How can he connect to another router when all his connections have to absolutely pass through his own router? There is no other house around and this is happening inside his local network. – harrymc – 2018-05-31T19:00:41.063

@harrymc this answer is also speculation. But my train of thought was this, I have personally witnessed duplicate Mac addresses on a LAN deployment, obviously this is rare. So it wouldn't surprise me if it is possible for other device interfaces.(it wouldn't be an issue if he was properly segregated). I'm also assuming like here, he has a fiber ONT box that is essentially a fiber to Ethernet bridge. I think his company forced a OTW firmware update over the network. Resetting all the routers in his local segment back to defaults. (improper provisioning on the ISP side I think caused it) – Tim_Stewart – 2018-05-31T20:37:16.153

It wasn't set to defaults - it got false identifiers. Highly unlikely that an ISP would force the download of firmware that was specially tailored per each user, for all the users on the network. Normally a duplicate MAC is impossible because it's a factory property of the network adapter, requiring a factory glitch to happen. The hacking of an adapter is also possible, but this would go beyond incompetence. – harrymc – 2018-05-31T20:46:15.223

@harrymc, VZ pushes firmware updates here, but only to their supplied routers. (FiOS & DSL.) The DSL routers do keep some nv-ram settings after an upgrade ( ppp user/pass) The op stated it rebooted, and came back up with defaults. This is by no means an authoritive answer. I feel like a virus or firmware attack is a stretch, the attacker would need to know the exact revision of the router, which isn't easily identified unless you have physical access to it. Most likely what would happen if you attempted this, is you would brick the router. – Tim_Stewart – 2018-05-31T21:43:33.020

The biggest argument against a firmware push is the fact that a reset got rid of it, because otherwise this would have persisted. This was rather a passing episode, lasting only as long as the router wasn't rebooted, which exactly suits the advice by the FBI. A reboot wouldn't have changed the MAC address.

@harrymc, is this a joke? Lol you are starting to sound very paranoid. I read it when they first posted it. Notice how the affected manufacturers were Linksys, Mikrotik, Netgear, QNAP, and TP-Link. NOT dlink or tenda – Tim_Stewart – 2018-06-01T05:28:12.717

Who said that the list was complete? This is a rather old router, after all, with no updates available any more. There is nothing paranoid about botnets that total hundreds of millions of devices. – harrymc – 2018-06-01T05:32:04.370

We are going to have to agree to disagree. There isn't really much more to say. Sorry you got bent out of shape from a couple people who down-voted your silly answer. It wasn't me. – Tim_Stewart – 2018-06-01T05:35:01.753

When you have eliminated the impossible, whatever remains, however improbable, must be the truth. – Sherlock Holmes – harrymc – 2018-06-01T07:05:32.077

"there are no houses or anything nearby at least for half a kilometer". – harrymc – 2018-05-31T19:04:33.450

And... ?? 500 meters? It is not an impossible thing, even from such a distance. 2.4GHz has very long range with appropriate devices. AFAIK. – None – 2018-05-31T19:57:27.647

500m and through several walls of farm-houses is rather unlikely. Even so, why would his computer pick up a very faint source when a strong one is nearby? In any case, this requires that both routers use the same channel, so with interference this scenario is rather impossible. – harrymc – 2018-05-31T20:16:44.690

Who knows? For example he/she works in an important place, or a stupid script kiddie got the required devices, tools, and thought "it's a good joke" etc. (IMHO) Some years ago, I've seen a near plaza's access points on my router. They are about 2-3kms from me.<br>But... Did you read my answer's first part? – None – 2018-05-31T20:19:23.530

A script kiddie that got some pretty expensive equipment just to play pranks? The plaza access points may be visible but wouldn't work too well. – harrymc – 2018-05-31T20:21:23.983

Expensive? For who? – None – 2018-05-31T20:23:05.707

Emitter that is powerful enough from 500m to overcome a local nearby router is the domain of SciFi. – harrymc – 2018-05-31T20:24:52.220

@harrymc, not sci-fi at all. It's called a parabolic dish antenna hooked up to a $20 eBay amplifier. If you also have a SDR in the 2.4ghz range you can figure out EXACT positioning to overcome the distance limitations you call Sci-fi. BTW all of the mentioned equipment totals less then 50 bucks. So it's not really expensive at all. – Tim_Stewart – 2018-05-31T21:52:06.443

@Tim_Stewart: This will extend the range, but not make it stronger than a local emitter. Someone saw too many James Bond films, I think. – harrymc – 2018-06-01T05:23:58.987

Dude, it's basic science. Not James bond movies, real world penetration testing. Try it for yourself it only takes minimal effort. – Tim_Stewart – 2018-06-01T05:29:51.273

@Tim_Stewart: You forget that his router rebooted while he was using it, so he was already connected to his own router. For this to happen someone had to connect to his router, crack his non-default password and cause a reboot after which his computer will connect to another source. The poster doesn't have the equipment for his router to be picked up at 500m. Unless someone planted a transmitter/receiver right next to his house - real James Bond scenario. And don't forget the dogs ... – harrymc – 2018-06-01T05:40:40.677

The only thing you are proving to anyone with the comments in this answer, is that you do not understand antenna theory... This comment specifically makes me think you have not penetration tested your own equipment. There IS NO disconnect from the users perspective, it's as if there was a router setup for AP roaming. It's transparent to the user. I'm not defending this users answer. I am defending his claim to that distance, honestly it's a trivial claim, depending on the amp in use it could be much farther than he even claimed. – Tim_Stewart – 2018-06-01T12:12:40.530

@Tim_Stewart: I have a much stronger router than the poster and I also live in an ancient farm-house. I lose connection at less than 50m distance from my house. Connected from 500m is ridiculous. – harrymc – 2018-06-03T17:12:07.443

@harrymc, not at all rediculous. I live in a suburban environment with plenty of interference and it's still possible. (Over 80 AP's in range) Your statement is relative to the ANTENNAS both your router and client device are using. Most laptops, cell phones & Tablets have zero gain antennas, you have to build your own solution to achieve it. The key is the focused parabolic, as it cancels more than 50% of interference local to that transmitter. 50M is pretty bad even for omni-directional. You sure you don't have lead in your walls? – Tim_Stewart – 2018-06-03T17:31:06.680

The best I have achieved, (which was in a farmhouse house) closest neighbor was a quarter of a mile. We had a stable link from 2.2 miles. Parabolic connected to omni-directional, with steady -68 RSSI. – Tim_Stewart – 2018-06-03T17:37:12.507

@Tim_Stewart: Excuse me, you're not talking here about picking up a router at 500m, but about picking up a computer's network adapter at 500m and through walls and convincing it that it's talking to his router, without omnidirectional antenna on the poster's side. Flatly impossible (except maybe for the FBI). This also won't explain why his own router rebooted. – harrymc – 2018-06-03T17:43:04.230

No, both sides were routers. Are you implying that said farmhouse has no windows? You can repeat "not possible" all you want, it doesn't change the physics's behind antenna theory. Again not defending this users post. Just the distance claim. You seem to be a little obsessed with the FBI, The physics doesn't change whether you are the FBI or a digital hoodlum. As far as over-powering the client device, follow the Friis transmission equation. BTW, to achieve this you most certainly will be breaking local radio regulations. But this does not make it impossible. – Tim_Stewart – 2018-06-03T18:01:35.683

1err...why would a virus even replace the firmware with one that's apparently from another company? – Journeyman Geek – 2018-05-31T17:17:47.647

@JourneymanGeek: There are heaps of router bugs now being uncovered, and some manufacturers are begging users to upgrade firmware. As does the FBI for example. But there is no possibility of upgrading his router. I don't know if an attack exists that replaces the passwords file, but this looks extremely suspicious. The other answers don't look likely in view of what this guy is saying : very isolated house/line and no other networks that his devices could have picked up.

2But this is completely speculative. If you could find an example where a dlink router has its router that's been replaced by another brand... maybe but right now this has the air of "my brother's wife's aunt's cousin heard that" – Journeyman Geek – 2018-05-31T18:50:24.237

@JourneymanGeek: I'm trying to be analytical : An impossible event has happened that cannot be explained by any action of the user or his ISP. His router was evidently remotely trafficked by an external agency. So what does it look like? My advice is to better be safe than sorry. – harrymc – 2018-05-31T18:55:15.460

Downvoters: Up to now this is the only answer that fits the described facts. The downvotes may actually prevent the poster from taking this answer seriously and from taking preventive action. – harrymc – 2018-05-31T20:34:33.360

1I think... That's kind of the point – Journeyman Geek – 2018-06-01T01:42:19.830

@JourneymanGeek: Very funny. I'm afraid that most people don't appreciate the extent of the latest discovered vulnerabilities for unpatched routers. I haven't seen any technical argument against my answer, while there are plenty such for the other answers. A plausible explanation I considered was that an electrical spike caused his router to reset, and that the bogus id is baked into the original firmware, but the poster would certainly have remarked upon it. – harrymc – 2018-06-01T07:26:23.613

@JourneymanGeek: When you have eliminated the impossible, whatever remains, however improbable, must be the truth. – Sir Arthur Conan Doyle, stated by Sherlock Holmes – harrymc – 2018-06-01T07:27:28.727