LebGeeks

A community for technology geeks in Lebanon.

You are not logged in.

#1 September 11 2019

VincentKeyboard
Member

Weird entry in router logs.

I just saw this entry in the router logs. Notice the last entry 192.168.1.88

https://i.imgur.com/uCrx6ZN.png

1) The router's dhcp settings only give out ip addresses ending with 100 to 200. The means he tried to use a static ip address.
2) The mac address filter only allows a specific list of mac addresses to access the internet so had he chosen an ip address of 150, he would have needed to hack into the router admin panel as well to whitelist his machine.

The router is a TL-WR841N v13 00000013
Does anyone know any way I can further secure this thing besides changing the wifi password which I already did?

Last edited by VincentKeyboard (September 11 2019)

Offline

#2 September 11 2019

Prince
Member

Re: Weird entry in router logs.

First of all this mac of 192 168 1 88 looks like Intel Corporate its a PC not a router please change your router password and change your wifi and keep monitoring your router.

Offline

#3 September 11 2019

duke-of-bytes
Member

Re: Weird entry in router logs.

It doesn't look like a lot of activity

Offline

#4 September 11 2019

VincentKeyboard
Member

Re: Weird entry in router logs.

@Prince, alright thank you. The password is now longer (21 chars) so it should be more difficult to crack (hopefully).

duke-of-bytes wrote:

It doesn't look like a lot of activity

That is likely because he couldn't use the internet anyway because his mac address is not whitelisted.
My router admin user/password are both different that the stock ones so I suppose he was too lazy to crack those.

Offline

#5 September 12 2019

duke-of-bytes
Member

Re: Weird entry in router logs.

VincentKeyboard wrote:

@Prince, alright thank you. The password is now longer (21 chars) so it should be more difficult to crack (hopefully).

duke-of-bytes wrote:

It doesn't look like a lot of activity

That is likely because he couldn't use the internet anyway because his mac address is not whitelisted.
My router admin user/password are both different that the stock ones so I suppose he was too lazy to crack those.

exactly .. so most probably it is only your wifi password that was compromised and not your router admin

Offline

Board footer