Wireless lan compromised?

[machinelou]

I think that my wireless lan has been compromised. I have a dlink DIR-655 running WPA-personal encryption. Lately, I've been having problems connecting to the internet from within my lan. I noticed that soon after my machines connect to the wireless network the default gateway, dhcp server, and dns servers change from the router's ip (192.168.1.1) or some other machine (192.168.1.188). Furthermore, this was happening to all of my machines that used dhcp (2 pc laptops and 2 os x machines). WTF? When I try manually setting those settings back to 192.168.1.1 and viola, my internet works again. Next, I check to see if any of my machine have the MAC address associated with that weird ip. No. The mac address (00:14:bf:0f:dc:2b) isn't coming from any of my machines.

So, I ban that mac address from the router's wireless client list. The router logs show 80+ connection attempts from that mac address. Next, I changed my SSID and the WPA password.

Was I hacked? Why were the dhcp settings being changed to 192.168.1.188? The other thing I considered was that my router firmware was just really messed up. However, the problems persisted after upgrading the firmware. Since changing the SSID, WPA password, and banning the weird mac address my network problems have disappeared. But, why would a hacker change the dhcp settings?

[d2_racing]

Hi, maybe you should do a hard reset of you router.

There a little red bottom behind the front panel of the router.

[machinelou]

I didn't try that but, I did reboot the router, upgrade the firmware, and pull the power plug to no avail.

[Hu]

By controlling DHCP, the attacker can set your default gateway. By changing your default gateway, he can cause you to send all traffic to him. If you send all traffic to him, he can monitor all your traffic. You should consider everything you did online during that time to have been read by a presumably malicious third party.

[dmpogo]

And that MAC address is not by chance your router MAC address ?