Find solution
Can two network adapters work in different IP protocols simultaneously?

Need help securing/troubleshooting my household WiFi Network

  • I am incredibly geeky (though I certainly know geeks who are moreso) and somewhat hackerish, been running my household WiFi and Wired network to dozens of devices for several years and everything was fine until my Mom's new housesitter brought a laptop into the network that was profoundly infected with various malware. I THINK the malware issue is still contained to his laptop but household broadband utilization went from 200 - 300 GB per month in January/February to more than 650 GB in March and we're still racking up 10-12 GB per day in April. I need help with what to do without alienating anyone and what I can do to support the housesitter while he also works locally on his computer to remove the malware. Brainstorming, new techniques, anything like that would be helpful. The primary symptoms: - Comcast XFinity Blast Broadband (approx 50 Mbps/10 Mbps when not utilized locally and running smoothly) - Intermittent issues now where the available shared downstream goes to 1 - 5 Mbps or lower per device. (renders Corporate VPN connections unusably slow) - Router getting spammed with uPNP connections every 30 - 45 seconds from housesitter's computer's IP - Malwarebytes run against houseitter's computer came up with OpenCandy and Conduit Community Alerts as primary infections - Again, normal utilization is around 200 - 300 GB per month but with housesitter on network, utilization went up to 650 GB for March. Setup:Cable modem: uBee DDM3513 Docsis 3.0 Cable Modem (line tested by Comcast today and determined healthy)Router: NETGEAR Wireless Router - N900 Dual Band Gigabit (WNDR4500) (1.5 years old - to be honest, the Wireless ac function is a little unstable and silly lately anyway so I'm replacing it today with a delivery). Will probably repurpose this router as an AP.New Router coming in today: NETGEAR Nighthawk AC1900 Dual Band WiFi Gigabit Router (R7000)Wired connection throughout house serves a number of devices using Netgear hubs and switches, most of them ProSafe switches. Cable runs are Cat6A, installed by a licensed and bonded installer.Wireless APsThe Netgear Wireless Router has a 2.4 GHz (SSID: wifi1) and 5.0 GHz (SSID: wifi2) dual bandI have a couple of dedicated Netgear APs (WPN802v2) running on the 2.4 GHz (SSID: wifi1) band to try to shore up areas where the WiFi signal is weak.Have run iStumbler/Netstumbler to make sure the WiFi networks are running on underutilized channels in the neighborhood.The other two Windows machines on the network, my Mom's and my work laptop will get malware scanned as soon as I can, but they're both off right now. Things done:P2P was my first thought, so I sent an e-mail around to my household users asking for their cooperation in throttling any P2P clients. I also mentioned how the clients are technically against the Comcast TOS and requesting we use more legit technologies like streaming or pure downloading various data. I know this may be a stretch for the housesitter, so I was respectful and not too demanding.Housesitter advised or malware angle and is running anti-malware routines against the primary computer (Windows 7) as well as his VM (Windows XP). He's working on removing the two primary culprits: OpenCandy and Conduit Community Alerts.Looking at logs and settings on my router, uPNP requests every 30 to 45 seconds form housesitter's IP address. Verified several open uPNP connections from housesitter's IP address to router. Packet sniffed with CocoaPacketAnalyzer and managed to confirm that uPNP packets are still getting sent out from housesitter's IP, but captured no other related packets I could identify.Ordered and anticipate new router today, which should boost signal and hopefully also improve stability of 5.0 Ghz WiFi band.Considering turning off uPNP altogether but concerned this will affect some of my WiFi appliances, most of all the household printer.My questions: What am I missing? What more remediation should I consider? What tools should I be using? I recently switched entirely over to OSX Mavericks when most of my free hacking tools were on Windows. Should I really be worried about the effects of turning off uPNP? Should I consider updating the router(s)' firmware to one of the more open stacks to get more insight into the packets flowing in and out? Difficulty level: Keeping this on the up and up and not violating Comcast's Residential User TOS. As always, thanks in advance.

  • Answer:

    MAC address based QoS? Create a throttled/filtered vLAN for his laptop on a separate range to the rest of the household? You also have to worry about upstream traffic here, because there's no telling what a compromised system might be doing when it's pushing packets out: DDOS, botnet, anything.

kalessin at Ask.Metafilter.Com Visit the source

Was this solution helpful to you?

Other answers

In my experience it takes about the same time to attempt cleaning an infected machine or to re-install. The problem with cleaning is that you can never really be certain that there isn't something hiding somewhere. Once done, gift him a lifetime subscription to Malwarebytes. I like this one a lot.

nostrada

Tell the housesitter he's allowed back on the network once he's reinstalled Windows. Seriously, it's not that there are no other ways to remove these things, but if there are multiple infections, it is almost always simpler to just start clean and safer for everybody. But that's assuming it's the malware and not just this person torrenting stuff on your cable. I don't know how not using P2P is "a stretch" for this person--when you're visiting on someone else's network, you're going to be subject to their rules for it, just like if you're housesitting for someone who says no shoes in the house, you don't wear your shoes in the house. I think you're looking for a lot of complicated technological solutions for what sounds more like a guest who is not being very respectful of others in the household.

Sequence

The housesitter has some life issues that make his disposable income (if any) not available and his personal situation is such that I'd rather make as few impositions on him as possible. I'm good with setting boundaries on the household network and its use and I'm good with, as nostrada suggests, buying cheapish things for him, but I want to keep solid boundaries if possible. It's not my goal to make the situation for him any more complicated or costly than it absolutely needs to be. The housesitting and household resources are a prenegotiated situation and one of the things I need to try to do here is be respectful of those preexisting conditions, despite the toll it may take on me and my personal preferences. FWIW I agree with you, Sequence, but now is not the time to get all draconian. So let's focus on the technical questions/solutions and not derail with how complicated I'm making it.

kalessin

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.