Unknown network device

[ImBeingHacked]

Hello, I've been having strange things happen on my network - such as emails being compromised even when I change the password (Gmail & Hotmail recent activity shows other devices/IPs). The other people on the network deny any blame.
I have access to the router GUI which shows nothing out of the ordinary, however Telnet logs display some user access. I know some basic commands which displayed dodgy DNS settings, I flushed these and now it shows the correct ISP DNS servers. However a new device has now shown up on the network with an IP at the end of the range (.253) and a MAC address which is almost identical to the router MAC, bar one letter changed. It doesnt correspond to any vendor.

I have tried using VPN's, proxies etc with Firewalls restricting everything except the browser & changing my password to obscure characters but it seems like none of my traffic is encrypted.

Note: There is financial incentive for my information to be hacked. Even the notes I write in my Memo on my phone and websites / articles I read online are often commented on.

I've tried all I can think of but it doesn't seem to be of much use. Should a VPN & Firewall give you protection on a compromised network?

 

[AnonymouseUser]

Should a VPN & Firewall give you protection on a compromised network?

No. VPN only encrypts your data between your PC and the VPN, not your local network. Firewalls mostly only block WAN traffic as well, not LAN.

If your network is not encrypted (eg, no wifi password), or using insecure encryption (WEP/WPA) then change it to WPA2 (not the combination of WPA/WPA2). Then use a password generator to generate a new password and use that for the WPA2 password. Finally, disable WPS on the router.

 

[JackMDS]

It seems that the problem is Internal and you are Hacked by someone who is on you Network.

Since you did not provided info about the nature of the LAN and how it is used it is hard to know what to advise.

As an example if it is LAN shared by few/many and they all need to access the Network via Wire or Wireless changing local Network general passwords is useless, You can protected your self by making sure that Sharing is Off across you computer. If you know how to manipulate the Firewall on your computer you can also block Local Access of Network IPs.

 

[ImBeingHacked]

No. VPN only encrypts your data between your PC and the VPN, not your local network. Firewalls mostly only block WAN traffic as well, not LAN.

If your network is not encrypted (eg, no wifi password), or using insecure encryption (WEP/WPA) then change it to WPA2 (not the combination of WPA/WPA2). Then use a password generator to generate a new password and use that for the WPA2 password. Finally, disable WPS on the router.

Password & encryption is on, it's likely other other users on the network messing with router/proxy settings. Is there any way to prevent access to a device via LAN? Maybe turn off SSH, ensure FTP is disabled etc? My firewall has an option to prevent inbound/outbound LAN traffic but it is an experimenal feature which im not sure works. Thank you for your reply.

 

[ImBeingHacked]

It seems that the problem is Internal and you are Hacked by someone who is on you Network.

Since you did not provided info about the nature of the LAN and how it is used it is hard to know what to advise.

As an example if it is LAN shared by few/many and they all need to access the Network via Wire or Wireless changing local Network general passwords is useless, You can protected your self by making sure that Sharing is Off across you computer. If you know how to manipulate the Firewall on your computer you can also block Local Access of Network IPs.

Thank you, that does describe my network - I can't provide much details about the LAN set up other than what I say in my first post as the router is old, it has a poor GUI and relies on Telnet for configuration which im not familiar with. Traceroot has shown my LAN IP to hop to other countries before & sometimes to places in my city, rather than directly to my ISP before reaching the internet. Im just trying to encrypt my traffic & block access to my devices rather than change the settings but strangely VPN & Firewall doesn't achieve this.

 

[John Connor]

What is the make and model of the router? Make sure it has the latest firmware. Especially if it's Netgear or Linksys. Never mind. Sounds like an old commercial router. Without knowing the makeup of your network and all permissions, etc you have, how you configured things, this makes it very hard to determine what's going on. I would replace that router though.

I can't tell you how many zombie routers I have seen try to hack my websites. I feel bad for these people because they probably blame their ISP for a slow connection, all the while their router has been hacked.

For the ultimate in protection, use Sophos Firewall and an ITX computer with two NICs to run it. Place said firewall before the router.