your default gateway is your router. so type
look for an entry with the flag UG. The flags mean the interface is up and it is your gateway.
[EDIT]
if it was installed by your isp, i would port scan it to see what ports they have open.
nmap urgatewayip
to sniff the traffic on the link place a
hub on the inside network of the router and hook up a linux box with ethereal, place your nic in promiscious mode. This should scan all traffic on the link without any interruption. Ethereal will give you source and desitnation address, which will allow you to find out where your attack is comming from, what type of attack.