Bell

BillB2024 · ‎05-04-2024

I have a Bell Gigabit Router.

I noticed some suspicious Activity so I purchased fing software to software to track my connections.

It seems I have an imposter who is able to pose as the gateway and what.

he is able to change the router and service provider at will.. The last was Telus ( perhaps the origin of the attack).

Twonky NMC Queue Handler [mynetwork]

Sagem

Online

4 days ago

Important

Edit device details

Clear from device listView timeline

Network setupDeviceProtocolsSolutions

Network Setup

IP Address	192.168.2.1
MAC Address	:::::
Serial No	N/A
First seen	Apr 30, 10:30 AM
Last change	Apr 30, 11:40 AM

Device

Brand and Model

Brand	Sagem
Model	N/A

Help us to get it right: open our Fing catalogue and select a model.

Edit model

Protocols

UPnP

Name	Twonky NMC Queue Handler [mynetwork]
Make	Lynx Technology
Model	Twonky NMC Queue Handler
Services	X_MS_MediaReceiverRegistrar(1)
Device Types	NMCQueueHandlerDevice(1)

Improve security

Any assistance would be appreciated

Thanks

BellPatricia · ‎05-06-2024

Hey there @BillB2024,

Thanks for taking the time to reach out to the Bell Community 🙂

We just wanted to jump in here and confirm that Twonky NMC Queue Handler is a normal function of the modem and is used for plug and play.

Let the Community know if you have any other questions.

- Patricia

View reply in original post

Vanadiel · ‎05-04-2024

I don't see anything abnormal in that output. Twonkey NMC Queue Handler is part of a media server.

Do you have a media server installed to stream audio/video files?

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.

BillB2024 · ‎05-06-2024

I have no media servers installed. I have isolated the Mac

address to a tuya.com device which I have none of...

Vanadiel · ‎05-06-2024

Wifi or wired?

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.

BellPatricia · ‎05-06-2024

Hey there @BillB2024,

Thanks for taking the time to reach out to the Bell Community 🙂

We just wanted to jump in here and confirm that Twonky NMC Queue Handler is a normal function of the modem and is used for plug and play.

Let the Community know if you have any other questions.

- Patricia

BillB2024 · ‎05-09-2024

Hi Patricia: Thankyou for responding.

I do have a few queries.

1) I was curious as to why it can pose as my default gateway and change my service provider to amazon.ca, Telus or Bell.

2. It also appears as vlan0. should vlan0 even appear as a network device?

and finally 3.

Can i disable this service?

Thanks for your time

Bill

Vanadiel · ‎05-09-2024

As to point #1, I am not sure where you are seeing this? Based on what you posted there's no indication of any service provider changes. In fact, the service provider is Bell and other service providers would not have any ability to make a change to that. Maybe you are talking about IP's you are seeing somewhere? Your default gateway will be the modem's LAN IP, and that matches what you posted as 192.168.2.1.

As to item #2, Not sure where you are seeing that but Vlan 0 is typically reserved for special use.

For item #3 I do not know if you can disable this as I have never seen an interface for it in the homehub.

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.

BillB2024 · ‎05-10-2024

Hi Vandiel: I use a network monitoring package called Fing.. I purchased when I started seeing problems and wanted to monitor the wifi. I suspect that the service provider changes are being made by the hacker's software to share media.

My internal systems are protected with vpn software and my windows system is protected by Norton's 360
.


TYPE

IP ADDRESS

HW ADDRESS

NAME

DETAILS

192.168.2.XX

XX:XX:XX:XX:XX:XX

Samsung Tablet

Samsung • Galaxy Tab A 8.0 (2019)Tablet

192.168.2.XX

XX:XX:XX:XX:XX:XX

Coach Left

Govee • H6008Light

192.168.2.XX

XX:XX:XX:XX:XX:XX

Coach

Govee • H6008Light

192.168.2.XXX

XX:XX:XX:XX:XX:XX

wlan0

TuyaSmart Device

192.168.2.XXX

02:00:00:00:00:00

Samsung Galaxy S21 FE 5G

SagemcomMobile

TYPE

IP ADDRESS

HW ADDRESS

NAME

DETAILS

192.168.2.X

XX:XX:XX:XX:XX:XX

Giga Hub

SagemcomRouter

192.168.2.XX

XX:XX:XX:XX:XX:

Pantera

HP • ENVY 13-aq0xxxLaptop

192.168.2.XX

XX:XX:XX:XX:XX:XX

Samsung TU7000 58 TV

Samsung • UN58TU7000FXZCTelevision

192.168.2.XX

XX:XX:XX:XX:XX:X

FibeTV

Arris • FibeTVStreaming Dongle

192.168.2.XX

XX:XX:XX:XX:XX:XX

My Echo Dot

Amazon • EchoVoice Control

192.168.2.XX

XX:XX:XX:XX:XX:XX

My Fire TV

Amazon • Fire TV 4-Series (2021)Television

192.168.2.XX

XX:XX:XX:XX:XX:XX

Polk React with Alexa

Polk Audio • polk woodbourneSpeaker/Amp

192.168.2.XX

XX:XX:XX:XX:XX:XX

Port

TP-Link • Kasa Smart WiFi Light BulbLight

192.168.2.XX

XX:XX:XX:XX:XX:X

Starboard

TP-Link • Kasa Smart WiFi Light BulbLight

192.168.2.XX

XX:XX:XX:XX:XX:XX

Bill-s-S21-FE

Samsung • Galaxy S21 FE 5GMobile

TYPE

IP ADDRESS

HW ADDRESS

NAME

DETAILS

192.168.2.XX

XX:XX:XX:XX:XX:XX

Samsung Tablet

Samsung • Galaxy Tab A 8.0 (2019)Tablet

192.168.2.XX

XX:XX:XX:XX:XX:XX

Coach Left

Govee • H6008Light

192.168.2.XX

XX:XX:XX:XX:XX:XX

Coach

Govee • H6008Light

192.168.2.XXX

XX:XX:XX:XX:XX:X

wlan0

TuyaSmart Device

192.168.2.1XX

02:00:00:00:00:00

Samsung Galaxy S21 FE 5G

SagemcomMobile

Note the reported mac address of the


Samsung Galaxy S21 FE 5G This is not my phone which is listed above.

As for #3 I believe you connect via http to a specific port to your home router. I could be wrong. ( first time today 😊)

Thanks for your reply

Bill

Vanadiel · ‎05-10-2024

So, the Samsung Galaxy is on your WiFi network on the LAN side, using address 192.168.2.1+10 which I am assuming the last digit being a truncated address and it's likely something like 192.168.2.110.

As for the MAC address, this is an error that sometimes happens when flashing a custom ROM on an Android phone and the MAC address is displayed as 02:00:00:00:00:00.

You might want to check this article

Now if the Samsung Galaxy is not your phone, someone can be logged into your WiFi as they might know your password. It's also possible if you flashed a custom ROM to your phone it reports as a Samsung when it's not.

I still don't see any service provider changes in those logs though.

I suggest to look at the device list directly in the modem, to see exactly what devices and how many are connected to your WiFi. Count them and then compare to the total devices you have connected to WiFi.

Picture #3 in this turotial and click on the "my devices". You will get a list of all currently connected devices.

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.

BillB2024 · ‎05-10-2024

Hi Vanadiel": Thank you for your suggestions. I have read the article that you referenced. I have not flashed the phone but, now have more infomation.

Apparently I broke the rules by identifying my devices online but it is a question of closing the gates after the horses have gone..

Take care,

Bill

Bell

Router Compromised

Popular links