Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Oli1
Mentor

‎03-11-2023 11:57

Malicious Traffic

I've had a pop up on my computers which says "A Device Ip address on the network is sending malicious traffic and it could be an attempt to attack my computer". Any suggestions on how to sort this? Unsure where or how this can be happening.

 

When connecting my laptop earlier, it wouldn't connect to anything on the browser. I'm now connected to the extender instead and this works on browsers. Is there something I need to be concerned with here?

0
8 REPLIES 8
RoyB
Legend

‎03-11-2023 15:48 - edited ‎03-11-2023 15:49

@Oli1 

Any payload in the pop-up? Does it want you to go to some web address, or download something?

Is it a legitimate Microsoft message (assuming your computer is Windows, you don’t say)?

As this message may itself be part of an attack.

Losing the ability to go to your browser(s) is also symptomatic of a possible virus attack, stopping you downloading any remedies. Though it would be odd if it let the extender continue to work unscathed. Unless this is Windows misidentifying the booster as an attack vector 😢

So yes, you should be worried, and it’s sensible to take precautions.

If you can, download a copy of Malwarebytes (it’s free for the version without real-time checking), and carry out a full scan. If there’s malware there, even rootkits, it will find them, and let you quarantine them.

Please let us know how you get on.

NB: I presume Now figures in here somewhere? 😛

Set a Payment PIN on your account so that no-one but you can buy memberships on it.
Check your bank accounts monthly for any other unexpected payments to Now.
That way you can at least nip them in the bud, while you and Now figure out whose fault they are.
0
Jayach
Elite 3

‎03-11-2023 18:36

@Oli1 wrote:
When connecting my laptop earlier, it wouldn't connect to anything on the browser. I'm now connected to the extender instead and this works on browsers. Is there something I need to be concerned with here?

I would be very concerned if it happened to me, but I know there is nothing on my LAN that could do that.

Now don't do boosters so what are you using? Have you somehow turned the firewall off in the router?

Did the message give the actual I.P. address of the device?

Was the message just a pop-up in a browser, that could be basically a "scare message" to try to get you to download malware.

As @RoyB says use Malwarebytes to check all devices you can, just to be sure.

0
Oli1
Mentor

‎06-11-2023 9:32

In response to Jayach's comment

@Jayach I downloaded Malware bytes on my personal laptop, didn't find anything of danger. The message only popped up on my work laptop and my partners work laptop and yes it did show an IP but it's a private IP which I didn't recognize. So my work laptop still doesn't work using the main wifi but does on the booster. All other devices work fine on the main wifi. 

Not sure where else I could go from here!

0
RoyB
Legend

‎06-11-2023 17:43

In response to Oli1's comment

@Oli1 

If it’s a private IP, it’s on your network, so see if it is the IP of the Booster.

If it’s a work laptop, something you didn’t say earlier, then I expect they won’t let you load Malwarebytes; but you should at least be able to make a scan with whatever AV your work has installed.

And as it’s a work computer, I presume it is backed by a professional admin team there, who you should notify and have them check your computer out; you won’t be very popular if you are ground zero for an exploit inside their firewall 😱

Set a Payment PIN on your account so that no-one but you can buy memberships on it.
Check your bank accounts monthly for any other unexpected payments to Now.
That way you can at least nip them in the bud, while you and Now figure out whose fault they are.
0
Oli1
Mentor

‎06-11-2023 22:42

In response to RoyB's comment

I've done some more research and it seems as though the IP address is my own home router and after doing a lookup, it seems to be a threat or a risk IP address now. This all seems very strange.

 

0
Jayach
Elite 3

‎07-11-2023 24:16

If it is happening on two work laptops (presumably different companies?) I would definately involve their IT departments, if nothing else, they may be able to explain it.

 

@Oli1 wrote:
So my work laptop still doesn't work using the main wifi but does on the booster. All other devices work fine on the main wifi. 

That doesn't really make sense, it shouldn't make any difference, however we don't know just what this "booster" is.

 

0
RoyB
Legend

‎07-11-2023 9:01

@Oli1 @Jayach 

Fing is unhappy that my router allows WPS. Apparently, this can be an attack vector, and is insufficiently secure.

if you have WPS enabled on your router, try turning it off and see if this stops the alerts.

Set a Payment PIN on your account so that no-one but you can buy memberships on it.
Check your bank accounts monthly for any other unexpected payments to Now.
That way you can at least nip them in the bud, while you and Now figure out whose fault they are.
0
Oli1
Mentor

‎07-11-2023 19:31

In response to RoyB's comment

Interestingly, I've turned the booster off and things seem to have returned to normal. Thank you for that suggestion.