Weird goings on with my internet connection
- spitthedog
- Is the World Outside still there ?
- Reactions: 124
- Posts: 5721
- Joined: Mon Feb 17, 2014 10:19 pm
Weird goings on with my internet connection
My girlfriend was browsing the web last night and clicked my Google home page, only to get the ''Untrusted site'' page. I then went to yahoo.com and clicked on the youtube link only to be taken to some iranian website. Fugging hell, i thought, have the Jihadist's taken over SHV? Very strange as i also use a virtualization software which should remove most nasties on a restart.
Clicked on another websearch link and it took me to a totally different website.
Did an AV scan - all clean. Did an MBAR scan - all clean.
I checked my connection info and it said ''Unidentified Network''. It's now back to my normal connection name with everything working fine.
Any ideas?
Clicked on another websearch link and it took me to a totally different website.
Did an AV scan - all clean. Did an MBAR scan - all clean.
I checked my connection info and it said ''Unidentified Network''. It's now back to my normal connection name with everything working fine.
Any ideas?
"I don't care what the people are thinking, i ain't drunk i'm just drinking"
-
- I have Cheap Mobile Internet
- Reactions: 0
- Posts: 410
- Joined: Sun Dec 25, 2011 7:54 am
- Location: PP
From your post I infer you use a Windows box. Your description looks like a DNS / routing f*ckup (either by error or malicious intent).
It could be your provider screwing up, your router/AP getting 0wned or your end-point (the Windows box) getting 0wned.
- Which internet provider?
- Wired or wireless? / Did you test both options?
- Did you have the same problem with other clients in the same network? (e.g. mobile phone, other pc)
If yes: keep an eye on your router/AP, throw the brand+model number in Google together with "exploits" or "vulnerabilities". See if anything surfaces that matches the firmware version (often displayed somewhere on the main page when you login to the device or under status).
If in doubt reboot it (malware will not survive this unless it installed a modified firmware (highly unlikely)) and try a firmware update if a newer version is available.
Good luck
It could be your provider screwing up, your router/AP getting 0wned or your end-point (the Windows box) getting 0wned.
- Which internet provider?
- Wired or wireless? / Did you test both options?
- Did you have the same problem with other clients in the same network? (e.g. mobile phone, other pc)
If yes: keep an eye on your router/AP, throw the brand+model number in Google together with "exploits" or "vulnerabilities". See if anything surfaces that matches the firmware version (often displayed somewhere on the main page when you login to the device or under status).
If in doubt reboot it (malware will not survive this unless it installed a modified firmware (highly unlikely)) and try a firmware update if a newer version is available.
Good luck
- spitthedog
- Is the World Outside still there ?
- Reactions: 124
- Posts: 5721
- Joined: Mon Feb 17, 2014 10:19 pm
Bit late getting back to this thread so cheers for that Kiiniaew.
Yes W7. Haven't had the problem since with this wireless.
There's 2 routers in the place i'm staying. Since they put the 2nd router in i quite often have to turn off both routers to get a wireless connection.
Had one of those ''Another computer on this network has the same IP address as this computer'' pop ups today though.
If i log in to something important will turning the routers on and off beforehand kill any nasties in the router then?
Cheers
Yes W7. Haven't had the problem since with this wireless.
There's 2 routers in the place i'm staying. Since they put the 2nd router in i quite often have to turn off both routers to get a wireless connection.
Had one of those ''Another computer on this network has the same IP address as this computer'' pop ups today though.
If i log in to something important will turning the routers on and off beforehand kill any nasties in the router then?
Cheers
"I don't care what the people are thinking, i ain't drunk i'm just drinking"
This one ".... clicked my Google home page, only to get the ''Untrusted site'' page" implies, you are targeted with a so-called Man-in-the-middle-attack.
That might be unknown proxy software on your own PC, in the router, the ISP itself or -if you are high profile- even the NSA chasing after the content in your secure connections.
Mostly, it might be the ISP, trying to inject ad-content in your pages.
What is exactly wrong, is difficult to say from a distant.
If you have from your PC a choice between more ISP's, then that would be the first thing to check out on. You may even have a mobile phone, you can use for tethering (ie let the mobile phone act as a wireless router for your PC).
Other options would be to replace the wireless router with another new one from another brand.
You could file a complain at the ISP, though I have my doubts if they would understand your problem.
Having notices about duplicate IP addresses on your network more or less signals (without being that), the MAC address of your computer is changing/being-changed.
BUT: Be aware, your secure encrypted (and of course also the non-encrypted) connections are being eavesdropped, which implies that everything you do through your PC is vulnerable to attacks. So don't do banking, credit card, bookings, etc through your PC. Checking email is not advisable either, since intruders can often find subsequent passwords, etc.
That might be unknown proxy software on your own PC, in the router, the ISP itself or -if you are high profile- even the NSA chasing after the content in your secure connections.
Mostly, it might be the ISP, trying to inject ad-content in your pages.
What is exactly wrong, is difficult to say from a distant.
If you have from your PC a choice between more ISP's, then that would be the first thing to check out on. You may even have a mobile phone, you can use for tethering (ie let the mobile phone act as a wireless router for your PC).
Other options would be to replace the wireless router with another new one from another brand.
You could file a complain at the ISP, though I have my doubts if they would understand your problem.
Having notices about duplicate IP addresses on your network more or less signals (without being that), the MAC address of your computer is changing/being-changed.
BUT: Be aware, your secure encrypted (and of course also the non-encrypted) connections are being eavesdropped, which implies that everything you do through your PC is vulnerable to attacks. So don't do banking, credit card, bookings, etc through your PC. Checking email is not advisable either, since intruders can often find subsequent passwords, etc.
Given the description, I assume, only one computer on the network .....Gin&Tonic wrote:Are you running DHCP on both?spitthedog wrote: Had one of those ''Another computer on this network has the same IP address as this computer'' pop ups today though.
- spitthedog
- Is the World Outside still there ?
- Reactions: 124
- Posts: 5721
- Joined: Mon Feb 17, 2014 10:19 pm
If its basically a hack of the local DNS would changing to the free ''secure DNS'' of my Anti-virus software prevent this?
Cheers
Cheers
"I don't care what the people are thinking, i ain't drunk i'm just drinking"
- spitthedog
- Is the World Outside still there ?
- Reactions: 124
- Posts: 5721
- Joined: Mon Feb 17, 2014 10:19 pm
Cheers.
Just noticed i have 156-154-70-22 primary & 156-154-71-22 secondary on Internet Protocol Version 4, and ''Obtain DNS server address automatically'' on ''Internet Protocol Version 6'' as my DNS.
The 156-154-71-22 seem to be the old comodo DNS's from my AV.
I wonder if that is something to do with the problem?
Just noticed i have 156-154-70-22 primary & 156-154-71-22 secondary on Internet Protocol Version 4, and ''Obtain DNS server address automatically'' on ''Internet Protocol Version 6'' as my DNS.
The 156-154-71-22 seem to be the old comodo DNS's from my AV.
I wonder if that is something to do with the problem?
"I don't care what the people are thinking, i ain't drunk i'm just drinking"
Two DNS numbers like that is not strange, though you could replace them with googles ones (if you appreciate google knows where you go, otherwise use for example 208.67.222.222 & 208.67.220.220).spitthedog wrote:Cheers.
Just noticed i have 156-154-70-22 primary & 156-154-71-22 secondary on Internet Protocol Version 4, and ''Obtain DNS server address automatically'' on ''Internet Protocol Version 6'' as my DNS.
The 156-154-71-22 seem to be the old comodo DNS's from my AV.
I wonder if that is something to do with the problem?
Turn the IPv6 protocol off, the chance you need it the upcoming years is pretty low.
Regular Man-in-the-middle attacks don't go through the DNS, it's a real MitM positioned.
The 2 DNS numbers should not give you the duplicate IP warnings, neither will MitM attacks do.
You may want to check, if your PC is using DHCP and the wireless router does have the DHCP server turned off. Could be the PC DHCP is passed on up the ISP link and then both your PC and your wireless might end up with the same IP (on different MAC addresses), which is not working that good.
Another thing might be, your PC is fixed IP and by incident the same fixed IP number (usually something like 192.168.2.1 or so) as the wireless LAN side. That'll give you duplicate IP number messages to.
Good luck
- spitthedog
- Is the World Outside still there ?
- Reactions: 124
- Posts: 5721
- Joined: Mon Feb 17, 2014 10:19 pm
Thanks people. Think i'll change my DNS to Google then. I noticed this from Google ;
''Before you change your DNS settings to use Google Public DNS, be sure to write down the current server addresses or settings on a piece of paper. It is very important that you keep these numbers for backup purposes, in case you need to revert to them at any time''
Dumb question - When they say ''current server addresses'', does that mean my current Comodo DNS numbers that i wrote above - ''Just noticed i have 156-154-70-22 primary & 156-154-71-22 secondary on Internet Protocol Version 4, and ''Obtain DNS server address automatically'' on ''Internet Protocol Version 6'' as my DNS''
or something else?? What do the mean by current server addresses?
I've been happy with Comodo AV as its proactive and has HIPS, but they seem abit vague on the forums about which of their DNS servers is the most secure of the two sets of numbers.
Also found this ;
http://www.wilderssecurity.com/threads/ ... am.372515/
''Before you change your DNS settings to use Google Public DNS, be sure to write down the current server addresses or settings on a piece of paper. It is very important that you keep these numbers for backup purposes, in case you need to revert to them at any time''
Dumb question - When they say ''current server addresses'', does that mean my current Comodo DNS numbers that i wrote above - ''Just noticed i have 156-154-70-22 primary & 156-154-71-22 secondary on Internet Protocol Version 4, and ''Obtain DNS server address automatically'' on ''Internet Protocol Version 6'' as my DNS''
or something else?? What do the mean by current server addresses?
I've been happy with Comodo AV as its proactive and has HIPS, but they seem abit vague on the forums about which of their DNS servers is the most secure of the two sets of numbers.
Also found this ;
http://www.wilderssecurity.com/threads/ ... am.372515/
"I don't care what the people are thinking, i ain't drunk i'm just drinking"
-
- Similar Topics
- Replies
- Views
- Last post
-
- 1 Replies
- 751 Views
-
Last post by ricecakes
Mon Mar 01, 2021 7:50 am
-
-
Online scams and the Cambodian connection
by Happydragon1234 » Wed Jan 10, 2024 7:52 am » in Cambodia Speakeasy - 0 Replies
- 433 Views
-
Last post by Happydragon1234
Wed Jan 10, 2024 7:52 am
-
-
- 1 Replies
- 1238 Views
-
Last post by Phuket2006
Mon Feb 10, 2020 3:04 pm
-
- 38 Replies
- 7683 Views
-
Last post by dv8inpp
Fri Aug 05, 2022 10:33 pm
-
-
Why has internet access been sucking lately?
by Miguelito » Thu Jun 17, 2021 7:02 am » in Cambodia Speakeasy - 5 Replies
- 1284 Views
-
Last post by frigidaire
Thu Jun 17, 2021 1:32 pm
-