3rd Party Router Detected: U-Verse Router/Modem ATT 5031NV-030

Discussion in 'privacy problems' started by bilo, Feb 16, 2016.

  1. bilo

    bilo Registered Member

    Sep 18, 2009
    I was using the net like normal last night when I suddenly had connectivity issues, and my browser was redirected to a page warning me that a "Router Behind Router" was detected; a third-party router was suddenly detected. No one in the house made any hardware changes or added any new devices, and there were no other internet issues.

    All devices were affected. We have two desktop PCs (I was on one), a couple phones, a couple tablets, a Roku, and wireless Epson printer connected like always. I dug through the router and found no evidence of a rogue device within the connected and recently connected clients list (wired or wireless) but this left our net mostly crippled since 4 AM last night (for some reason Google and gmail would occasionally work {not cached, actual live operation}).

    I have an app on my phone that's usually pretty good at detecting Ettercap type MITM attacks when I tested it and didn't make a peep during this, so does this sound like a definite sign of some sort of honeypot situation?

    I came home today and found that a family member followed the prompts and (most likely) clicked "disable" (in the option below) which has me concerned that a rogue device has now been given permission to re-route all of our traffic. This allowed their internet to work, albeit a bit glitchy. I looked around the settings again and it appears that they had clicked "disable" which unintuitively actually ALLOWS the mystery 3rd party router, but the checkbox in the settings that detects 3rd party routers and redirects you to a local warning page within the router, was now unchecked. (They changed their story and think they clicked "resolve" now, so I don't even know which they clicked. I told them to not touch it til I came home initially.) The problem with that is one option simply stops the redirect to the warning page by ignoring (what it thinks is) the third party router, and the other option opens up the first computer at the top of the list in full DMZ Mode. (What the hell?!)

    What is going on? Why wouldn't this device be exposed in the device list in the router? How screwed are we? U-Verse is new to me, and I mostly hate it. I hate the router they assigned us, and am not used to not having full control over a simple standalone DSL modem with a separate router.
    I lost the battle when we switched services, so here I am.

    This is pretty bad, right? What do I do here? Simply factory reset the router and change pws and all that jazz? Firmware update? Will it even matter at this point?

    Now my public IP address is being read from all websites as well as local scan like a giant mac address?!?
    Service: Basic AT&T U-Verse Internet (6-10 mbps-ish) and 1 Voip line (no TV)

    - 2 wired PCs*
    - 3 wireless mobile
    - 1 Roku operating wirelessly (but on that note, the Roku also shows up as it's own access point for some reason, though it always did in the year they've had it).
    - Router/Modem Combo (ATT 5031NV-030)*

    *Running on powerline adapters, unfortunately. Not my choice, she said the installer insisted.


    Some of the router log from near the time this began
    Last edited: Feb 17, 2016
  2. mirimir

    mirimir Registered Member

    Oct 1, 2011
    Just add your own router/firewall, and lock it down thoroughly. Your ISP does whatever it wants on the other side. As long as you have network connectivity, you're OK. If you see evidence of traffic filtering and shaping, run a VPN client in your router/firewall. Test UDP-mode vs TCP-mode on various ports that the VPN provider uses, and different VPN servers. You may need to obfuscate the VPN connection. Several VPN providers offer SSH and SSL (stunnel) options. A few offer obfsproxy (developed by Tor Project) and may be upgrading to newer plugins that obfuscate better.
  3. Palancar

    Palancar Registered Member

    Oct 26, 2011
    Mirimir, started down the correct path for you if OWNERSHIP and use of your own hardware is permissible with your ISP. If that is "in the cards for you" do yourself a favor and select a router where you can flash ddwrt to it. You don't need to use a vpn to use ddwrt. ddwrt is a linux based software flash that will give you control and features making your router seem like a 500 dollar unit even though it may cost < 200.

    If you are stuck with the ISP hardware an option may be to place another router behind theirs and it could be on a separate LAN if you configure it that way. I see you have < 10 posts so I am not trying to confuse you, just help. I can think of a multitude of ways to handle what you are facing.

    One question on my mind and may not even be a factor for you: do you really need to super secure YOUR computer but don't really have strong concerns about the "family machines"?