Question Router malware?

cbaxterm

Commendable
Feb 9, 2017
3
0
1,510
0
I have a Linksys EA2700 v1 router that appears to be functioning normally except that it assigns itself a random Class C IP address.

I do a 30-30-30 reset to set everything back to factory defaults and the IP address is 192.168.1.1.

About 50 seconds after connecting the router to the modem using the "Internet" socket the IP address changes to a Class C IP such as 10.221.13.104 or 10.251.195.104 and this IP is different every time I reset the router. If I do not connect the router to the internet, the default IP 192.168.1.1 stays in place for hours, but always self-assigns a Class C IP within a minute of connecting to the internet.

Tech support at Linksys says this is a hardware failure. To me this behavior is what I might expect to see in the case of a malware infection in the router firmware connecting to a botnet.

I would like to investigate this further, but how to proceed?
 

AllanGH

Notable
Mar 10, 2019
1,137
184
940
29
The general market consensus is that the model you named is a bit of a dog. Linksys was a relatively trouble-free brand before Cisco bought them, but they seem to have gone downhill since the buy-out.

If a firmware update doesn't help, I'd pitch it and move to a different brand router.

So far, Netgear has been a good performer for our household, and I'd recommend that you look over what they have to offer before you make a purchase selection.
 

kanewolf

Titan
Moderator
I have a Linksys EA2700 v1 router that appears to be functioning normally except that it assigns itself a random Class C IP address.

I do a 30-30-30 reset to set everything back to factory defaults and the IP address is 192.168.1.1.

About 50 seconds after connecting the router to the modem using the "Internet" socket the IP address changes to a Class C IP such as 10.221.13.104 or 10.251.195.104 and this IP is different every time I reset the router. If I do not connect the router to the internet, the default IP 192.168.1.1 stays in place for hours, but always self-assigns a Class C IP within a minute of connecting to the internet.

Tech support at Linksys says this is a hardware failure. To me this behavior is what I might expect to see in the case of a malware infection in the router firmware connecting to a botnet.

I would like to investigate this further, but how to proceed?
10.x.y.z networks are private networks just like 192.168.x.y . So the NAT function is probably still intact. That is the majority of the protection that the router provides.

How to proceed, remove the router from service. Create an isolated network to play with it. Connect a serial port to the internal pins. Treat it like it is, an experiment and not a primary network device.
 
That router supports a couple third party firmware images check to see if you have factory firmware on the device. I guess it depends where you got the router since you tend to remember loading third party firmware since it is not always simple.
 

Similar threads


ASK THE COMMUNITY

TRENDING THREADS