U

Monday, October 28th, 2024 5:32 AM

[URGENT] Possible intrusion/malware

Hello. I am writing as my Advanced Network Security has auto disabled itself and it will not re-initiate after I try to wait the ten minutes allotted in the app. I believe I may be under an attack or have serious malware given:

1) Ever since turning on the protection, I would get multiple notifications per week of blocked malware attempts. I didn’t think much of it, though it was unnerving. 

2) Ghost devices or shadow copies of my two devices (Dell Laptop and iPhone XR) have been consistently connecting to the WiFi and I don’t know if these are bugs or not. Sometimes I would connect an Ethernet cable to my laptop/router, and then I would lose internet and a new user would appear to have joined the network. The craziest part is that the Ethernet connection was a connection I had previously paused because it was a different connection than the laptops successful identifier at the time. This kept happening with my phone too but more recently. At the moment of typing this there were around 4-6 entries of different MAC addresses and unknown things that were apparently connected to the account. I just usually pause/forget them, but it really does get confusing sometimes. 

3) The main reason I am emailing - advanced security turned itself off with no input  and after multiple attempts of trying to re-enable it, it will not show up on my app of having re-enabled.

Now, the ONLY reason I can think of this happening is because I had factory reset the router to get back into the admin admin https ip web interface because I forgot the password. So I did that and it worked. 

But now, it prompts new credentials and such for the reset router. And instead of it working normally, I create the new credentials, and log in… only to get kicked off… by the old wifi username identifier. So I’m trying to just get back onto the net and eventually plug my Ethernet cable in as that’s all that was being recognized and did my phone later with the updated username and password. Keep in mind, nobody else uses or has access to this wifi and my password for it is incredibly strong using an iCloud pw generator. I don’t know what’s going on. 

4) Another very odd thing I noticed is that in my desktop wifi configuration, it lists the routers “security” as WPA3 advanced or however it goes. But I know that xfinity doesn’t offer that they only offer WPA2. So I am sitting here wondering if my desktop wifi adapter verification just has zero password behind it… because whenever I’d refresh the password went blank, only until I switched to WPA2 and entered the password I set did it work. 

All in all, just tons of weird stuff going on. I’ve disabled UPnP port sharing on the admin firewall, aswell as changed the pasword to everything. Could you guys have a look into it for me? The advanced security being restored is the most important part. And if you have any advice for things I can do like firewall rules, etc. 

thank you 

[Removed image: "Personal Information"]

Expert

 • 

107.1K Messages

26 days ago

@user_gmci7b First. Is this a XB-_ gateway device ? If so, perhaps your neighbors are inadvertently connecting to your network / gateway device via the MoCA feature that's built into it. MoCA (Multimedia Over Coax Alliance) is an alternate hardwired way to connect devices to a home network if ethernet cabling can not be used/run. It uses the existing coax cable wiring instead of ethernet cabling. 

If the MoCA feature is enabled, and you do not have a PoE (Point of Entry) MoCA filter installed on the coax line, yours, and your neighbor's gateway devices will be able to connect with each other like one big network. 

Disable it if you aren't using it. If you are, install a PoE MoCA filter on the input port of the first splitter off of the street drop to keep the MoCA signal in your premises and to keep the neighbor's signals out. Your neighbors should also have PoE filters installed.

To disable MoCA on your device. First, unplug the coax cable line from the jack on the gateway device. Then go to the gateway login http://10.0.0.1    


Default login info is:
Username: admin (all lowercase)
Password: password


Once in you will find the drop-down on the left of the screen that is labeled “Connections”.

Click the drop down---> click MoCA---> right side of screen click “disable”---> save changes.

Bear in mind that we've seen many posts here that the MoCA feature gets turned back on with their overnight re-boots / updates for the device. The best policy is to be sure to use that PoE filter ! Amazon has them: https://www.amazon.com/SNLP-1GCW-Filter-Eliminate-Multi-Room-Interference/dp/B07SLD9QPH     

Or you may be able to get one for free at your local Comcast / Xfinity store. Or book a tech to come out and install one for you.


If the MoCA feature is not being used on your home network, you can put the PoE filter right at the back of your gateway device instead.

Official Employee

 • 

1.6K Messages

24 days ago

 

user_gmci7b Hello and thank you for reaching out via our Xfinity Community Forums. I see that EG has responded to your post with some great information. Have you had a chance to review it and if so, do you have any questions about the MoCA feature or PoE filter that was suggested? 

 

forum icon

New to the Community?

Start Here