Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: My Home Net Comprimised???

  1. #11
    Member elazar's Avatar
    Join Date
    Sep 2007
    Posts
    217

    Default

    I have TimeWarner cable and they do a similar thing. Take a look at the 1st hop. My network is 10.200.0.0/16 and I have a PIX which doesn't show itself as a hop.
    Code:
    Tracing route to x.x.x.x
    over a maximum of 30 hops:
    
      1    10 ms     6 ms     7 ms  10.44.96.1
      2     7 ms    10 ms     6 ms  24.x.x.21
      3     9 ms    10 ms     8 ms  24.x.x.205
      4     6 ms     9 ms     9 ms  24.x.x.62
      5     7 ms     7 ms    10 ms 24.x.x.209
      6     8 ms     9 ms     6 ms  24.x.x.57
    Most cable modems have a management interface on the inside and outside, depending on the cable modem model, its probably 192.168.100.1 on the inside and whatever your ISP assigns it on the outside. That connection is probably from a management device of some sort.

    See
    http://www.cablemodemhelp.com/rca_advisory.htm
    which sort of explains it.

    E

  2. #12
    Member PeppersGhost's Avatar
    Join Date
    Jan 2008
    Posts
    204

    Default

    Outstanding topic. I will mention that 10.x is typically used for private corprate address's. Were as 192.x is mainly for citizen x. Although, its private so one could use any damn # you wanted. Lets stick with the standard. Now on to topic, yes most likely bootstrap. One way to find out for sure. Get you're self a cable card and go to work with WireShark. Quietly filter. This works very well I've heard. Cable techs use WireShark alot I've heard. If Im out of line let me know, but I dont think this is illegal. You have to read the 55 page TOS. Oddly enough most traffic goes through ATT one way or another.
    <EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>

  3. #13
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Well, my modem has a 10.x.x.x ip so i don't think it would be strange if my computer connected
    to that. Also it might just be your ISP saying hello to you through your modem hehe =D

    The most odd ip that i've heard of recently that hacks people is: 1.1.1.1 ... Yes i know it sounds
    odd, but it's an ip which apparently does SQL Injection, RFI and also hacks private computers???
    When i heard and read about it today, i thought like, no way! No one has 1.1.1.1, well it's not registered...
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  4. #14
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by MaXe Legend View Post
    Well, my modem has a 10.x.x.x ip so i don't think it would be strange if my computer connected
    to that. Also it might just be your ISP saying hello to you through your modem hehe =D

    The most odd ip that i've heard of recently that hacks people is: 1.1.1.1 ... Yes i know it sounds
    odd, but it's an ip which apparently does SQL Injection, RFI and also hacks private computers???
    When i heard and read about it today, i thought like, no way! No one has 1.1.1.1, well it's not registered...
    I believe DARPA owns it, if not DARPA, some division of the US Government.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #15
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    SWC666, I got the EXACT same EFFING thing. I even posted about this months ago. I have no idea WTF it is, but it's comcast definately. I set DDwrt to block it, same with my smoothwall box, but they try to connect every few hours. I'm not sure what it's suppose to do, but someone from comcast is trying to connect over and over. Good thing they just flagged me as abusive. I'm going to finish my D/l's and cancel my account. They told me to upgrade to a business account or go elsewhere. EFFERS!
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  6. #16
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Well i believe ip 1.1.1.1 is somehow highly malicious and owned by US Government. I am unsure
    wether it's someone spoofing it, or if it's really someone hacking from that ip. One of my "hacker"
    friends checked his netstat today and his computer was listening for 1.1.1.1! I am NOT kidding.

    On a site from my country, it was confirmed in their logs that someone did do SQL Injection using
    the ip: 1.1.1.1 .. Somehow, i feel it's an ip not much people knows about? I allmost think we should
    make a book out of it. "The day when 1.1.1.1 came to me" or maybe "Who is 1.1.1.1?" ..

    The normal US Government / Military starts at 6.x.x.x and that's what makes it all weird.
    (you can look for yourself in the "no-scan" these ip-ranges you can find on the internet,
    it's like the oldschool ip-bibble which i also had a long long time ago back in the days..)
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  7. #17
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    I've written off the RFC1918 bootstrap traffic as harmless. I see it come and go periodically with the same characteristics and I do keep a watchful eye on my logs, but I'm not losing any sleep over it.

    My concern was that it may have been a rogue DHCP box on my ISP's intranet trying to entice me to connect (which would have been a huge issue since I do a lot of web dev work from home and can't afford to have my traffic routed through some dirtbag's sniffer).

    [QUOTE MaXe Legend]The normal US Government / Military starts at 6.x.x.x[/QUOTE]

    I get hit in my logs periodically with that address prefix (6.x.x.x) and usually resolves to the DoD Information Network ; more than likely a spoofed IP from a foreign malware server.
    dd if=/dev/swc666 of=/dev/wyze

  8. #18
    Member PeppersGhost's Avatar
    Join Date
    Jan 2008
    Posts
    204

    Default

    Yep, the only reason I mention WireShark is because I radomly open up to the world in various configs. Just to log wild packets. And its pretty common to see the "cable" provider communicating with thier equipment. Why these updates happen "all the time" Cant say. I can say that most malicious traffic I see comes from Asia or my own provider, mostly NY. I have "Paid" cash $ for network access, and I expect nothing less for my money. I know its an odd concept, getting what you paid for these days.:B
    <EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>

  9. #19
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by PeppersGhost View Post
    Yep, the only reason I mention WireShark is because I radomly open up to the world in various configs. Just to log wild packets. And its pretty common to see the "cable" provider communicating with thier equipment. Why these updates happen "all the time" Cant say. I can say that most malicious traffic I see comes from Asia or my own provider, mostly NY. I have "Paid" cash $ for network access, and I expect nothing less for my money. I know its an odd concept, getting what you paid for these days.:B
    I hear you. I personally think the world should be firewalled from every country that has unregulated TOS's and I'm amazed at home much crap comes through any given internet connection at any given time, when certain measures could be in place to prevent such activity. If I were a conspiracy theorist, I'd say that the ISP's are in bed with the AV, anti-spam, firewall and IDS/IPS companies... lol(?)
    dd if=/dev/swc666 of=/dev/wyze

  10. #20
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by swc666 View Post
    I hear you. I personally think the world should be firewalled from every country that has unregulated TOS's and I'm amazed at home much crap comes through any given internet connection at any given time, when certain measures could be in place to prevent such activity. If I were a conspiracy theorist, I'd say that the ISP's are in bed with the AV, anti-spam, firewall and IDS/IPS companies... lol(?)
    I figured they were the one's making all the really good viruses.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •