Here's my problem and my theory. Please tell me if you think I'm way off track and advise. I have Comcast cable internet service using my own Motorola SB5101U modem with a Linksys WRT546 router. My network has always been WPA encrypted with a long and complex security key. I've also changed this key every six months or so. My problem is for about 10 months I've been continuously dropped from the Internet, but VERY intermittently. There is no rhyme or reason as to when my service craps out and for how long it will remain disconnected. It can be 5 minutes or 10 hours. This happens daily at one point or another. I've called Comcast for troubleshooting and they cannot figure out what my problem is and suggested I buy another router. I did that- the Motorola is new and replaces a Webstar modem I had previously. It is NOT a modem issue, a router issue or a configuration issue. Comcast also says their line tests fine and my upstream, downstream and SNR are all "normal". So...
I was informed probably over a year ago that one of the contacts in my Hotmail email account received a "weird" email from me. She asked if I sent it and I saw that an email was sent to all my contacts and it was nothing but a link (surely a virus). Therefore, my hotmail was hijacked. I changed my password for the account and ran avast and MBAM and thought that was done. A few days ago, this same person forwards me a message stating that she continues to get those kinds of messages. I ran a virus check using Avast Free Home v. 6.0.1000 and the latest MBAM and nothing. I also am a member of a site called topix.com and the site requires that you put in our zip code in order to get "local" news stories. I noticed about a year ago that the site had a city in Tennessee listed under my login. I am in ANOTHER state. I thought it was a glitch with their website and just changed it back to my correct zip code. I don't visit that site too often, but I have noticed that probably 3 out of 5 times that I have that it says I'm in Tennessee. I downloaded Secunia the other night and ran a scan. On the dashboard of Secunia it said, "How secure is your PC compared to users from Tennessee, United States?"
I am not in Tennessee!! After I noticed this, my internet service went out from about 9:30pm and still was not working the next morning.
My theory is that someone in Tennessee has jacked my ip address and every time that person is on, my DCHP doesn't recognize some sort of bogus address that this person is temporarily issuing me. When my service goes out, my wireless router and signal strength remains intact. The modem "online" light simply goes out and the send light flashes. Here's a small sample of my modem log.
2011-03-03 17:33:09 3-Critical R005.0 Started Unicast Maintenance Ranging - No Response received - T3 time-out
2011-03-03 16:29:15 6-Notice M571.1 Ethernet link up - ready to pass packets
1970-01-01 00:00:31 3-Critical D003.0 DHCP FAILED - Requested Info not supported.
1970-01-01 00:00:28 3-Critical D001.0 DHCP FAILED - Discover sent, no offer received
Does my theory make sense to anyone?
? I've found really limited resources about this online, but what I've found is that this could be a BGP Inclusion attack. What can I do about it???
Is there any test I can run or software I can buy that can see if I'm right and to eliminate this rogue from my network??
