Hey all,
Weird occurrence happened the other day. Was at my desktop when I noticed it started lagging HARD. Checked task manager and noticed logon processes spawning like crazy and sucking up CPU resources. Googled it and realized someone had found my RDP port and was brute forcing it trying to find a way in.
I banned the IP range through my software firewall and then turned off terminal services altogether until I looked further into it.
Then something weird happened. I found out I could only sporadically pull up websites. The actual physical connection seemed solid because skype and other non-web page services were fine. But every 2 or 3 tries, a website wouldn't resolve, almost as if DNS were being flakey. Pings also couldn't resolve to IPs, so I assumed it was DNS.
So I change to google DNS and the exact same thing happens. Also occurs on my ipad, my laptop, and my phone, so it def wasn't just this machine. Used different DNS servers on 2 diff machines and same thing. Weird.
Called Tier3 tech support with my ISP and the sr tech was basically like "yeah dude good luck with that, i have no f'ing idea either."
Then on a whim, I decided to hard reset my router/cable modem to default settings, even though both of us looked through config and everything seemed to be fine. Amazingly, it worked.
My question is:
a) Did the brute force attack have anything to do with the router malfunction or was it a big coincidence?
b) Is it possible to actually corrupt router software/firmware with a brute force attack? Keep in mind terminal services would boot remote connections after a few bad attempts so it's not like they were hammering hundreds of tries a minute.
Thoughts?
Weird occurrence happened the other day. Was at my desktop when I noticed it started lagging HARD. Checked task manager and noticed logon processes spawning like crazy and sucking up CPU resources. Googled it and realized someone had found my RDP port and was brute forcing it trying to find a way in.
I banned the IP range through my software firewall and then turned off terminal services altogether until I looked further into it.
Then something weird happened. I found out I could only sporadically pull up websites. The actual physical connection seemed solid because skype and other non-web page services were fine. But every 2 or 3 tries, a website wouldn't resolve, almost as if DNS were being flakey. Pings also couldn't resolve to IPs, so I assumed it was DNS.
So I change to google DNS and the exact same thing happens. Also occurs on my ipad, my laptop, and my phone, so it def wasn't just this machine. Used different DNS servers on 2 diff machines and same thing. Weird.
Called Tier3 tech support with my ISP and the sr tech was basically like "yeah dude good luck with that, i have no f'ing idea either."
Then on a whim, I decided to hard reset my router/cable modem to default settings, even though both of us looked through config and everything seemed to be fine. Amazingly, it worked.
My question is:
a) Did the brute force attack have anything to do with the router malfunction or was it a big coincidence?
b) Is it possible to actually corrupt router software/firmware with a brute force attack? Keep in mind terminal services would boot remote connections after a few bad attempts so it's not like they were hammering hundreds of tries a minute.
Thoughts?