Author Topic: Virus in the Gateway?  (Read 3399 times)

wmcole

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
Virus in the Gateway?
« on: June 20, 2012, 02:04:52 AM »
Gateway Version 1.0.483
Daughterboard Version 1.0.48
Footprints Version 1.0.262
MTU Version 1.0.6

Here is a puzzling problem that just started shortly after the update to the firmware and Footprints versions listed above.

I noticed that the gateway and Internet connection lights on my router were pulsing almost in unison at about 2 Hz, even with all other router-connected devices powered down.  I thought it might be because the weather portion of footprints finally started working.  So I went back into the settings and set the zip code back to 00000.  After a few "re-writes" of the settings to the gateway, and disconnecting the cable from the gateway to the router overnight, this pinging of the Internet stopped.

After several weeks it started again even though the weather panel was still disabled, and now I can't stop it.  Is it possible that a virus / bot infected the gateway firmware?  I can see no other explanation for this constant pinging of the Internet.  When my primary workstation is on (hardwired to the router) the gateway seems to be hitting both the internet and the workstation at 2Hz.  Turn on the networked laser printer, and the gateway adds that to the ports it keeps hitting.  This is regardless of whether or not I am accessing Footprints with a browser, or a browser is even active.  I do NOT have anything set up to post my energy use to an online location (at least that I know of) and the only way that I now can stop this constant pinging is to disconnect the cable from the gateway to the router.

Is this a virus or a bug in Footprints / firmware?  There is no reason for it to be accessing all the ports it can find on the router including the internet.

Support7

  • Administrator
  • Sr. Member
  • *****
  • Posts: 470
  • Karma: +1/-0
Re: Virus in the Gateway?
« Reply #1 on: June 20, 2012, 05:59:13 PM »
Thank you for your question, wmcole,

TED5Kís canít get viruses. You may need to reset to factory defaults and/or reload your firmware. Additionally there are more current firmware revisions available both stickied on the forums and posted on our website.

I hope this answers your question. Have a great day!

Ted Support

RussellH

  • Sr. Member
  • ****
  • Posts: 356
  • Karma: +0/-0
Re: Virus in the Gateway?
« Reply #2 on: June 20, 2012, 09:23:03 PM »
If you're curious, you can install a network sniffer like Wireshark and see what's happening.  My guess is that it's doing a broadcast (which would trigger the lights on all the ports).  I'm sure all devices would broadcast their name on a regular basis, but twice a second is a little much.

wmcole

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
Re: Virus in the Gateway?
« Reply #3 on: June 21, 2012, 01:01:27 AM »
I installed the latest firmware and footprints.  This seems to have solved the problem - most notably the "pinging" stop when the "Reset to Factory Defaults" step from the installation instructions was executed.

tonyg

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
Re: Virus in the Gateway?
« Reply #4 on: August 02, 2012, 10:54:15 PM »
TED5000 sends an ARP "storm", ~100 times per second, on at least one firmware version (the one I'm on -- I don't have the specifics at the moment, I'll post it in my other thread soon).

ARPs are indeed broadcasts and would cause activity on all ports for that VLAN, though ARPs should not traverse to the WAN side of your router.

ARP should be cached and certainly not retried many times a second, but the overhead is low (~7KBps, and a ~100 packets per second), so the only thing that could see a performance impact from this would be TED itself.
« Last Edit: August 02, 2012, 10:57:01 PM by tonyg »