Computer Help Forums

Computer Help Forum > TechieHQ Office > Newsgroup Archive > PC Hardware > IP scanner shows lots of 'live' IP addresses on my DSL--why?

Reply
Thread Tools Display Modes

IP scanner shows lots of 'live' IP addresses on my DSL--why?

 
 
RayLopez99
Guest

Posts: n/a
Thanked:


 
      Mar 15th, 13, 12:20 AM
In the range 103.XX.XXX.XXX

Before there was not as many live IP addresses.

Changes to my network: I switched from a static IP address to a dynamic IPaddress with my ISP provider. I also let a third party who is not affiliated with the ISP company supervise the installation.

I am using the freeware "Advanced IP Scanner" by Famatech to check the liveIP addresses, which have different .XXX extensions at the end but all the same MAC address--could this just be the DSL modem? (I have a DSL modem (with firewall) and a router 'downstream' of the DSL modem, then my PCs connect to this router). But if so, why so many, over 45 such IP addresses, at the moment?

Is there is a chance other people are sharing my DSL line and can read my data traffic? Or use my bandwidth? The guy who I let supervise my installation is generally honest but he does run a cybercafe as a business--and that is why I'm suspicious about the bandwidth stealing issue. Or, it could just be a coincidence to there now being a "Dynamic" connection.

RL
 
Reply With Quote
 
 
 
 
Mike Easter
Guest

Posts: n/a
Thanked:


 
      Mar 15th, 13, 2:15 AM
RayLopez99 wrote:
> In the range 103.XX.XXX.XXX


The 103.0.0.0/8 of 16 million IPs is APNIC's, there are some low 103.x
blocks for .au and a lot of other 103.yy blocks for .kr

> Before there was not as many live IP addresses.


How does your ware define what it calls 'live' IPs?

> Changes to my network: I switched from a static IP address to a
> dynamic IP address with my ISP provider. I also let a third party
> who is not affiliated with the ISP company supervise the
> installation.


a cybercafe dude could be associated with all kinds of nefarious
networking issues as well as being security wise.

> I am using the freeware "Advanced IP Scanner" by Famatech to check
> the live IP addresses, which have different .XXX extensions at the
> end but all the same MAC address--could this just be the DSL modem?


I don't understand how a bunch of 'different' routing IPs 103.xx could
have the same MAC unless you are not explaining things accurately.

> (I have a DSL modem (with firewall) and a router 'downstream' of the
> DSL modem, then my PCs connect to this router). But if so, why so
> many, over 45 such IP addresses, at the moment?


Your router gives out a lot of what some call 'non-routing' or 'private'
IP addresses, the family of which is such as 192 or 172 or 10.

> Is there is a chance other people are sharing my DSL line and can
> read my data traffic? Or use my bandwidth? The guy who I let
> supervise my installation is generally honest but he does run a
> cybercafe as a business--and that is why I'm suspicious about the
> bandwidth stealing issue. Or, it could just be a coincidence to
> there now being a "Dynamic" connection.


It looks to me like we need more accurate information and you need to
express the info in your software's manual better. The site for the
Advanced IP scanner doesn't provide docs, just the .exe download.



--
Mike Easter
 
Reply With Quote
 
 
 
 
Paul
Guest

Posts: n/a
Thanked:


 
      Mar 15th, 13, 3:03 AM
RayLopez99 wrote:
> In the range 103.XX.XXX.XXX
>
> Before there was not as many live IP addresses.
>
> Changes to my network: I switched from a static IP address to a dynamic IP address with my ISP provider. I also let a third party who is not affiliated with the ISP company supervise the installation.
>
> I am using the freeware "Advanced IP Scanner" by Famatech to check the live IP addresses, which have different .XXX extensions at the end but all the same MAC address--could this just be the DSL modem? (I have a DSL modem (with firewall) and a router 'downstream' of the DSL modem, then my PCs connect to this router). But if so, why so many, over 45 such IP addresses, at the moment?
>
> Is there is a chance other people are sharing my DSL line and can read my data traffic? Or use my bandwidth? The guy who I let supervise my installation is generally honest but he does run a cybercafe as a business--and that is why I'm suspicious about the bandwidth stealing issue. Or, it could just be a coincidence to there now being a "Dynamic" connection.
>
> RL


There's better than that. You can use Wireshark for tracing stuff.

http://en.wikipedia.org/wiki/Wireshark

*******

Let's take some scenarios.

DSL_Modem ---- Ray's Computer

If you do that, terminating PPPOE or PPPOA in software in Windows,
you'll see the full force of the Internet scanning efforts. That
is not a recommended config, even with Windows Firewall engaged.

Now, if we run this way...

DSL_Modem ---- router ---- Ray's Computer

That configuration has the advantage, that IPV4 NAT prevents a lot
of stuff from happening. If you're running IPV6, then you'll have
lost any advantage of IPV4 NAT.

To make my router secure here (that second hardware config),
I attempted to make it stealthy.

1) Do no Port Forwarding. That means, don't run any servers on
your desktop computer, and open ports in the router so that
the Internet can "see" your server. Similarly, don't use the
DMZ feature (port forwarding on steroids).

2) I add this rule to the router. When an IDENTD packet comes in,
it is forwarded to a non-existent node on my LAN. This is to
prevent an IDENTD packet from gaining a response from the router.

Allow identd WAN,* LAN,192.168.253.253 TCP,113

3) Some routers support dyndns. When you have a dynamic IP, it's possible
to "advertise" your new IP address, via Dynamic DNS. The router sends
the mapping of "ray.someisp.com" to a commercial operation like dyndns.org,
and the DNS tables are updated with your particulars. A person would
do this sort of thing, if running servers. So if you were running a
web server, your installer could enable dyndns in the router, so that
your IP mapping would be working. People who don't run servers, don't
particularly need dyndns (unless it's a vanity thing).

OK, with those out of the way, why are you seeing activity ?

You *can* see activity on the WAN (left hand side of router).
That would be normal. Any turkey can scan your external IP
address if they want.

You should not see random addresses on the LAN side. That's
a sign you're not running IPV4 NAT, you're Port Forwarding
or the like.

*******

One reason your public IP address gets scanned, is a function
of what the previous ISP customer was using the DNS address for.
Now that you're "dynamic", you get to see the after-effects of
what the previous customer was doing.

Say the address 123.123.123.123 was used by a previous customer,
and they were running BitTorrent. That's a peer to peer protocol,
with many participants.

What's bad about BitTorrent ? It's a persistent protocol, which
is not typically how you're supposed to design networking clients.

Say I'm running BitTorrent, and I turn off the power on my ADSL
modem. My ADSL session drops. The dynamic DNS address used, is put
back in the pool of addresses at the ISP. BitTorrent clients
continue to "hump" that IP address, even though they're not
getting a response.

Then, Ray dials up via his ADSL modem, and is assigned 123.123.123.123.
Well, what happens ? All the BitTorrent clients, dumb as they are,
continue to pound 123.123.123.123 at some well-known port numbers,
looking for the previous BitTorrent session.

When that happens here, I see "scanning" or "pounding" on the WAN side,
I just drop the lease and renew, and get a new IP address. I
repeat until I get a "clean one". If everyone using your ISP
is using BitTorrent, this could take a while. Note that the ISP
may have the ADSL set to disconnect for 15 minutes, if you release
and renew the lease, too many times in a short interval. (That's
"lease pounding protection", for the ISP itself.)

If you're running a router with IPV4 NAT, then the "pounding" should
show on the WAN light of the router. But no packets should be
forwarded to the LAN side.

*******

Your own client software can encourage communications. For example,
if you start Firefox running, and don't use it, Firefox will
talk to some Google node, to get a list of addresses for
filtering. So clients can do their own communications, for
various purposes. And then, you'd see some weird things
on the LAN side. Basically, Firefox downloads stuff on its own,
with no prompting from you.

And if you expect help, give a complete IP address, like the mythical
123.123.123.123 I made up above. I can't promise anything (as it looks
like zoneinfo is busted now), but knowing even one IP address
and doing a reverse translation, might give some idea what
kind of scan is happening.

HTH,
Paul
 
Reply With Quote
 
RayLopez99
Guest

Posts: n/a
Thanked:


 
      Mar 16th, 13, 5:25 PM
Thanks Mike Easter and Paul. Sorry for my formating issues ME, as I am using an anonymous proxy server at the moment.

On Friday, March 15, 2013 10:03:36 AM UTC+8, Paul wrote:


>
>
> There's better than that. You can use Wireshark for tracing stuff.
>
>
>
> http://en.wikipedia.org/wiki/Wireshark
>
>


Is this safe to use? No 'opens ports for evil hackers' issues? I've used "Fiddler" for debugging for some web services programming I do on a remote server I lease (but I've not done this programming in the last few months),and it was somewhat helpful; not sure what Wireshark will do but it might be useful.


>
> *******
>
>
>
> Let's take some scenarios.
>
>
>
> DSL_Modem ---- Ray's Computer
>
>


No, I don't do that.

>


>
> Now, if we run this way...
>
>
>
> DSL_Modem ---- router ---- Ray's Computer
>
>
>
> That configuration has the advantage, that IPV4 NAT prevents a lot
>
> of stuff from happening. If you're running IPV6, then you'll have
>
> lost any advantage of IPV4 NAT.



I do this, yes. Not sure about whether here in SE Asia they have IPV6 or not. BTW Mike Easter is right: APNIC is based here and services this country.

>
>
>
> To make my router secure here (that second hardware config),
>
> I attempted to make it stealthy.
>
>
>
> 1) Do no Port Forwarding. That means, don't run any servers on
>
> your desktop computer, and open ports in the router so that
>
> the Internet can "see" your server. Similarly, don't use the
>
> DMZ feature (port forwarding on steroids).
>


I think I do not do this, but I need verification. For example the anonymous Proxy server uses a "peer-to-peer" (I believe this is standard) 'tunnel'to route my internet traffic--presently it's to Japan from my home SE Asianon-Japan country, but it can be any number of countries. I use this "peer-to-peer" proxy server only for Usenet and email on occasion, but I 'turn it off' (break the tunnel) for most regular internet surfing. But maybe itestablishes some sort of "software proxy server" (I'm flailing here, this is not my field)? And I swear (85% sure) that the weird extra internet addresses show up even if I don't load the anonymous proxy server (which has to be manually started by me, not done automatically at startup). Further, as Mike Easter points out, it's weird that all these extra internet IP addresses have [or had, see below on the update for today] the same MAC address.. How can that be? Now granted there's a firewall in the modem of the DSP, and a firewall in the D-Link 1 year old router. Both routers have 'wireless' capabilities (I did change the password after the IT friend installed it, just in case the sneaky fellow is trying to piggyback on my wireless, though I don't use wireless and try as I could, I could not find a way (unlike with some routers) how turn off wireless, so I just changed the wirelesspassword). Could the extra "MAC" be some sort of firewall? Or is it perhaps (this is devious, but possible) that "upstream" of the wire that comes into my condo, that is, where the IT guy has his shop, he has a "splitter" with a certain MAC address, and this "Splitter" is nothing more than a router?!! That would solve the mystery, would it not? Because this guy alwayshas a couple of dozen customers day and night (don't get me started, but it turns out internet cafes are very popular and presumably profitable in Third World countries such as this one in SE asia, because frequently women use them to extort gullible men in 'green card bride' scams--I could write for pages on this as I've spoken to some of these internet cafe owners--coupled with the unavailability of internet in most residences).


>
> 2) I add this rule to the router. When an IDENTD packet comes in,
>
> it is forwarded to a non-existent node on my LAN. This is to
>
> prevent an IDENTD packet from gaining a response from the router.
>
>
>
> Allow identd WAN,* LAN,192.168.253.253 TCP,113
>


I beg your pardon but would not do this at this point in time since I'm a noob here. I rather come up with a 'plausible' theory such as the above, gain some knowledge about this field, then work backwards. But it's good forfuture reference.


>
>
> 3) Some routers support dyndns. When you have a dynamic IP, it's possible
>
> to "advertise" your new IP address, via Dynamic DNS. The router sends
>
> the mapping of "ray.someisp.com" to a commercial operation like dyndns.org,
>
> and the DNS tables are updated with your particulars. A person would
>
> do this sort of thing, if running servers. So if you were running a
>
> web server, your installer could enable dyndns in the router, so that
>
> your IP mapping would be working. People who don't run servers, don't
>
> particularly need dyndns (unless it's a vanity thing).


You kind of lost me, but no matter. I am familiar with dyndns.org since I've used it to install security cameras so they have a "familar Latin lettername" rather than a hard to remember number, but that's about it. Let's move on though, as this appears to be a side issue as I don't run a server (just a home PC, and I *do* and have in the past used Piratebay.se to download and upload content--and maybe from my previous 'static' address I'm somehow being pinged by 'old' peer-to-peer PCs? It's all unclear how this is possible since the static IP address was with another ISP company, more 'business' oriented, while the dynamic IP address is with a more popular, 'retail' ISP company. Could it be that the extra MAC with the extra IP addresses are something done a block from my apartment, by this new 'retail' ISP company, to save money? I am paying almost half of what I was paying before with the 'static' address, so the laws of economics say this new company must be doing something like "piggybacking" several customers onto one line, or something like that, to be able to afford to do what they do? This scenario is the same as the above "splitter" scenario, but the 'splitting' or 'sharing' is being done by the new ISP company, not the wily Internet Cafe owner--with the 'dynamic' rather than 'static' IP address, does that make sense? It's all a haze, sorry (not my field).


>
>
>
> OK, with those out of the way, why are you seeing activity ?
>
>
>
> You *can* see activity on the WAN (left hand side of router).
>
> That would be normal. Any turkey can scan your external IP
>
> address if they want.


Right.
>
>
>
> You should not see random addresses on the LAN side. That's
>
> a sign you're not running IPV4 NAT, you're Port Forwarding
>
> or the like.
>


Wait. Let me run Advanced IP Scanner v. 2 by Famatech and report what I see right now, which is during the running of the aforementioned Anonymous Proxy server.... OH MY GOD!!! GUESS what--I don't have ANY extra IP addresses right this moment--only three!!! (I guess the three relate to: my two PCS, the D-Link router w/ firewall connected to these two PCS, and the incoming DSL modem (not sure if it has a firewall, but probably does, though it looks kind of cheap) provided free by the new 'dynamic IP' ISP company) Is this suspicious or what??? BTW, I changed the wireless password after my original post--could it be that now the 'bandwidth bandits' have dropped offsince they cannot use my wireless anymore? But would the Internet Cafe owner be that stupid, to depend on me just not changing the password? Wouldn't he have a hardware (wired LAN) connection too? Also it's Saturday nightalmost midnight here and perhaps the customers are sleeping (I'm too lazy to run down to the ground store--he is open 24/7--and see who is in there)?This is a real mystery now.

>
>
> *******
>
>
>
> One reason your public IP address gets scanned, is a function
>
> of what the previous ISP customer was using the DNS address for.


Right...that was me, and I used it for downloading content, mostly porn andtechnical books, from Piratebay. I was mostly a leach but on occasion a seeder. I don't think anybody is interested in me for the books, but possibly the porn, though I did not realize that your static IP address is saved by uTorrent users? Is that how it works, you can manually save your 'favorite' seeders? That's news to me--I thought it was all done automatically and 'by the instant' meaning seeders would come and go and nobody would save your IP address. Very interesting if my understanding is correct.

>
> Now that you're "dynamic", you get to see the after-effects of
>
> what the previous customer was doing.
>
>
>
> Say the address 123.123.123.123 was used by a previous customer,
>
> and they were running BitTorrent. That's a peer to peer protocol,
>
> with many participants.
>
>
>
> What's bad about BitTorrent ? It's a persistent protocol, which
>
> is not typically how you're supposed to design networking clients.
>
>
>
> Say I'm running BitTorrent, and I turn off the power on my ADSL
>
> modem. My ADSL session drops. The dynamic DNS address used, is put
>
> back in the pool of addresses at the ISP. BitTorrent clients
>
> continue to "hump" that IP address, even though they're not
>
> getting a response.


Interesting...so perhaps the reason I got those strange IP addresses I mentioned in my OP is that I had just downloaded and seeded content from Piratebay? Perhaps. So if this is true (if my understanding is correct--I couldbe misunderstanding what you are saying) a test of this theory would be todownload something popular at Piratebay (like today's porn), then, let it 'seed' for a couple of hours, then, run Wireshark or Advanced IP Scanner v.2 by Famatech, and see if you get these extra IP addresses? is that right? Let me know pls and I can do such an experiment easily (and not have to install Wireshark--I hate installing programs I use only once--though I wonder if I install in under the 'virtual' PC I have whether it will be as accurate as installing it on my 'real' PC OS)?

>
>
>
> Then, Ray dials up via his ADSL modem, and is assigned 123.123.123.123.
>
> Well, what happens ? All the BitTorrent clients, dumb as they are,
>
> continue to pound 123.123.123.123 at some well-known port numbers,
>
> looking for the previous BitTorrent session.
>
>
>
> When that happens here, I see "scanning" or "pounding" on the WAN side,
>
> I just drop the lease and renew, and get a new IP address. I
>
> repeat until I get a "clean one". If everyone using your ISP
>
> is using BitTorrent, this could take a while. Note that the ISP
>
> may have the ADSL set to disconnect for 15 minutes, if you release
>
> and renew the lease, too many times in a short interval. (That's
>
> "lease pounding protection", for the ISP itself.)
>


OK...so the protocol would be, after doing what I said in the previous paragraph, then turn off your routers (both of them just be be sure), then wait15 minutes, turn them on again, and see if Adv. IP Scanner by Famatech is showing extra IP addresses? And that extra MAC address? Is that it? But that extra MAC address is very weird...that's a router for sure, no? How can it not be? A MAC address is unique to one and only one piece of hardware....you cannot have a half dozen IP addresses sharing the same MAC address unless it is a 'splitter' (or router)? But I digress.



>
>
> If you're running a router with IPV4 NAT, then the "pounding" should
>
> show on the WAN light of the router. But no packets should be
>
> forwarded to the LAN side.


Too complicated. I'm going to run the above experiment once I hear back from you that it's OK.

> Your own client software can encourage communications. For example,
>
> if you start Firefox running, and don't use it, Firefox will
>
> talk to some Google node, to get a list of addresses for
>
> filtering. So clients can do their own communications, for
>
> various purposes. And then, you'd see some weird things
>
> on the LAN side. Basically, Firefox downloads stuff on its own,
>
> with no prompting from you.


Still, why the single extra MAC? Can a virtual "Tunnel" from a anonymous proxy server service like Hide My Ass have a 'virtual' hardware MAC? But even if so, it belies the fact there are no extra 'weird' IP addresses today,unlike in my original post.

>
>
>
> And if you expect help, give a complete IP address, like the mythical
>
> 123.123.123.123 I made up above. I can't promise anything (as it looks
>
> like zoneinfo is busted now), but knowing even one IP address
>
> and doing a reverse translation, might give some idea what
>
> kind of scan is happening.


How? Please if it's easy give me a hypothetical so I can do it myself. I hesitate to give a real IP address here since where I'm now it's a small one-horse town and using Google Earth you'll probably figure out where I live(the one of a couple of dozen big buildings in said one horse town, prettymuch the only or one of the only buildings in town that has high-speed internet access--every other peasant farmer family interested in internet here, and there are very few aside from the Green Card scammers at the downstairs internet cafe, are still using dial-up modems I found out.

Thanks Paul. I'm busy with work so I don't know when I'll post again but will calendar to read this thread in the next few days.

RL
 
Reply With Quote
 
Mike Easter
Guest

Posts: n/a
Thanked:


 
      Mar 16th, 13, 6:07 PM
RayLopez99 wrote:
> Sorry for my formating issues ME, as I am using an anonymous proxy
> server at the moment.


Using an anonymous proxy server doesn't prevent your using GG's old
style interface instead of the new.

And depending on what kind of anonymity/privacy you feel you need, it
doesn't necessarily have to be done by using GG to post to usenet groups.

The vast majority of 'privacy buffs' don't use GG to usenet post.



--
Mike Easter
 
Reply With Quote
 
Mike Easter
Guest

Posts: n/a
Thanked:


 
      Mar 16th, 13, 6:12 PM
RayLopez99 wrote:

> I could not find a way (unlike with some routers) how turn off wireless


What is the brand and modelno of this router?

--
Mike Easter
 
Reply With Quote
 
Mike Easter
Guest

Posts: n/a
Thanked:


 
      Mar 16th, 13, 7:43 PM
RayLopez99 wrote:

> a firewall in the D-Link 1 year old router. Both routers have
> 'wireless' capabilities


Both routers? Are you calling the DSL modem a(nother) 'router' -- which
it would be if it were a gateway device capable of assigning IPs to
wireless devices connecting directly to the modem instead of to the router.

So now besides the router's modelno, there is a DSL modem whose brand
and modelno need to be determined.

You can have a security/connectivity leak at the modem or the router if
they are both wireless and their wireless-ness isn't turned off or secured.


--
Mike Easter
 
Reply With Quote
 
RayLopez99
Guest

Posts: n/a
Thanked:


 
      Mar 17th, 13, 4:25 AM
On Sunday, March 17, 2013 2:43:34 AM UTC+8, Mike Easter wrote:

[deleted]

Thanks ME, this is a complicated topic as these routers have really gotten more sophisticated since the last time I looked at them 10 years ago.

I found out this stuff about my setup. I have changed wireless on the DSL modem (it was turned on) by changing the password just now. I still have not figured out how to turn off wireless (I have some clues, but don't want to mess with the settings). I also note the technician who set up the DSL modem has some settings password protected under his name on this ADSL modem--I cannot get into that screen and will leave it be, as it must go to things like PPoE or whatever settings they use from the ISP.


Here is the setup:

//

PROLiNK H5001N ADSL Wireless Modem
RTK V2.1-Inv 1WN1 3.HR
http://192.168.254.254

Cisco D-Link model DIR-615
http://192.168.0.1


Setup: phone line --> PROLiNK ADSL Modem --> Cisco D-Link router --> Two PCs running Windows 7

Wireless turned on for ProLiNK (but password changed), off for D-Link

//

Question #1: I notice that the Cisco D-Link router I have 'stores' what IPaddresses it commonly connects to--is that something common? I reckon so.

Question #2: I notice the freeware tool Advanced IP Scanner by Famatech (and I supposed WireShark would be the same) also "stores" (or so it seems) previous IP addresses it detects. Otherwise, how do you explain the "live" and "dead" addresses? That is, when I turn off my second PC, and use the Famatech tool, it shows the status of the IP address as "dead". But when I turn on the PC, and re-scan using the Famatech tool, the IP address becomes"alive". What are these alive and dead statuses?

Question #3: I also notice using the Famatech freeware tool that there are several "dead" IP addresses that have MAC addresses I do not recognize. When I posted the original post in this thread, there were several dozen of these unrecognized IP addresses that were "alive" (but now they don't even show up as dead--I should somehow be logging this information, which I will now do henceforth since Famatech does have a 'snap shot save' feature, though I wish it had a automatic log everything feature). Is it possible thesewere people using my wireless, before I changed the password today? I think so. And the half dozen 'dead' IP addresses I see today may have been people from yesterday that were using my bandwidth? And maybe the Famatech tool only stores addresses from the last 24 or 48 hours? Possible.

Question #4: even assuming somebody is using your wireless, does that meanthey can read your email if you are not using HTTPS? Not sure about this.

Thanks for any replies.

RL
 
Reply With Quote
 
Mike Easter
Guest

Posts: n/a
Thanked:


 
      Mar 17th, 13, 6:12 AM
RayLopez99 wrote:

> I have changed wireless on the DSL modem (it was turned on) by
> changing the password just now. I still have not figured out how to
> turn off wireless


I can't find a manual for the modem at the prolink site.

> I also note the technician who set up the DSL modem has some
> settings password protected under his name on this ADSL modem--I
> cannot get into that screen and will leave it be, as it must go to
> things like PPoE or whatever settings they use from the ISP.


He should have left a card with the password or put it on the bottom of
the modem. You need to be able to access all of the modem or you won't
know what is going on and you won't be able to reset it if necessary.

> using the Famatech freeware tool


You are the one with the software and the manual or help file and the
screen which we can't see. You are the one who is going to have to
learn the tool's definitions of what is dead and alive.

> even assuming somebody is using your wireless, does that mean they
> can read your email if you are not using HTTPS?


It is a bigger problem defending yourself - making yourself secure -
against someone on your LAN than it is defending against someone out on
the WAN on the other side of your router.

There are many reasons to not have unknown entities using your
connectivity, in spite of what some people think.

One scenario is that if there were serious nefarious activity going on
and the activity were traced to your IP, the first thing the
investigation would do would be to confiscate your computers or hard
drives while the investigation proceeded, possibly at a glacially slow
pace instead of just making images of your hard drives and letting you
keep them or giving them back. And since the specialists aren't the ones
who show up at the site of your equipment, the most likely thing is that
all of your computer stuff would be taken into (temporary) custody for
forensic breakdown. Not good even if you were innocent, which you
aren't exactly since you pirate.

Re the insecurity of your traffic: You are wired to your router, not
wireless, so the strategy would be to access your computer/s, depending
on how secure it is against others in its local network and that would
be the first vulnerability rather than the traffic itself.


--
Mike Easter
 
Reply With Quote
 
RayLopez99
Guest

Posts: n/a
Thanked:


 
      Mar 20th, 13, 4:02 AM
On Sunday, March 17, 2013 1:12:10 PM UTC+8, Mike Easter wrote:

>
> He should have left a card with the password or put it on the bottom of
>
> the modem. You need to be able to access all of the modem or you won't
>
> know what is going on and you won't be able to reset it if necessary.


He should have but did not.

>
>
>
> > using the Famatech freeware tool

>
>
>
> You are the one with the software and the manual or help file and the
>
> screen which we can't see. You are the one who is going to have to
>
> learn the tool's definitions of what is dead and alive.


It's freeware and no manual. let me Google Famatech now... no manual online. This company apparently deals with remote control s/w. Not gonna worryabout it.

>
>
>
> > even assuming somebody is using your wireless, does that mean they

>
> > can read your email if you are not using HTTPS?

>
>
>
> It is a bigger problem defending yourself - making yourself secure -
>
> against someone on your LAN than it is defending against someone out on
>
> the WAN on the other side of your router.
>
>


Right.

>
> There are many reasons to not have unknown entities using your
>
> connectivity, in spite of what some people think.
>
>


I'm curious--what do these other people think? That is, why would (according to them) piggybacking on your bandwith NOT be a security risk? Since most traffic is not encrypted, I would think it would be a risk, no?


>
> One scenario is that if there were serious nefarious activity going on
>
> and the activity were traced to your IP, the first thing the
>
> investigation would do would be to confiscate your computers or hard
>
> drives while the investigation proceeded, possibly at a glacially slow
>
> pace instead of just making images of your hard drives and letting you
>
> keep them or giving them back. And since the specialists aren't the ones
>
> who show up at the site of your equipment, the most likely thing is that
>
> all of your computer stuff would be taken into (temporary) custody for
>
> forensic breakdown. Not good even if you were innocent, which you
>
> aren't exactly since you pirate.
>


Right. But you speak from a USA perspective. I'm in SE Asia now and it's a "one-copy" country. Even law enforcement is using pirated WIndows on their machines. The funniest pirated s/w for me is the pirated anti-virus s/w--say what? But people use it!


>
>
> Re the insecurity of your traffic: You are wired to your router, not
>
> wireless, so the strategy would be to access your computer/s, depending
>
> on how secure it is against others in its local network and that would
>
> be the first vulnerability rather than the traffic itself.
>


From what I can surmise, when I changed the wireless password the 'problem went away'. But I am still showing some 'dead' IP addresses with differentIP addresses and different MAC addresses, which I surmise must be 'left over' data entries that the Famatech tool "remembers" until such time you clear its memory (which I don't know how to do and I don't think is possible to clear). So "all's well that ends well"-- ever since I changed the wireless password, I no longer have 'live' unknown IP addresses as before (all the present IP addresses and their associated MAC addresses are known to me--either my PCs or my routers/modems). The IT guy who installed this new DSLmodem must have been told by his buddy at the internet cafe to set up the DSL so that wireless can be used by outsiders, so the internet cafe guy could steal some of my bandwidth. Or perhaps there's a less cynical reason, but I don't care, so 'case closed'.

RL
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How many class-c addresses are remaining ? mchiluukuri Networking and Internet 1 Sep 29th, 04 10:36 PM
Multiple IP Addresses with Linksys Wireless B Esenthiel Networking and Internet 14 Sep 15th, 04 11:04 PM
Odd string attached to addresses. Homepage changed Kirk Networking and Internet 27 Jul 18th, 04 11:52 PM
[tip] Clear Outlook XP auto completion of addresses SwordWielder Software 3 Jul 21st, 03 11:36 AM