How to tell if a Router is Compromised?

Discussion in 'Hardware' started by wootah, Mar 22, 2013.

  1. wootah

    wootah Private E-2

    I know this isn't the malware forum.
    But to post there you need to go through an extensive process of downloading tools and scanning the suspected infected computer.

    I don't think the computer is infected, but I suspect the router is.
    However there is very little on the web about infected routers.

    Here is what happened.
    Someone on the network clicked on an 'infected' link on facebook.
    Microsoft standalone security sweeper(USB-latest definitions) was used on the computer. Nothing was found.

    1)Internet/router starts behaving oddly at random times day and night.
    2)Looking at the router I see that the firewall has A TON of permissions set by uPnP for a single computer. Approximately 145 UDP ports. These permissiosn were set all to the same computer from which the link was clicked.
    3) Upon going to the uPnP tab, the browser (chrome) tells me that it thinks the webpage is in slovakian.
    Picture: https://docs.google.com/file/d/0B1KYrkkdLVFBYlBld3VYa3QxQ2M/edit?usp=sharing

    Searching google I don't find anything about the slovakian language on a UPnP page.

    Is the router compromised? Is there a way to tell?
     
    wootah, Mar 22, 2013
    #1
  2. plodr

    plodr MajorGeek Super Extraordinaire Moderator Staff Member

    plodr, Mar 22, 2013
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds