@vormirdieSinflut wrote:
[…] - 3 DCS-2670L cams for monitoring the environment, some connected via WiFi […]
THAT would be my main suspects…
Followed by the Bose boxes and the Smart TVs.
Have you tried turning it off and on again?
Power MAC
Yes, I was already advised about such sniffers by Swisscom. I also reported this to the IT company. But they wanted to put an expensive device in front of the Swisscom router and charge an annual fee of around 600.00 from 3 years onwards. I’m a micro-business and can’t afford that. What kind of one-man business requires such a huge amount of effort? I think I’m the exception. I also have the Office solution Buissines 365 and no student license.
DCS cam and Bose boxes were reinstalled with hard reset and the latest firmware.
All WiFi passwords reset.
As Swisscom told me before the last blocking, there will be new firmware on the Swisscom Internet boxes from February onwards, where the infected devices will be marked with a red beetle in the network technology. When asked, my Internet box was on the latest firmware version. During the last blocking, however, another employee told me again that my Internetbox 3 was not yet equipped with this firmware. You can see how I as a customer have to deal with these statements from Swisscom.
I will now wait until I am blocked again. Maybe they’ll install the latest firmware on my Internetbox 3.
If not, I’ll switch to another provider with all subscriptions. Of course, with prior assurance about what the new provider will do with such a situation.
@vormirdieSinflut Forget the internet box and the red beetle function for a moment. This can also be done differently:
Unplug the WiFi cameras, smart TVs and Bose boxes.
Then work with your computers for some time and see if the lock comes back (probably not). According to your description, this should be clear after just a few minutes.
Then reconnect the smart TVs to the network and continue watching for some time.
Then the Bose speakers, and watch again.
Finally, put the WiFi cameras into operation. If the ban comes again, my suspicions would have been confirmed.
Have you tried turning it off and on again?
And what do you mean by some time?
1 day, 2 days or over weeks?
Can I do more than reset these devices? I actually don’t want to buy new ones.
Your tip with a switch with port mirroring, a packet sniffer, can you tell me a reputable device or tool. There are so many on the internet that I don’t dare install. Of course I won’t do it myself anyway, but I’ll make it a suggestion to the IT department.
I could still understand why it hit the smart TV because they had a default password. Like probably 99% in this world. But the cam works over WiFi with the WPA2 settings and I also reset all the passwords there. I will follow your advice and take the cams off the network for now.
The reference to IoT devices such as web cams is quite clear, so just throw them off the internet for 1-2 weeks and when the problem goes away, the case is clear.
You probably also have UPnP activated on your router, with which every client in your network can easily activate additional ports on the Internet box.
In your situation, I would immediately uncheck the UPnP box.
We can keep puzzling about offshore here for a long time, but like my colleagues, I would bet on the cameras first as a lottery tip.
The Windows 10 PCs are extremely unlikely to be the villains.
You should simply believe us that you should not expect any help from the Internetbox firmware in this topic for malware detection in the local network, at least in the next few months, regardless of what support has suggested to you.
Hobby-Nerd ohne wirtschaftliche Abhängigkeiten zur Swisscom
How long did it take between unblocking your connection and blocking it again? As you described, it was clear in just a few minutes. In that case I would wait an hour and then put the next device into operation.
Your tip with a switch with port mirroring, a packet sniffer, can you tell me a reputable device or tool. There are so many on the internet that I don’t dare install. Of course I won’t do it myself anyway, but I’ll make it a suggestion to the IT department. […]
Well, my “ingredients list” was: switch with port mirroring, packet sniffer and - most important of all - a good dose of specialist knowledge. And since the IT company you hired doesn’t seem to have the latter, a switch and packet sniffer won’t help either.
A professional doesn’t have to buy a switch and install a packet sniffer because he already has such equipment.
But now at least take the webcams off the internet and see if that solves the problem.
Have you tried turning it off and on again?
UPnP on the router allows all clients, including your cameras, to open any ports on the router without your explicit consent so that they can be accessed from the Internet.
I would actually recommend that everyone deactivate this purely convenience function, but of course especially in your situation.
Hobby-Nerd ohne wirtschaftliche Abhängigkeiten zur Swisscom
Yes, now I have deactivated that. That’s actually the purpose of the CAM, that you can access the cams via DS cam from your iPhone while on vacation to see whether everything is going well. But as I said, I’ve now taken it off the network and if that’s the problem, you should actually hold the manufacturer of these cams responsible.
I forgot to list the printer. This automatically reports the meter reading to the Sharp company because I have a service contract. There’s probably a port like that open there too. 😞
I hope that because of the lively chat here I won’t be labeled as spam or something else and blocked again. So now I wish everyone involved a good night. Thanks everyone for now. I’ll report back what’s going on
Here is a link from another affected person who experienced the same thing as me.
[https://community.swisscom.ch/t5/Archiv-Internet/Swisscom-Internet-because-abuse-gesperrt/td-p/531817/page/2](https://community.swisscom.ch/t5/ Archive-Internet/Swisscom-Internet-blocked-due-to-abuse/td-p/531817/page/2)
Some of the same people responded here in this post. Strange that a similar case is not remembered.
@vormirdieSinflut How do you conclude that we wouldn’t have remembered this thread?
Well, in other forums you would probably have received an indignant “Please use the search function first!” in your first post. thrown towards…
Have you tried turning it off and on again?
Unfortunately, the search function in the community is not as good as Google. I mostly use Google myself and can find existing and solved problems in the community very quickly and easily.
You can’t compare Google’s calculators with the community search program and it will certainly take longer to find an optimal search function.
Installationen, Netzwerk, Internet, Computertechnik, OS Windows, Apple und Linux.
2 months later
Hello
This could be my exact story! I’m currently experiencing exactly the same thing and, to be honest, I’m slowly turning in the red area!!! All PCs on the internet (3) were cleaned with anti-malware, the latest virus scanners and the latest MS Office packages.
Yesterday I got a new IP address and 5 minutes later it was blacklisted again on “Spamhaus”!? I call support once a week and they provide friendly help, but as I said, the whole thing only lasts 1 - 2 days! Now I can no longer send emails! What can I do? Do I actually have to change provider - I used to be very happy with Swisscom…
@DonPedro66 Every IP of Swisscom private connections is listed on Spamhaus as Dialup-Anschluss. Absolutely correct and to be expected. By the way, it’s exactly the same for all other providers, at least as far as private customer connections are concerned. And this has no negative impact on sending emails at all, as long as you do this (as has been the case for years) with the settings provided by the mail provider (outgoing port usually 465 or 587).
Since you have already cleaned several PCs and this has not helped, it would be good to know what more detailed information you have received from Swisscom regarding your problem. As you can see from this thread, it is often network-enabled devices such as webcams, weather stations and the like that trigger the (justified) ban. If you give us more information, we can help you better.
Have you tried turning it off and on again?
Hello @DonPedro66
Any other ISP has to block you if abuse is detected on their Anschluss.
Here are a few thoughts on what else can block the Anschluss:
Do you perhaps use a Smart TV that is connected to the Internet?
Do you have a “free VPN program” installed? e.g. Halo would be a candidate
Do you have Wathsup installed on a Taplet? (If it doesn’t work officially, then it would be from an illegal installation source.)
Have you perhaps shared your Internet Anschluss with a neighbor?
Or your neighbor was visiting you and you gave him the WiFi key.
Do you have children, what do you what they do on your Anschluss.
Greetings Lorenz
Hello guys, I had the same problem from October 2020 to May 2021 that Swisscom kept blocking me, supposedly because of the Mirai virus. This was reported by Melani. I then spent around 4,000.00 on time and having all the devices reinstalled by an IT company. But nothing helped.
I then asked Melani directly for details. They were able to tell me which device was the culprit. It was DLink’s surveillance cameras. A message to DLink then triggered that I received a beta version of the firmware. I also turned off IPV6 on the router and set the firewall settings in the Swisscombox to strict. I also demanded that Swisscom install the always promised beta version of the firmware.
I also changed all of the default passwords for the smart TV devices. Unfortunately, I had absolutely no support from Swisscom and I had to do all the research and apply pressure myself. In the end I received 600.00 in compensation because of the activities. Actually ridiculous when you consider the busyness I had and Swisscom actually instructed me to reset the devices, even though that wasn’t the issue at all. But rather in the settings of the router and the firmware of the DLink cameras. The alleged error messages apparently fit the pattern of the Mirai virus because I was always blocked.
It is not acceptable that Swisscom does not offer more support or provide more concrete information.
I hope I could help you with that.
What does all this have to do with the firmware of the Internet box?
The Anschluss is blocked if the network (not the router) detects that the Anschluss is compromised. So far, Swisscom has not been able to say which device was responsible. You are also responsible for the clients you have at home.
The default firewall setting on the Internet boxes is now “Strict” in order to increase protection, but this can also lead to other problems for the customer. In addition, since FW 11.03.xx there is a new function that can identify devices with suspicious behavior. But not with 100% security and this function will definitely get better and better in the future.
The problem is that many “SmartHome” devices sold in stores are simple “dirty devices”. The manufacturers are only interested in sales and the issue of safety (especially in the long term) only plays a subordinate role. Also applies to premium manufacturers. That’s why Swisscom is investing in the topic of “detection” so that not all customers, like you, have to search for so long and helplessly.
If a device is now recognized by the Internet-Box as suspicious, it will be marked with a red beetle symbol in the Internet-Box menu. Then. Do you already have an idea where to look?