Question Router malware?

Toggle sidebar Toggle sidebar
cbaxterm

cbaxterm

Reputable
Feb 9, 2017
4
0
4,510
I have a Linksys EA2700 v1 router that appears to be functioning normally except that it assigns itself a random Class C IP address.

I do a 30-30-30 reset to set everything back to factory defaults and the IP address is 192.168.1.1.

About 50 seconds after connecting the router to the modem using the "Internet" socket the IP address changes to a Class C IP such as 10.221.13.104 or 10.251.195.104 and this IP is different every time I reset the router. If I do not connect the router to the internet, the default IP 192.168.1.1 stays in place for hours, but always self-assigns a Class C IP within a minute of connecting to the internet.

Tech support at Linksys says this is a hardware failure. To me this behavior is what I might expect to see in the case of a malware infection in the router firmware connecting to a botnet.

I would like to investigate this further, but how to proceed?
 
Sort by date Sort by votes
AllanGH

AllanGH

Reputable
Mar 10, 2019
2,552
538
4,090
www.domovoi.tech
The general market consensus is that the model you named is a bit of a dog. Linksys was a relatively trouble-free brand before Cisco bought them, but they seem to have gone downhill since the buy-out.

If a firmware update doesn't help, I'd pitch it and move to a different brand router.

So far, Netgear has been a good performer for our household, and I'd recommend that you look over what they have to offer before you make a purchase selection.
 
Upvote 0 Downvote
kanewolf

kanewolf

Titan
Moderator
May 29, 2013
37,277
3,262
156,790
cbaxterm said:
I have a Linksys EA2700 v1 router that appears to be functioning normally except that it assigns itself a random Class C IP address.

I do a 30-30-30 reset to set everything back to factory defaults and the IP address is 192.168.1.1.

About 50 seconds after connecting the router to the modem using the "Internet" socket the IP address changes to a Class C IP such as 10.221.13.104 or 10.251.195.104 and this IP is different every time I reset the router. If I do not connect the router to the internet, the default IP 192.168.1.1 stays in place for hours, but always self-assigns a Class C IP within a minute of connecting to the internet.

Tech support at Linksys says this is a hardware failure. To me this behavior is what I might expect to see in the case of a malware infection in the router firmware connecting to a botnet.

I would like to investigate this further, but how to proceed?
Click to expand...
10.x.y.z networks are private networks just like 192.168.x.y . So the NAT function is probably still intact. That is the majority of the protection that the router provides.

How to proceed, remove the router from service. Create an isolated network to play with it. Connect a serial port to the internal pins. Treat it like it is, an experiment and not a primary network device.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom