network and thus allowing for every action to be compromised on every WiFi device including cellphones that come into the house. I assume that if they can access the router some how, then they can access everything the router is connected too. I can even assume they can read what I am typing here.
Now I am not sure what the blaster virus can do, but I can only assume that something very wrong is happening and I have no clue what to do. The service provider said they can’t help, even though it comes from them and the 2wire 2701 router has no software upgrade to update the software of the router.
I suggested to my parents to get another ISP and discontinue with anything wireless, so a wire only router. But it still would suggest that the computers are not safe and it could still happen again. I have no idea where the files are or the infection or where to even start. This is all I got and I was wondering if you can help, as I know something is wrong, but I have no support. I have no idea how to fix this and everyone is pointing me into a direction as if to say that I can figure this out.
Before I do that, I want to mention something that I noticed when doing the scan for network threats tool using Avast, as I found it a little off that the Avast software knew the strength of my password, which can only happen if Avast can some how know my password. Avast would have to be able to pull my password to be able to tell the strength of it in terms of numbers and characters. How can Avast do that and if Avast’s software can do that, then couldn’t other software like a virus? If that is the case, then it should be pretty easy to get my password for the router then and make changes to excessive session detection quite simple.
Take your time with that one. I assume the fact that your software makes it so it can check every router for the security of their password, that this is a much bigger issue then my parent’s computers being a problem, as you can do this to every single computer then.
I’ll just wait and assume everyone is just like me now.
I’m having a good chuckle over this issue. Nope. The password was secure enough, but I couldn’t tell until I figured out what your password was and then I approved it. It is a good password now. Don’t change it though, as then I will have to find out what your new password is to then make sure it is okay too.
So I have an idea that can catch the black hats who are using this method to get access when they shouldn’t.
I am going to make assumptions and my hope is that you can fill the gaps where I have no clue about.
I am going to guess that there has to be an ip address log whenever any queries your router info because the rule is that every time you want information, you have to give some in some way that might be hidden, but it is still there. So if an ip address is logged every time a router is queried for your password, then the understanding is about the information born from the ip address. Granted there are proxy servers that mask ip addresses, so an individual singular attack will stay hidden. However, repeated attacks will begin to bring patterns to the data and statistics can be used to prove certainty when there isn’t any. The way to get that data is to keep changing the password on the router because every time a new password is required, a new router query has to be made. Multiple ip address logs will bring forth where the proxy server ip address location is and with further investigation with say the ISPs, and identification and location of the person can be made and an investigation can begin.
That would be high level and the details of how to specifically find the ip address and inform police would be in your world to catch the criminals who have gone beyond and compromised the information on the routers, servers and computers they are all connected too. I am just thinking that is the strategy to counter that attack and actually stop them by catching them when they think they will always be hidden. If people know now that there is a very high risk to get caught, there will be less black hats in this world.