Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1843
Views
0
Helpful
2
Replies

RV042 hacked

rainer002
Level 1
Level 1

‎11-26-2013 07:35 PM

my rv042

Serial Number :           NKS15520572

Firmware Version :           v4.2.2.08 (Apr 26 2013 19:12:26)

PID VID :           RV042 V03

no vpn tunnels

no ttpt

ports open 80, 5000. 21

problem :

router is working  for 1 year   no problem.

now i have found some strange  records in the logfile when this packets show up at the router log the router can not be accessed any more by the log on screen. you can enter user name and password  the router is not sending any thing else after  enter user name and password.

the internet connection on the lan side has no problems 

if there is a vpn tunel gateway to gateway  the tunnel will drop.

the firewall is still working

but the router is not managable anymore.

after a power  off/on

i'm able to log on.  the router was for 1 year on port 8080 https.

now i changed the remote port to 8888  and no more hangup.

vpn tunnels working days.

i switch back to remote managin port 8080  after 1 hour or so  i start getting the strange packets  and the router hang up.

change port 8888 no hangup.

so  i'm sure there is a way that you can kill the rv042  and may be use a different way

the logfile  after a power off/on is blank.

it look like it is not related to the firmware version as i updated it. what did not solve the problem.

how to solve it ?

Labels:
0 Helpful
2 Replies 2

Tom Watts
VIP Alumni
VIP Alumni

‎11-27-2013 08:45 AM

Hi Rainer, if you'd like, you can set up an external syslog to log events from the router without losing access to them. That may shed some light on your problem.

If you feel you're being hacked or exploited in such a manner, you may want to consider contacting your ISP. If someone knows your external IP and your remote management port, you are the person who allows that connection since you configured it on the router.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

rainer002
Level 1
Level 1
In response to Tom Watts

‎11-27-2013 10:56 PM

Hi tom watts

i'm in contact with the isp, we blocked some ports before to stop a other  flooding.

but since i changed the port from 8080to 8888 the router is back to normal.

the vpn gateway to gateway's  working.

it is a clear sign that it is possible to just send some strange packets and the router hang up on the logon screen.

i'm worry as  we can not see what else the hacker can do see or make.

what i can make is ask the isp to setup a log for the fix ip and put back the router to the 8080 port.

lets see if the isp can provide me with the log

0 Helpful
Customers Also Viewed These Support Documents