Sponsored Links

Archer AX73 Strange issue.

Ok there's no way Vodafone support can say something like your network is compromised let alone know what a ddos is lmao. These people can't even give out login details properly.

On the very off chance that is what happened... disconnect every device that could likely be compromsied. That is likely a laptop or desktop. Install malwarebytes (free version is fine) and let it scan (include rootkits in the settings just incase): https://www.malwarebytes.com/

If that doesn't find anything you are probably fine.

About changing the router and getting different speeds, it's likely that you just reset the session by doing this and it put you on a different gateway that wasn't as congested. Vodafone is notorious for that.
 
I
Ok there's no way Vodafone support can say something like your network is compromised let alone know what a ddos is lmao. These people can't even give out login details properly.

On the very off chance that is what happened... disconnect every device that could likely be compromsied. That is likely a laptop or desktop. Install malwarebytes (free version is fine) and let it scan (include rootkits in the settings just incase): https://www.malwarebytes.com/

If that doesn't find anything you are probably fine.

About changing the router and getting different speeds, it's likely that you just reset the session by doing this and it put you on a different gateway that wasn't as congested. Vodafone is notorious for that.
Whilst I would agree in most cases this is way to involved to be a simple phishing email as it has;
  1. My Full Name
  2. My broadband login details
  3. My Broadband Account Number
  4. IP Address and Phone number
  5. Timestamps of some of instances on traffic logs.
  6. Statement of a device believed to being part of a coordinated DDoS Botnet.
  7. Stating usual suspects are Swann or Hikvision DVR's (We have a Swann CCTV)
  8. Genuine links to NCSC, BotNet & Mirai wiki (I didn't click on these I checked the link as simple text first.)
Don't get me wrong I'm usually pretty sceptical of anything sent to me out of the blue and pretty good at picking up on the fake stuff but it would make sense given the past two weeks. The only thing I find odd is live chat or Phone support cannot confirm it.

Also, to clarify it didn't come from Vodafone support, it has come form ipabuse@vodafone.co.uk signed off by Cyber Defence Abuse Team, UK, Vodafone.

Confirmed with Vodafone phishing that it is real. Oh Joy.
 
Last edited:
Sponsored Links
Given the information presented, I would unplug the suspected device and either use an older router temporarily, or buy a new router from a reputable brand.

TP-Link is not my favourite brand, although other forum users are very happy with their products.
 
Confirmed it is genuine with their phishing address anyway.

DVR's been disconnected and Vodafone is going monitor on their end as everything else on the network is still modern and routinely updated.

Hopefully that is root cause of the issue from the 25th of March.

@mikeliuk Yeah I've heard a lot of peoples dislike of TP-Link, I was going to go down the pfSense route as a little project originally but this router just happened to fit the criteria I was after at the time for the price I was willing to pay. It has been rock solid until this point but I'll be unlikely to get another from them to be honest just from the questionable UI decisions.
 
I didn't read sufficiently carefully that a Swann CCTV device or DVR could be the compromised device so the TP-Link could be entirely innocent.

I would agree that a Swann device could be a more likely candidate as presumably they are more difficult to secure than a consumer router which simply needs to block all unsolicited incoming connections.

I would be additionally tempted to contact Swann or the DVR manufacturer to get their boilerplate statement on whether their devices are compromised to form a botnet, how to confirm/check this, and what the recommended further steps are (e.g. clean or product-recall).
 
The Archer AX73 is a lovely device until you check what TP-Link have used as the base system, Openwrt Attitude Adjustment 12.09 from 2013.

DISTRIB_ID="OpenWrt"
DISTRIB_RELEASE="Attitude Adjustment"
DISTRIB_REVISION="unknown"
DISTRIB_CODENAME="attitude_adjustment"
DISTRIB_TARGET="model_brcm_bcm490x/generic"
DISTRIB_DESCRIPTION="OpenWrt Attitude Adjustment 12.09-rc1"

Software from 11 years ago is not fit to be included in a modern day router and I would exercise your right to return for a better router.
 
Sponsored Links
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6027)
  2. BT (3639)
  3. Politics (2721)
  4. Business (2440)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2146)
  8. FTTC (2083)
  9. Statistics (1901)
  10. 4G (1816)
  11. Virgin Media (1764)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1407)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules