Router Virus?

[Perfection]

So here's the deal. I'm the network administrator for a fraternity...and have posted on here once or twice before about our problems with Nexland routers and load-balancing etc.

Well, we JUST switched to Comcast Internet earlier today and everything appeared to be going great until just a few minutes ago when the router/modem Comcast provided stopped working. The Internet was down and I couldn't even get into the web interface of the router/modem.

At issue is that we had a very similar situation occur with the NexlandPro800 routers we were using when we had DSL service. The Nexland's would stop working for no apparent reason, just as the cable modem just did. When I unplug (turn the power off) and turn the devices back on, they begin to work fine again.

Thus, I have come to the conclusion that we must have some sort of virus in one of computers on the network that is infecting the routers, which then lose the virus when the lose their memory on the reboot...only to be reinfected soon after. Alternatively, I could possibly see how a few computer hosts could be DOS-style attacking the router.

Anyways, this is a major problem for me and my entire fraternity of 70 guys. If there was a router virus (I don't know how it would transmit/act on the computers themselves) then would a program such as Norton take care of them. Or do I need to get some sort of specialist/different program for this virus.

The cable technican who put the lines in earlier today said that he has heard of similar problems where it turned out to be a virus.

So everyone please help me. Is it a virus? Either way, what tools/actions do I need to do to fix this!

Thanks in advance,

Perfection

 

[spidey07]

Well the router having a virus is pretty much non-existant, as that is really un-heard of.

A PC having a worm/virus that could overwhelm the router is quite common however. You're best bet it to use ethereal to find out who is generating the offending traffic (or some kind of intrusion detection software to find out) and track down that machine and get it cleaned.

Sorry I'm not help here, but this kind of tracking and tracing requires considerable skill and can't be explained on a forum. There is no magic wand here to make it go away.

 

[ColKurtz]

There are no "router viruses" that I know of. I experience a similar problem from time to time and have developed a conspiracy theory of sorts. In my case, I have a pretty consistent connection with my cable modem *until* I load up my bittorrent client with a bunch of files. Then my connection drops frequently, and I have to reset my router to restore the connection. A friend of mine (we're both on RoadRunner) has the exact same problem.

I think your problem is all your frat brothers' downloading donkey porn... err... research papers. I frequently read the claim that 1/3 of all internet traffic is sucked up by P2P (not hard to believe, IMO). That percentage is even higher for some individual service providers. One way providers may limit this "wasted" bandwidth, and here's where my theory comes in, is to remotely reset the cable modem. This exploits the fact that, in my setup at least, the router or computer has to be booted *after* the cable modem. If the router resets, it will associate with the first MAC address that comes up - but won't acknowledge existing connections. If my PC is direct-connected, I have to reboot; if my router is connected, I have to reset it.

Admittedly maybe this is just the behavior of my consumer-grade netgear router, and this whole process is going to annoy customers targeted by this process which is generally not a good idea since they may look to take their business elsewhere. But maybe they don't want these "loss-leader" bandwidth-hog customers, and wouldn't really care if they cancelled service.

Anyway, that's my theory. It's not all that well thought out, and doesn't help your problem, but hopefully someone will shoot it down b/c an answer to your problem might help me out too

 

[cmetz]

Perfection, go get Ethereal and sniff your LAN port feeding the router. If there's traffic from a Windows virus making that box fall over, it'll likely be obvious from a packet trace - many viruses simply blast out traffic.

You might seriously consider OpenBSD on a PC as your firewall/router. It will be a lot better able to cope with these sorts of problems than a SOHO device, partly because of better code and partly because of a lot more memory.

 

[Perfection]

I didn't really think that it would be a router virus..per say, as I've never heard of any of those either. However, I must admit that I am somewhat of a newb and thus do not quite understand how to utilize the information I'm getting from ethereal properly. I installed it on my computer on my desk, and it is only picking up my transmissions. I think that cmetz was saying that I should somehow hook up a computer to be able to read all of the traffic coming in from my two switching, but I'm unsure of how to do that. Once I can get a log of all of the traffic then I will be able to figure out who's computers are sending out overwhemling amounts of data.

And this problem is quite persistant. First on a Nexland router and DSL service...and now we are using a Comcast Modem/Router combo and are having hte same problems.

Thanks for the help...and please try to help walk me through this process a little bit as I really don't know exactly what I'm doing regarding ethereal.

Thank you VERY Much.

 

[loup garou]

Like Spidey said, it could be lots of things. My best general guess is that the routers you are using are logging a ton of events (either incoming or outgoing) and the logs are being flooded.

I've had the same situation before and I've found the easiest way to deal with the headache is to go to RadioShack, buy a digital timer, and set it up to restart the power every 12 hours. Plug router into timer, timer into AC socket. THIS IS NOT A SOLUTION--but, it will buy you some time to get the guys off your back while you try to figure out what exactly is going on.

 

[ColKurtz]

Originally posted by: werk
I've had the same situation before and I've found the easiest way to deal with the headache is to go to RadioShack, buy a digital timer, and set it up to restart the power every 12 hours.

That is a darn good idea, werk! It might not work for the OP, but that's a fine idea for my similar problem. Thanks!

 

[Tazanator]

Might be better to have him put MRTG on his box and look at the graphs of traffic this will let him see when the router is getting over whelmed. with 70 people maybe you should spend the $800 for a comercial router.

 

[Slvrtg277]

Get a cheap hub and put it between the router and your lan segment, with your pc connected to one of the ports in the hub. Run Ethereal and you will get all traffic captured that is sent to the router. Analyze and find the major source of traffic.