I think my router / internet connection was hacked. Problems connecting. How?

[cmf21]

This is kind of long. I live in a very small town. A part of town this is separated by a golf course with very few houses, old people, and internet access only available by wifi. Most of my neighbors don't even have internet.

For the past few days, I've been having internet connection problems. My home network consists of a printer and a computer directly connected to the router and another computer connected by a wireless card.

The problem I'm was having started when I was trying to add my network printer to my fathers computer which has a static address assigned to it. For some reason the driver got deleted from my fathers computer. We tried adding the printer again but the computer wouldn't find it even when we provided the ip address. We tried everything and as a last measure rebooted the router and that's when the real mess began.

We lost internet connectivity. Tried rebooting again, nothing. Unplugged the power to the router, still nothing. The port lights would either be all on or all off. At this point I thought I royally screwed something up. I had a backup router laying around so I decided to try that.

We plugged that in and still couldn't get a connection. Reset the thing still nothing. After awhile we somehow got an internet connection again but only to the computer that was directly plugged into it. In order for my computer to connect wirelessly, I discovered I had to unplug the power to the router and plug it back in and then I could magically connect. Couldn't understand this. Left it this was for a day or so but when my computer would go to sleep sleep and awake, I would have to go unplug the routers power again and then my connection would come back. Strange.

Tonight I got really sick of this and wanted to fix everything. I started playing around with both routers. The original router still wouldn't work and the replacement would or wouldn't work. When it would work I couldn't get into it's menu and discovered that it didn't have an ip address to even get into it.

I was eventually able to get into it's menu only after unplugging everything but the computer directly connected to it. When I was in it looking at all the settings, I noticed this wireless connection that shouldn't be there since nothing else was connected. This wireless connection would appear and disappear. It had a mac address I didn't didn't know and under security it said STA-ASSOC. I didn't know how to get rid of this. I tried looking up sta-assoc but couldn't find much. All I found is that someone is somehow on or is trying to get on our connection and that I should try and make the password even harder which I did but this connection would still show up.

I ended up changing the password once more making it even harder and disabled wps just for the heck of it. I rebooted the router again and plugged everything back in. This mystery connection is now gone and everything is back to normal and my computer with the wireless connection connects without having to unplug the power to the router.

Tomorrow, I'm going to play around with my original router and see I can get that one working again. Maybe it has a similar problem with this mystery connection.


Could someone tell me if someone was or wasn't on my network screwing around with my connection? If they were, how could they even get on or disable the router in a way that my home computers wouldn't have a connection.

 

[pcgeek11]

Did you try the reset button on the router to restore it to factory settings?

I seriously doubt that your router was hacked.

Reset to factory specs, change the access password to a good one and give that a go.

 

[cmf21]

Did you try the reset button on the router to restore it to factory settings?

I seriously doubt that your router was hacked.

Reset to factory specs, change the access password to a good one and give that a go.

Yes. On the original router I tried that many times. The stupid thing just quite working properly. I even updated it's software but it still wouldn't work. All I wanted to do was try deleting the printer and adding it again hoping the one computer would see it.

One the second router, I was having similar problems. One computer could connect but the computer with the wireless card could not without unplugging the power on the router and plugging it back in.

Once I discovered this other device on the router and was able to prevent it from connecting, everything was back to normal.

I can't explain it. It's the strangest thing and could possibly explain all the problems we've been having in the few days just from trying to fix a printer problem.

 

[dma0991]

Probably is more related to ISP screwing up rather than unauthorized wireless access. Should've noted the MAC address; some routers are capable of denying access based on the MAC address.

Its been a habit of mine to hide my SSID as a prevention from people snooping around. It can be discovered regardless but its a prevention nonetheless.

 

[JackMDS]

Its been a habit of mine to hide my SSID as a prevention from people snooping around. It can be discovered regardless but its a prevention nonetheless.

People who can (if any) Brake WPA2 are able to detect an Off SSID in 10 sec.

On the other hand switching SSID off many times destabilizes regular End Users Wireless.

O.P - Add to the story telling some technical Data, it hard to understand what is wrong with the Network from emotional stories.

If you can connect via Wire then the problem is NO ISP Internet connection or any thing like this. The problem is the configuration of the Wireless Connection.

-------------
Maybe this can Help.
Go over these steps and tell us where the breaking point is.
Check the Device Manager for valid Wireless card entry.
http://www.ezlan.net/Win7/net_dm.jpg
If there is No valid entry, delete any Bogus Entry, and re-install the Wireless card's Drivers.
Check the Network connections to make sure that you have a Wireless Network Connection Icon/Entry, and that the Properties of the Icon (right click on the Icon) are correctly configured with TCP/IPv4 protocol in the Network Connections Properties.
http://www.ezlan.net/Win7/net_connection_tcp.jpg

------------------
Many Wireless cards' drivers also install the vendor's Wireless utility.
Make sure that if there is a vendor's Wireless Utility is Not Running together with the Windows native Wireless utility (WLAN Service) .
----------------
Make sure that No Firewall is preventing/blocking the Wireless components to get to the Network.
Some 3rd party Software Firewalls/AV/Security suit,s keep blocking aspects of Local Traffic even it they are turned Off (disabled).
If possible configure the Firewall /Security suit correctly, otherwise totally uninstall it, and get rid of its residual processes to allow clean flow of local network traffic.
If the 3rd party software is uninstalled or disables, make sure that Windows native Firewall is On .
3rd party Network mangers like Bonjour, and NetMagic can block local traffic too.
---------------------------
Working TCP/IP stack should look this way.
Right click on the Wire card Network Connection, choose Status, Details, and see if it got an IP and the rest of the settings.
http://www.ezlan.net/Win7/status-nic.jpg
Description is the card manufacturing data.
Physical address is the card's MAC number.
The xx should be a number from 0 to 255 (all xx same number).
yy should be from 0 to 255
zz should be from 0 to 255 (all zz the same number.
The lease date should be valid to the current time.
*Note 1. IP that starts with 169.xxx.xxx.xxx is not valid functional IP.
*Note 2. There might be an IPv6 entries too. However, they are not functional for Internet traffic or LAN. They are needed for Win 7 special HomeGroup configuration. ---------------------------------------------------
A message in the Wireless little Window that says Connected does not means that your are really have a valid functional connection.
If everything above is OK you have to be able to connect to the Router.
Connecting to the Router means that you can enter the Router's core IP into an address bar of a browse, be able to connect, see, and configure the Router's menus.
If it does not connecting to the Router, log from any computer that can connect to Wireless Router with a Wire, disable the Wireless Security, make sure that the Wireless broadcast SSID is On, and try to connect with No Wireless security.
Enable the Wireless security after you mange to establish a functional connection.

 

[cmf21]

Let me try again. We get our internet service through a local provider by a wireless connection. Nothing else is available. Our home network consists of two computers, a printer, and a shared printer. One computer and the shared printer is attached to the router by a cable and the other computer uses a wireless card to connect to the router.

The problem started when we my father wanted to use this shared printer on his computer with the cable connection. I had set this printer up previously with a permanent ip address in the router but the computer couldn't not find it to install the driver. We tried everything even rebooting / reseting the router only to lose all internet connectivity. I didn't change a single setting. We unplugged cables, checked settings to make sure everything was on but nothing. I thought I screwed up the router permanently.

I had another brand new router laying around and tried that. Sometimes the computer with the cable connection to the router would have internet, sometimes not. We it did, we set up security, added password, and that's it. Didn't even add the printer yet. I tried adding connecting to the router with my computer which uses a wireless card but it would not connect. If I disabled security it would connect but not with security on. After playing with things for a bit, I discovered that if I left security on and disconnect the power to the router and turned it back on, the computer was allowed to connect. Very strange.

Got tired of doing this for a full day and got in the mood to try fixing things. When I got into the router's menu, I started looking around and noticed another wireless connection that was going in and out. It had a mac address I didn't recognize, and this strange security key that said STA-ASSOC. It looked like someone else was on my connection possibly screwing around with things. I rebooted the router again hoping to kick them off but ended up not being able to get into the menu. The router apparently had no ip address to get back in.

Anyways, I disconnect everything leaving a computer attached and was able to get into the menu and changed the password. Plugged everything back in the this device reappears. I once again unplugged everything, doubled the password length, and disabled wps for the heck of it.

This time it worked and the mystery device was gone, my computer with the wireless card was allowed to connect, and the other computer was able to find the printer. I can't explain it any more then that. It's the strangest thing. Only thing I can think of is that this other device was somehow playing with our connection. Everything before adding the printer was working perfectly and this device was never there.

 

[Mushkins]

Let me try again. We get our internet service through a local provider by a wireless connection. Nothing else is available. Our home network consists of two computers, a printer, and a shared printer. One computer and the shared printer is attached to the router by a cable and the other computer uses a wireless card to connect to the router.

The problem started when we my father wanted to use this shared printer on his computer with the cable connection. I had set this printer up previously with a permanent ip address in the router but the computer couldn't not find it to install the driver. We tried everything even rebooting / reseting the router only to lose all internet connectivity. I didn't change a single setting. We unplugged cables, checked settings to make sure everything was on but nothing. I thought I screwed up the router permanently.

I had another brand new router laying around and tried that. Sometimes the computer with the cable connection to the router would have internet, sometimes not. We it did, we set up security, added password, and that's it. Didn't even add the printer yet. I tried adding connecting to the router with my computer which uses a wireless card but it would not connect. If I disabled security it would connect but not with security on. After playing with things for a bit, I discovered that if I left security on and disconnect the power to the router and turned it back on, the computer was allowed to connect. Very strange.

Got tired of doing this for a full day and got in the mood to try fixing things. When I got into the router's menu, I started looking around and noticed another wireless connection that was going in and out. It had a mac address I didn't recognize, and this strange security key that said STA-ASSOC. It looked like someone else was on my connection possibly screwing around with things. I rebooted the router again hoping to kick them off but ended up not being able to get into the menu. The router apparently had no ip address to get back in.

Anyways, I disconnect everything leaving a computer attached and was able to get into the menu and changed the password. Plugged everything back in the this device reappears. I once again unplugged everything, doubled the password length, and disabled wps for the heck of it.

This time it worked and the mystery device was gone and the computer with the wireless card was allowed to connect. I can't explain it any more then that. It's the strangest thing. Only thing I can think of is that this other device was somehow playing with our connection. Everything before adding the printer was working perfectly and this device was never there.

Still need more information to make any educated guesses here. What make and model was the first router? What about the second? Do you have DHCP turned on? Is it limited to only X amount of concurrent devices?

The router *had* to have an internal management IP address unless the firmware exploded, it just might not have been the same one. Router firmware does not let you unassign an internal IP, you just cant do it. Best way to find if its been changed by something is to do an ipconfig /all and look at your default gateway, which is the IP of your router 99.99% of times in a home setup.

Needing to power-cycle your devices after swapping them out is totally normal and recommended behavior. A network shutdown should always be performed from internal devices outward (PC > Router > Modem), and should be turned back on from outward in (Modem > Router > PC) in order to properly detect each device. Depending on the device, it may be using some form of MAC binding as security to prevent people from hot swapping their own hardware into your network, which is kind of overkill for home equipment but a lot of it (especially modems) still do it.

That being said, i've had Linksys N600 access points behave very similarly, where the second you turn security on the web management portal becomes unreachable and the device just craps a brick and doesnt work. This is obviously not intended behavior and those devices ended up right in the trash after tons of frustrating troubleshooting.

STA-ASSOC strikes me as notation from a network engineering perspective, not your typical PC name. If you still had that mystery MAC address, I would compare it to the MAC listed on whatever hardware your ISP is giving you to connect to their service wirelessly, it may have just been that wireless modem attempting to connect to *your* wifi instead of the ISPs tower. The MAC list in a home router typically shows connected devices even if they havent properly authenticated. If it was connecting to your stuff, that could explain why you didnt have an internet connection, and it may have just been bashing its head against the authentication step. Rebooting it all forced it to reconnect to the proper ISP equipment.

 

[cmf21]

Both routers are Rosewill RNX-N150RT. Stock firmware, no special settings or anything like that except for giving the network printer a permanent ip address. The ip for the router that we've used for the past few years is the address that is listed on the router. When we started having this problem after trying to add the printer to the other computer, we could not get into the router. I had checked ipconfig at one time and there was no ip address listed for the gateway. I was only able to get into it when the internet cable from my isp was unplugged. When internet was back on one computer, and I did my power trick to get the other computer connected was when I noticed that other connection.

After that mystery connection was gone, my wireless card could now connect, the one computer was able to find the printer and add it, and everything seemed back to normal. I can't explain it.

I going to look at the other router today and see what's wrong with that thing as I didn't change any settings.

 

[VirtualLarry]

I was only able to get into it when the internet cable from my isp was unplugged.

I thought that your internet connection was wireless (WISP). Please clarify how there is a cable from your ISP, for a wireless ISP.

 

[cmf21]

I thought that your internet connection was wireless (WISP). Please clarify how there is a cable from your ISP, for a wireless ISP.

Sorry. The internet cable to the router comes from the poe which connects to a wireless antenna outside.