Malware Botnet Activity from Router IP

Follow

gnomesofzurich

September 21, 2020 17:11

I've been using the premium OpenDNS at home for several months. Occasionally I get the less than useful "Malware / Botnet Activity" warning. It's less than useful because it's not time stamped, it doesn't show the file, and the IP address in every case is the range of the modem, not an actual device on the network. I use dynamic IPs generated by a wifi hub hooked up to a gig speed modem. 

To make matters more interesting, when I switch between my two networks (I have two houses) with same setup, I get a new one from the router at the other house. In both bases the IP range is the range of the network, coming from *two different ISPs*, not the range of what's served up on the local 192.168 etc network. I also use different wifi equiptment on each network, google mesh on one eero on the other. 

So three questions for the community

1) Which the Tango Foxtrot is this? Is this just some kind of roving malware coming in from the routers? 

2) Is this a device on the network that is not part of the OpenDNS domain? Wouldn't that just show up with a 192.168 address from my hub? 

3) Is there any way to isolate the actual machine 

Any help appreciated! 

 

R

0

• 

  rotblitz September 22, 2020 09:28

  You are not alone.
  https://support.opendns.com/hc/en-us/community/posts/360073352692-Homepage-alerts-Malware-Botnet-Activity-Detected-Last-14-Days-but-stats-show-no-domains-blocked-due-to-malware-

  0

  Comment actions Permalink
• 

  rotblitz October 01, 2020 08:30

  This seems to be a bug.  I have raised a ticket, and I have been informed that the engineering team is working on it.

  0

  Comment actions Permalink
• 

  rotblitz October 19, 2020 21:26

  Today I got this message from support:
  “Our development team have pushed out a fix for this issue. The malware alert on the homepage was a false positive.”

  0

  Comment actions Permalink

Please sign in to leave a comment.