0

So... I have a router (wireless, ASUS RT-N18U), connected to 4 pcs via cable and 1 tablet wireless.

After I noticed some performance drops in my network speed, I checked the traffic manager. The problem seems to be that my router is sending and receiving multiple TB (no, not GB, TB) per day. So I checked for example last 24h and it looked like this:

enter image description here

The image was taken a few minutes ago, as you can see there is a huge spike about 1h ago, that never dropped back.

So I disconnected all the devices except one, and nothing changed (same send / receive ratio). Then I closed the last pc, and opened one of the others (so if something was wrong with this one I should see at least a temporar drop). But nothing happened, not even a tiny spike.

Then I checked the real time tab, that looks like this:

enter image description here

As you can see there is nothing there (as I would expect since I had nothing going on).

Any idea what's going on there? I really don't get it.

EDIT: I rebooted and everything started well. Then after I downloaded something to test stuff it got stuck at maximum speed I achieved during download (the graph started to look the same as this one). Is like it keeps resending over and over the data somewhere. Although that should be pretty much impossible since I disconnected its antennae and he can't connect to anything that's further than 1 meter apart, and I shut down everything wired to it.

zozo
  • 753
  • 3
  • 11
  • 22
  • What do the wired and wireless tabs show? – davidgo Mar 21 '20 at 20:36
  • @davidgo Nothing, 0.00 kb/sec – zozo Mar 21 '20 at 21:27
  • I wonder if your router has been hacked. (Its possible - see https://www.bleepingcomputer.com/news/security/40-asus-rt-router-models-are-vulnerable-to-simple-hacks/ - and that was in 2017). I would be inclined to throw dd-wrt on it (https://dd-wrt.com/support/router-database/?model=RT-N18U) and restart from scratch. – davidgo Mar 21 '20 at 22:12
  • I was actually just checking that article :). It may have been hacked, I ordered a new model 10 min ago. Any idea what damage that may have done? Except ddos. I am worried about man in the middle attack. Since... I made some card payments using internet etc. Those cards may have been compromised right? – zozo Mar 21 '20 at 22:45
  • 1
    It is unlikely a MITM attack would compromise your credit card details if you were entering them on an https site as it is end-to-end encryption. More likely a not has been installed on your router to enlist it in a ddos or spam campaign. – davidgo Mar 21 '20 at 23:15

0 Answers0