Can The Program Access Router Settings

GlassWire Help
1

Hi,

The past two days or so the person who controls the internet in my household has being saying that my pc has being logging into our router settings, or at least trying to access them.

Is there any chance that GlassWire can trigger this? I’ve went through my entire device (Desktop) trying to find something that could be doing this, So far i’ve had no luck.

Any help is much appreciated.

2

An correctly installed of version of GlassWire shouldn’t access your router login page.

FYI, if your router is like most consumer routers then the router settings login page is probably the default for the router. So if I type the URL “192.168.1.1” into my web browser then it takes me to the login page for my router.

The person who told you there is a problem should be able to provide you with evidence of such behavior e.g. a printout of the router log entry/entries. I’ve seen many people misinterpret router logs and alerts so it pays to check the evidence of the problem before you start a potentially fruitless search on your desktop:

  • Date and time e.g. if your computer was turned off at that time then it can’t have done it.
  • IP address, device name, MAC address - these should match your computer, but even if they do, it is possible for IP addresses to be reassigned by DHCP. Also, other devices can spoof (impersonate) your desktop - although this is probably unlikely.

Anyway, assuming the router logs identify your desktop as attempting acces then you can use GlassWire to investigate further.

The following info should help you to investigate even if you don’t have other info about the router. It gets more technical towards the end but there is a lot of help and tutorials available on the Web.

1. Use GlassWire to determine which network device is your router

I used GlassWire’s Things view to display the IP addresses of devices that are visible on my network. The device 192.168.1.1 is my router and I’ve labelled it as the “Vodafone Hub”:

image
image955×343 21.8 KB

Then I can see the DNS name of that same device by selecting to display DNS names in the Things view.

image
image922×222 11.8 KB

Note that, as in this case, the name may be incorrect because of a GlassWire bug (@Ken_GlassWire, this is not my router name but the name of a website I use). But that is the host name that GlassWire will be using in its other views - you can see that in the screenshot above.

2. Use GlassWire’s usage tab to see if anything is accessing that host name or IP address.

I usually view the list by Traffic type because that makes it easier to see legitimate connections to the router, as in this screenshot showing my desktop is assigned an IP address on the network by the router.

image
image1207×738 39.7 KB
.

The longest list of hosts is usually in the “Hypertext Transfer Protocol (HTTP)” traffic type so I leave that for last.

3. Check Windows network connection settings

Here’s a Windows 10 screenshot where I can see the router IP address and the desktop IP address:

image
image1120×634 37.6 KB

Here’s a further Windows 10 example where I go to DNS settings:

image
image1118×662 49.1 KB

4. You can double check what you find by using Windows command-line features

4.1 The IPCONFIG comand to display info about your network such as

My computer address:

IPv4 Address. . . . . . . . . . . : 192.168.1.210(Preferred)

IPv6 Address. . . . . . . . . . . : 2407:7000:9ba8:5f00:c4b7:2d0:26d7:1605(Preferred)

My router address:

Default Gateway . . . . . . . . . : fe80::a691:b1ff:fede:47bc%9
                                       192.168.1.1

DNS servers which could, but don’t, include my router:

DNS Servers . . . . . . . . . . . : 2407:7000:9ba8:5f00:a691:b1ff:fede:47bc
                                       23.216.52.39
                                       23.216.53.39
                                       2407:7000:9ba8:5f00:a691:b1ff:fede:47bc

Here’s a full example:

PS C:\WINDOWS\system32> ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : MA08
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hub

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : hub
   Description . . . . . . . . . . . : Killer E2200 Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : EC-F4-BB-6E-81-1F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2407:7000:9ba8:5f00:c4b7:2d0:26d7:1605(Preferred)
   Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:837:856b:fe39:fb0e(Preferred)
   Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:3920:2e32:fd5b:b7ba(Deprecated)
   Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:5058:2cb3:2359:e86a(Deprecated)
   Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:912e:5d51:a84d:af45(Deprecated)
   Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:915a:7de4:866a:9e12(Deprecated)
   Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:9ddf:858c:c2e6:fd98(Deprecated)
   Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:e18a:5dbb:1dc2:4982(Deprecated)
   Link-local IPv6 Address . . . . . : fe80::c4b7:2d0:26d7:1605%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.210(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, 17 August 2020 7:23:24 AM
   Lease Expires . . . . . . . . . . : Friday, 28 August 2020 9:39:50 AM
   Default Gateway . . . . . . . . . : fe80::a691:b1ff:fede:47bc%9
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 166524091
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-E8-DC-4E-EC-F4-BB-6E-81-1F
   DNS Servers . . . . . . . . . . . : 2407:7000:9ba8:5f00:a691:b1ff:fede:47bc
                                       23.216.52.39
                                       23.216.53.39
                                       2407:7000:9ba8:5f00:a691:b1ff:fede:47bc
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       hub
                                       hub

4.2 The NSLOOKUP command to convert a DNS name to a list of IP addresses

Using NSLOOKUP, I confirmed the GlassWire bug that incorrectly assigns the devicename live.geekzone.co.nz to my computer (192.168.1.210), @Ken_GlassWire .

PS C:\WINDOWS\system32> nslookup live.geekzone.co.nz
Server:  UnKnown
Address:  2407:7000:9ba8:5f00:a691:b1ff:fede:47bc

Non-authoritative answer:
Name:    live.geekzone.co.nz
Addresses:  2606:4700:20::ac43:474e
          2606:4700:20::681a:8fb
          2606:4700:20::681a:9fb
          104.26.8.251
          172.67.71.78
          104.26.9.251
3

@Aaron

GlassWire has no ability to interface with routers and with over 20 million installs I have never seen anyone report this issue. It should be technically impossible.