Hacker News new | past | comments | ask | show | jobs | submit login
How do I check if our home network is compromised?
8 points by slategruen on Jan 31, 2022 | hide | past | favorite | 10 comments
We have been experiencing regular network slowdowns and packet losses at around the same time for the past few days. It usually happens in the morning even though our network usage is not as heavy as it is at night during that time. The slowdown is not limited to a single device so it had me kind of worried about the security of our network.

I have not contacted my ISP about this issue because I want to rule out any fault on my side. However, one problem I have is our router's software is proprietary and the network device given to us is a modem/router combo. I have administrator access to the router but that's about it; flashing it is probably out of the question.

Any suggestions how would I deal with this? Where should I start troubleshooting?




I don't see periodic packet loss as a very convincing indicator of compromise by itself.

It's more likely a shared part of your ISP network, beyond your front door, overloaded or struggling.

In your router you should be able to monitor things like link snr and see how it acts when working well and showing the problem. Same with packetloss to your gateway.


Can you run some WiFi scanner at that time to see which devices are connected to your router at that time? I used Fing [1] on Android for that.

This seems like the simplest way.

[1] https://www.fing.com/products/Fing-app


Use a router with pfSense or OPNSense so you can see egress traffic & know what is flowing outbound from your network. Visibility into this traffic is really the only way to know for sure what is going on.


Does the router UI give you any log or graph of in/out bound bandwidth?

If it does, stop all home devices around the time and see what comes in and goes out.


It has debug log (which I have trouble deciphering), firewall log (empty), and user log (I haven't been thorough yet but it looks like I'm the only one logging-in).


Use 'mtr' to monitor packet loss on the network and see where it's actually originating.


Change the passwords?


I mean, if you turn off WiFi radios, unplug from ISP, remove the antennas, and then reset with a single Ethernet connection, it’s really beyond the typical imagination to have the device still compromised. If you don’t trust it at that point, just get your own. Air gapping is the best you can do. So.. if you have access to a subterranean lair, take your laptop and modem/router down there (at least 50 feet). Then perform the reset.


Here is an attempt to get this right: 1. Turn off wifi on your router so no other clients can connect. 2. Connect directly to the ethernet port. 3. Issue factory reset. Do not reuse old admin or wifi passwords after reset.


depending on how compromised, the password might be visible. Also router dashboards usually communicate through http which is plain text password on the local network.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: