Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


kautious

25 posts

Geek


#89547 4-Sep-2011 23:11
Send private message

hi there,

recently our Internet has been up and down like a yoyo.. we have been hacked in the past and recently I have noticed some dodgy things happening on other forums and our home network.

I decided to go to the router and see what the Intrusion Detection Stats were like as well as the .log's
this is what I have found;

Intrusion Detection:

fragment_sweep 27
fragment_out-of-order 141398


and Log's;

xxx.xxx.xxx.xxx = our IP Address.

Info     05:29:14 (since last boot)    UPnP action 'DeletePortMapping' from ip=192.168.1.xx (Success)


Info     05:29:15 (since last boot)    UPnP action 'DeletePortMapping' from ip=192.168.1.xx (Success)


Error     05:29:02 (since last boot)    FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 46.250.48.74 Dst ip: xxx.xxx.xxx.xxx Type: Destination Unreachable Code: Host Unreacheable


Info     05:28:26 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 7) : 82.26.117.143 xxx.xxx.xxx.xxx 1452 UDP 30647->28532 frag 7469:1432@0+


Info     05:24:56 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 9) : 82.26.117.143 xxx.xxx.xxx.xxx 1452 UDP 30647->28532 frag 29039:1432@0+


Info     05:20:40 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 6) : 82.26.117.143 xxx.xxx.xxx.xxx 1452 UDP 30647->28532 frag 14974:1432@0+


Info     05:19:22 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 5) : 82.26.117.143 xxx.xxx.xxx.xxx 1452 UDP 30647->28532 frag 11094:1432@0+


Info     05:15:22 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 150) : 82.26.117.143 xxx.xxx.xxx.xxx 1452 UDP 30647->28532 frag 31250:1432@0+


Info     05:14:07 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 4326) : 2.93.10.32 xxx.xxx.xxx.xxx 1396 UDP 58261->28532 frag 35924:1376@0+


Error     05:13:42 (since last boot)    IDS fragment parser : fragment sweep (1 of 1) : 2.93.10.32 xxx.xxx.xxx.xxx 0054 UDP frag 22854:34@1376


Info     05:13:06 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 5721) : 2.93.10.32 xxx.xxx.xxx.xxx 1396 UDP 58261->28532 frag 65083:1376@0+


Error     05:12:41 (since last boot)    IDS fragment parser : fragment sweep (1 of 1) : 2.93.10.32 xxx.xxx.xxx.xxx 0054 UDP frag 47033:34@1376


Info     05:12:05 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 5544) : 2.93.10.32 xxx.xxx.xxx.xxx 1396 UDP 58261->28532 frag 19596:1376@0+


Error     05:11:40 (since last boot)    IDS fragment parser : fragment sweep (1 of 1) : 2.93.10.32 xxx.xxx.xxx.xxx 0054 UDP frag 4379:34@1376


Info     05:11:04 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 4914) : 93.80.212.118 xxx.xxx.xxx.xxx 1396 UDP 59470->28532 frag 17521:1376@0+


Error     05:10:39 (since last boot)    IDS fragment parser : fragment sweep (1 of 1) : 93.80.212.118 xxx.xxx.xxx.xxx 1396 UDP 59470->28532 frag 60449:1376@0+


Info     05:10:03 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 4993) : 2.93.10.32 xxx.xxx.xxx.xxx 1396 UDP 58261->28532 frag 9723:1376@0+


Error     05:09:38 (since last boot)    IDS fragment parser : fragment sweep (1 of 1) : 2.93.10.32 xxx.xxx.xxx.xxx 0054 UDP frag 62317:34@1376


Info     05:09:02 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 3091) : 2.93.10.32 xxx.xxx.xxx.xxx 1396 UDP 58261->28532 frag 38752:1376@0+


Error     05:08:38 (since last boot)    IDS fragment parser : fragment sweep (1 of 1) : 2.93.10.32 xxx.xxx.xxx.xxx 0054 UDP frag 30300:34@1376


Info     05:08:01 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 1821) : 2.93.10.32 xxx.xxx.xxx.xxx 1396 UDP 58261->28532 frag 11827:1376@0+


Error     05:07:36 (since last boot)    IDS fragment parser : fragment sweep (1 of 1) : 2.93.10.32 xxx.xxx.xxx.xxx 0054 UDP frag 60150:34@1376


Warning     05:07:25 (since last boot)    PPP link up (Internet) [xxx.xxx.xxx.xxx]


Info     05:07:25 (since last boot)    PPP PAP Authenticate Ack received


Info     05:07:25 (since last boot)    PPP PAP Authenticate Request sent


Warning     05:07:14 (since last boot)    PPP link down (Internet) [xxx.xxx.xxx.xxx]


Info     05:07:00 (since last boot)    IDS fragment parser : fragment out-of-order (1 of 10925) : 2.93.10.32 xxx.xxx.xxx.xxx 1396 UDP 58261->28532 frag 41488:1376@0+


not liking this Telecom Dynamic plan which is falsely advertised. As in Fact we are on a Static IP. Have requested numerous times for a Dynamic IP which TBQH can't be done with Telecom.

any idea's on what to do here would be appreciated.






Create new topic
BarTender
3606 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #516617 4-Sep-2011 23:35
Send private message

Switch your modem off at night, in the morning you should get a new IP if you're on dynamic and don't have a fixed IP.  I think there is a few hours lease time that the IP is held for if you restart your router.

Are you sure you're not infected with a virus / malware?  Or running some bittorrent similar software on a machine?

You never know you could have been hit with the virus that hit MetService and went around a few weeks ago: http://www.geekzone.co.nz/freitasm/7776




kautious

25 posts

Geek


  #516620 4-Sep-2011 23:49
Send private message

Hmm , regarding the Modem reset thing. No We've Tried that. spoken to Level 1-7 technicians which have confirmed that with the New Telecom plans (Total Home) All users are in fact on a fixed IP Address and they are not willing to even change it - The IP Address (that is).

Will look into the torrent thing as there are several users on the network +Mobile Devices

have built a Linux firewall Rig which is sitting beside me atm. Have been delaying wiring it up between a sep router and this one as I have no faith in these 'Free' Modems abilities to block anything.

but that requires time and energy which I don't have atm. And will it be effective enough to warrant doing so? .. Iam not sure atm.

thank you very much for your fast reply.

Shall do the MalwareBytes thing in morning and see if it turns up any nasties.


shall also do a sweep for rootkits using;
http://technet.microsoft.com/en-us/sysinternals/bb897445



Again thanks.





sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #516638 5-Sep-2011 06:33
Send private message

The IP type you're on is completely irrevelent, port scanners and bots out there on the internet will get you no matter what your IP address is.




kautious

25 posts

Geek


#516777 5-Sep-2011 12:13
Send private message

Not Exactly true , I was a part of a gaming community for several years , and in last few years I have kept the same IP address (not because I wanted to). This was picked up by some Server Admins who were not well liked in the community and caused alot of strife for us and our players. This is when these Hacking games started.

Now , these guys were attacking players whilst they were in game through Syn Floods / Ddos Attacks and in some cases breaching there computers and effectively killing them. forcing players to R-einstall OS etc.
and lolling in the background.

The thing is with a Dynamic IP , you can re-anonimize yourself by simply resetting your modem. Then they need to find you again by scanning your subnet and looking for your computer/name. Which in effect you change and make it that much more harder for them to detect.

If however you are on a fixed IP address , then they can blast you with every new Exploit available on the Web and or ddos you via some botnet till all their proxies are exhausted. the kinds of people I am talking about here do this kind of thing constantly and have killed a lot of game servers out of spite and for reasons that no one really understands.




sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #516794 5-Sep-2011 13:14
Send private message

Annoying some other gamers is completely differnt from bots attacking you - this will occur no matter what the IP is.

With the new 3strikes law and assumption by the law that an IP address is a person I suspect we'll see more ISP's defaulting to static IP's due to the complexities in some cases of having to store IP and user account information as require by law.


kautious

25 posts

Geek


  #516801 5-Sep-2011 13:25
Send private message

Yes indeed. Perhaps they "Telecom" would like to re-phrase their plan Description's from Dynamic IP to Static IP. at least for Legal Purposes.

or should I say: False Advertising.

edit: just done a search for 'dynamic' on their website to which nothing but a glossary of terms was returned. Perhaps they have already rectified this.

I see someone else is having (Static IP) the same problem here;
http://www.geekzone.co.nz/forums.asp?forumid=39&topicid=78926


seems ironic , how just when the law changes regarding downloads and illegal content , that all of a sudden like we are given large boosts in GB's to be allowed to use.with this Catch-22 bundled in. Be warned we are watching what you download and you may expect a visit if you are not careful.

not sure what to liken it to tbh.

An X-Alcoholic in a bar full of free-piss & told that they can only drink water?










cbrpilot
955 posts

Ultimate Geek

Trusted
Spark NZ

  #520481 13-Sep-2011 14:32
Send private message

@yzeguy, I suggest you call Telecom and request a change of IP address.

Telecom never claims to give everyone a dynamic IP.  If your IP address does not change when restarting your router and you have not specifically requested a static IP then you will need to call if you have issues with your IP and they will run an order to change it.

 




My views are my own, and may not necessarily represent those of my employer.


 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
kautious

25 posts

Geek


  #520490 13-Sep-2011 14:53
Send private message

Have done so on many occasions , spoken to numerous technicians on several occasions in regards to these matters , all of which have stated that we are NOT on Static Ip .. however it is obvious that we are since we have had the same IP for over 12months , resets / no resets still the same.

have contacted them again today to see if they can change it once more. Last time I tried this , there was 1 option , close and re-open account.. kind ironic I think , oh and there's a fee involved for doing this.

Thanks for your feedback , much appreciated.


joeksemail
78 posts

Master Geek

Trusted

  #520526 13-Sep-2011 16:01
Send private message

Can you please PM me your phone number and I can look into this for you.

Cheers,

Joe

kautious

25 posts

Geek


  #521063 14-Sep-2011 16:58
Send private message

pm sent thanks.


kautious

25 posts

Geek


#521693 15-Sep-2011 21:31
Send private message

Thank you all for the help , hopefully the problem has been resolved , if not I have come closer to the source of it.

after talking to a Technician 5minutes ago (great guy btw) he suggested that I try a very simple proceedure that you may want to pass onto your support team for future reference.

FACTORY RESET MODEM.

Apparently these modems TG585v7's can get congested cache? or something to this effect.

however , after doing the 'Thing which stared me in the face' every time I went to the interface , 'Yet blantantly over-looked' may have been the remedy for cases such as mine.

Anyway , long story short .. you guys have restored my faith in Telecom Services and your help has been Out-Standing!! (looks for the 'shout me a beer - via paypal button') :\

Thank you all that helped rectify this problem.

I shall monitor it for the next few days and report here of the outcome good/bad , that others maybe able to benefit from this post - that have similar issues.

Cheers.








joeksemail
78 posts

Master Geek

Trusted

  #521765 16-Sep-2011 08:07
Send private message

yzeguy: Thank you all for the help , hopefully the problem has been resolved , if not I have come closer to the source of it.

after talking to a Technician 5minutes ago (great guy btw) he suggested that I try a very simple proceedure that you may want to pass onto your support team for future reference.

FACTORY RESET MODEM.

Apparently these modems TG585v7's can get congested cache? or something to this effect.

however , after doing the 'Thing which stared me in the face' every time I went to the interface , 'Yet blantantly over-looked' may have been the remedy for cases such as mine.

Anyway , long story short .. you guys have restored my faith in Telecom Services and your help has been Out-Standing!! (looks for the 'shout me a beer - via paypal button') :\

Thank you all that helped rectify this problem.

I shall monitor it for the next few days and report here of the outcome good/bad , that others maybe able to benefit from this post - that have similar issues.

Cheers.









No worries at all, its what were here for!
:-)

kautious

25 posts

Geek


  #521767 16-Sep-2011 08:12
Send private message

:D she's still humming along quite nicely now. Will see if it degrades over the next few days.

if it does will look into getting a new router.

Cheers.

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.