Internet access blocked repeatedly

It is worrying that the data stream is analyzed by Swissvom.

In your case it may be that you use a VPN solution, for example. To circumvent Geo IP blockades. These free VPN connections are also used to distribute spam via the client side. Which would be the most harmless thing you could imagine 😂

Yes, by blocking the source IP. In this case your Anschluss.

No, this is the normal process. My IDS/IPS also works like this. Who cares about the exact details? Strange occurrence, IP blocking done.

Speaking of Team Viewer. This is also blocked on the networks where I have a security job. The tendency is that many devices have maintenance access. Teamviewer is a brutal solution that can also be used improperly. I rarely experience the moment of wtf Teamviewer not working live. But I imagine it would be funny.

The question I ask myself is, should an ISP analyze data and block SPAM? To date, I do not find this trend to be welcome. One reason why everything should be encrypted these days.

---

@SC-Client wrote:

That leaves Team Viewer, which is installed on the majority of devices, but this highly professional software is beyond any suspicion for me.

---

However, serious security gaps have been identified several times in the past with this “highly professional software” which is “beyond suspicion”.

I would approach the matter with a little more suspicion… if you just trust everything, it will be difficult to find the possible infection vector.

The rest has already been said (and can be found numerous times in identical threads, some of which exist in this forum);

- No, Swisscom cannot tell you which device is affected, because Swisscom only analyzes the data stream between your router and the “headquarters”, but not within your network.

- Swisscom considers it extremely unlikely or even impossible that this could potentially be a “false alarm”. If there is a blocking, then it is justified (according to Swisscom). My personal experience with customers is that you can always find the cause, even if the customer hasn’t found anything themselves. (One or two exceptions confirm the rule. But these were cases in which the customers did not want to invest enough working time, i.e. if we could have continued to search, we would have found something.)

It’s best to explain what methods you used to try to find the infection. Then they can give you a few tips on what else you could try. (Although, as I said, this has all been explained in detail here in identical threads one time or another.)

no, actually not!

Hello @Pliettieffet37

Do you use Android tablets?

Or have you rooted your Android devices?

Do you also have Whatsup or other messengers installed there that are not from the official Playe Store.

Because not every app you install does what it says it does. She may be doing things in the background that you shouldn’t know about.

Do you share your WiFi with your neighbor etc…

Greetings Lorenz

Hello folks

So I’ve had the same problem since autumn 2020. My internet connection kept being blocked. I then took all possible measures. All devices in the network reset to factory settings and reinstalled. Even TV sets or WiFi boxes in the network reset and assign your own passwords instead of the default passwords. Even bought new PCs and put them on the network. And yet my internet connection kept getting blocked. It was also strange that after a lot of back and forth I received a new IP address, but as soon as I hung up the phone with Swisscom support I was already on the Smamhaus blacklist again. It can’t be 2 minutes after the change. I also described Teamviewer above. Use Internet Security from Kaspersky, which also includes VPN protection. And the more they block you, the more such crappy tools you install, even based on advice from Swisscom Supporters, and the worse it gets. They tell you that since February, the latest firmware has been used to mark devices that may contain malware. The next Swisscom fritze then says again that it’s not that far. Everyone says something different. I’m really close to changing all this shit.

---

@vormirdieSinflut wrote:

Hello guys

So I’ve had the same problem since autumn 2020. My internet connection kept being blocked. I then took all possible measures. All devices in the network reset to factory settings and reinstalled. Even TV sets or WiFi boxes in the network reset and assign your own passwords instead of the default passwords. Even bought new PCs and put them on the network. And yet my internet connection kept getting blocked. It was also strange that after a lot of back and forth I received a new IP address, but as soon as I hung up the phone with Swisscom support I was already on the Smamhaus blacklist again. It can’t be 2 minutes after the change. I also described Teamviewer above. Use Internet Security from Kaspersky, which also includes VPN protection. And the more they block you, the more such crappy tools you install, even based on advice from Swisscom Supporters, and the worse it gets. They tell you that since February, the latest firmware has been used to mark devices that may contain malware. The next Swisscom fritze then says again that it’s not that far. Everyone says something different. I’m really close to changing all this shit.

---

Have you already changed the WiFi password? The abuse could also occur outside your network. You won’t be able to get rid of certain malware with a factory reset. I already consider a virus protection from Russia from Kaspersky to be malware. With Windows 10 you no longer need any third-party security software such as virus protection, firewall, anti-malware, etc. Windows Defender is completely sufficient for private users! Save yourself the money and you’ll even gain more security. Since third-party endpoint protection solutions have to embed themselves very deeply in Windows and behave like malware itself, they are very vulnerable and usually full of security gaps. As a private user on Windows 10: Stay away from Avira, McAffee, Kaspersky, Norton and Co.

I recommend that you start with your Windows devices first: Everything that is not Windows 8 or 10 (Windows 7, Vista or XP) is no longer operated! Windows 10 devices always use the Windows 10 Media Creation Tool ([https://www.microsoft.com/de-de/software-download/windows10ISO](https://www.microsoft.com/de-de/software- download/windows10ISO)) from Microsoft from scratch. Delete all partitions and recreate them. And then: Stay away from all tools that you don’t need or think you do. Favorites are the stupid registry cleaners and tuning utilities. Stay away from the brut. You don’t let the mafia clean your house either. The computer should always be kept as clean as possible or as “stock” as possible.

@vormirdieSinflut

I can only agree with @millernet, less is simply more in these questions!

And that applies to both hardware and software.

So first get rid of all the completely unnecessary software helpers and tools, then reduce the devices to the necessary minimum and see for at least a week whether the problem has gone away.

Then put device after device back into operation and check again and again whether the problem occurs again.

If so, you know that the last device put into operation must be the culprit.

Removing the problematic software also includes any connection utilities to VPN providers or corresponding browser extensions.

And when it comes to devices, you shouldn’t see the circle of possible sinner devices too narrowly, because once your Windows PC is installed with Microsoft Native, they actually fall out of the circle of suspects.

Incidentally, IoT devices are particularly vulnerable on the hardware side.

So if you have web cams, weather stations, kitchen appliances or whatever else on your network, the first thing I would do is remove them from your network.

P.S.:

Incidentally, Swisscom will not be able to help you with identifying infected devices in the local network, at least for the next few months.

Yes, I changed all passwords. Do you really mean that I no longer need additional virus protection with Windows 10? Isn’t that a bit negligent? What additional virus protection do you use?

The more they blocked me and I relied on the different opinions of Swisscom employees, the more shitty tools I installed. That was probably the mistake. I had this VPN monitoring from Kaspersky as well as CCleaner. I’ve now uninstalled it. I have a NAS from Synology and I also had it checked by an IT company. The surveillance cameras were also completely reset. Hard reset.

@vormirdieSinflut

Microsoft Defender is no worse or better virus scanner than any other. It serves the purpose, and does it just as well as any other. It is important that you keep Windows 10 up to date, and even more important, or actually the best virus protection is not installed on the PC, but sits in front of the PC. A healthy distrust and thinking twice about “do I really have to click on it now” is important!

As you describe your long-standing problem, uninstalling software probably won’t be of much use, because malware usually can’t simply be uninstalled at the push of a button once it’s on it. And I think neither uninstalling Kaspersky nor CCleaner will solve your problem.

How did they say before? format c:?

@millernet and @Werner have written to you about how to proceed with such problems.

Changing your password is certainly the first step and is also the right thing to do. But what if the PC on which you change the password in Kundencenter is already infected and intercepts and passes on this password change?

This usually provides 99% protection:

https://www.brain.yubb.de

Windows Defender is responsible for the remaining percent…

I was banned allegedly due to malware on one of my devices. Probably Mirai. But not 100% sure either. I was registered in the blacklist with Spamhaus and SORB. Although the SORBS entries were from 2009. When Swisscom gave me a new IP the week before last, there was another entry from Spamhaus in it just 2 minutes after changing the new IP. I suspect that I took that over from the predecessor.
Basically, I really don’t click on any links that I don’t know. They are all work tools. I even got into the habit of looking at the emails on my iPhone to see whether they are spam or other unwanted emails and then deleting them. So they don’t even come to my PC. I generally don’t try to connect my iPhone to the network.
As mentioned, after the information that a device in my network was infected with Mirai, it was reset and reinstalled. Only when I was blocked again did I reset and reinstall TVs and presenters that had a default password. All in all, around 1500.00 was transferred to the IT company and it took around a week to set everything up again. Does anyone know of a tool that monitors the network, which devices are sending what and how much? I can view network activity in Kaspersky. However, I don’t see any irregularities. I also switched off V6IP in the Swisscom Internetbox and set the firewall settings to strict.
My Latin has now come to an end. I think I’ve done everything possible. In addition, these Swisscom employees tell me something different every time. And with some Swisscom employees you can tell that they are in the home office and, in addition to giving advice, are still stirring things up instead of trying to provide help.

@SC-Client

It caught me once too. At that time I received an email that explained exactly what the problem was and how to fix it.

Is that no longer the case today?