So it is unlikely that the router was the issue, and even if it was, any hope of confirming that is gone.
Now to the present state. I am connected directly to the Comcast Modem, an Arris TG1268T. The modem has wireless, and that is set up to function (I use it for my laptop.) This afternoon I noticed that the 2.5Ghz light is flashing once every 6 seconds. I do not know if that is new or not. But assuming that the bad behavior was caused by bad actors, might I still have nasty stuff installed somewhere? How do I check? If it recurs, what should I do to find out what is happening? There is an SSID and PW label pasted to the modem, said to be unique to this particular box. What does that information allow one to access, and from where? Where does DNS poisoning occur? Since it was just local to my machine (no general complaints noticed), then something local must have been hacked. This could have been either my router or my modem, since my laptop connecting via wireless to the router also had the problem. The modem was reset a few times during my contact with Comcast's technician, so it could have been the modem if reset clears the cache. This whole thing is above my pay grade. Bottom line, if it recurs, what should I do to find out what is happening? Thanks for all the helpful comments. -Denis On Fri, Sep 15, 2017 at 10:38 AM, Russell Senior <russ...@personaltelco.net> wrote: > >>>>> "Denis" == Denis Heidtmann <denis.heidtm...@gmail.com> writes: > > Denis> The router is out of service, not powered. Is there any way to > Denis> diagnose it at this point, or would I have to place it back in > Denis> service and observe a repeat of the problem? Or is the problem > Denis> not in the router at all; just coincidence that it went away when > Denis> I removed the router? Clearly I need some very basic > Denis> understanding of how all these things operate. > > Assuming my wild-assed guess has any merit ... > > The problem probably wasn't in the router, except for some transient > state, which probably would go away with a power cycle. Unless it was > under an ongoing "attack". I don't think the stock firmware preserves > any state, to speak of, over a reboot. > > One thing to do is to determine whether DNS is the problem. You can > ping hosts where you were seeing the problem and see if the IP address(es) > makes sense. If possible, try from a different machine (or have someone > else do that), and see if they agree. > > The certificate issue comes from asking the machine to provide some > proof it is who it claims to be and finding that it can't. My theory is > that it's because it isn't the right machine. It could be that the > service is broken (e.g. the certificate expired, or the server is > misconfigured). However, if you are seeing this at a big name, popular > service, or at more than one unrelated services at the same time, then > the probability of that being innocent seems to go way down. > > > -- > Russell Senior, President > russ...@personaltelco.net > _______________________________________________ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
