Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Has our router been breached?

Go to solution
Lupin-2
On our wavelength

on ‎09-07-2020 17:06

Hello.  I've just joined the VM Community and would be really grateful for some help.

We have a VM Superhub 2.  A week ago our internet security company informed us that an "unknown device" had connected to our system.  Its IP address is 82.34.144.1 and the name alongside it is Cadant Inc, which is a US modem manufacturer.  When we rang Virgin to ask about this IP, they said it was not one of theirs and were unable to shed any light on the matter.  However, a Google search shows that it is a Virgin Media IP address.  

Further research on the internet shows that Cadant Inc was bought out in ‘01/02 by a company called Arris, and that Arris do work with Virgin Media.  Nevertheless it is very odd that this “unknown device” should suddenly connect to our router or network.  We are anxious to know how and why this could have happened.  And more than anything, we are worried about a possible security breach if our router has been breached.  Is it an indication of malicious activity?

If anyone else has had the same or a similar experience recently, we would be very glad to hear from you.  Or if anyone knows what this could be about and could offer reassurance or guidance on what we should do about it, we would be extremely grateful.

0 Kudos
43 REPLIES 43

Go to solution
用心棒
Very Insightful Person
Very Insightful Person
In response to Lupin-2

on ‎10-07-2020 17:36

No your post has answered the question I had in mind.

In sonar view if you click on 82.34.144.1 what detailed information is shown?

0 Kudos

Go to solution
Lupin-2
On our wavelength
In response to 用心棒

on ‎10-07-2020 19:10

OK, great.  In sonar view, if I click on the IP address, I see:

82.34.144.1 - Cadant Inc - Unknown device - MAC address **:**:**:**:**:**

 

 

 

0 Kudos

Go to solution
用心棒
Very Insightful Person
Very Insightful Person
In response to Lupin-2

‎10-07-2020 19:20 - edited ‎10-07-2020 19:33

Thank you for posting that information and please do not worry about the MAC Address being automatically redacted.

What has me puzzled at the moment is if the device detected at 82.34.144.1 is the same device visible on the internet how has the MAC Address been retrieved for it.

0 Kudos

Go to solution
Lupin-2
On our wavelength
In response to 用心棒

on ‎10-07-2020 19:34

Oh!  I didn't know that would happen.

Shall I spell it out in words?  Is that allowed?

Or is it of no interest?

I'm shutting down for today but thank you for your continued interest in my problem.

0 Kudos

Go to solution
用心棒
Very Insightful Person
Very Insightful Person
In response to Lupin-2

‎12-07-2020 17:15 - edited ‎12-07-2020 17:16

Can you query with ESET why you are seeing 82.34.144.1 as connected to your local network when it is not in the same private IP Address space for your network.

Also if the 82.34.144.1 is shown in the inner segment of the sonar view in ESET can you open a command shell, type arp -a to see if any of the results returned match the MAC Address shown by ESET.

Go to solution
Lupin-2
On our wavelength
In response to 用心棒

on ‎12-07-2020 19:35

Hello again.

Yes, I will query that with ESET tomorrow.  Thank you for the suggestion.

There are three concentric circles in the sonar view and the 82.34.144.1 address is shown in the outermost circle. 

0 Kudos

Go to solution
Anonymous
Not applicable
In response to Lupin-2

on ‎12-07-2020 19:43

most likely a false possitive. no one from the WAN can access your lan just like that. you'd have to have malware or viruses (RATs) to allow anyone in.
As teh IP was a gateway not a customer IP its impossible anyone is accessing your network from that ip

Go to solution
Lupin-2
On our wavelength
In response to Anonymous

on ‎13-07-2020 12:04

Thank you VERY much for your comments.  We still don't know how this could have happened as we did not reboot our router (which I understand can be the cause of an event like this), but it is a huge relief to know that our home system has not been exposed or compromised in any way by this unexpected connection to our network.  Our ESET Internet Security software should be keeping us free of malware and viruses.

Our SuperHub activity summary refers to "power cycling".  I'm not sure if this is something that Virgin Media do from time to time (we're still waiting to hear from VM directly about this incident) but at any rate your answer gives us peace of mind.

Very many thanks again.

0 Kudos

Go to solution
Lupin-2
On our wavelength
In response to 用心棒

on ‎13-07-2020 12:24

Hello again.

I have put your question to ESET but they replied to say "Unfortunately, we wouldn't be able to confirm why this has appeared; this is something that Virgin themselves would need to explain, as we can only identify devices if they appear as connected which this device has".

We are still hoping that someone from Virgin -- ideally a Forum member -- will get back to us to solve this mystery but in the meantime the comments last night from apcyberax have given us a huge amount of relief.

Thank you very much again for your really helpful contributions to this conversation.

0 Kudos

Go to solution
Hetty_R
Community Manager (Retired)
Community Manager (Retired)
In response to Lupin-2

on ‎13-07-2020 17:15

Hi Lupin-2, 

 

Welcome to our community forums! 

 

I can confirm that this is nothing to worry about. 

 

The IP Address 82.34.144.1 is the IP address of the interface the superhub connects to on hari-cmts-17 (the Cable Modem Termination System in Haringey) – also known as the gateway IP for your hub.

 

The CMTS is made by Arris and Cadant is a type of CMTS that Arris makes.

 

Hope that has put your mind at rest. 

 

Many thanks,

 

 

Hetty_R
Top