Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible Man In The Middle Network Attack in Windows 7 SP1?

  • Please log in to reply
1 reply to this topic

#1 fritzupped


  • Members
  • 3 posts
  • Local time:08:46 PM

Posted 16 January 2014 - 09:36 PM

Trouble I think. Windows 7 Ultimate Service Pack 1 (x64) with all recommended and critical updates applied. I regularly run Malwarebytes Pro and Bitdefender 2014 is on 24x7.
Please notice the "badguy.ipaddress.in.dot.notation. IP is on another continent in a country famous for bad guy hackers, great beer and starting world wars. The IP address does not reverse to a name. The "route print" command does NOT show this added route.
The address is explained here. I have a static IP address though a DCHP server is running on my router/firewall. (DD-WRT v24-sp2).
Is my outgoing traffic being redirected to the bad guys IP address and I have a "man in the middle"? How can I remove the added route. I DO NOT have a known good system checkpoint. Is this an attack and should I do a scratch re-install? I am also running NetBalancer.
Relevant portion of MiniToolBox.exe's Result.txt follows:
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
set global icmpredirects=enabled sourceroutingbehavior=drop
add route prefix= interface="iftype0_0" nexthop=badguy.ipaddress.in.dot.notation  metric=1 publish=Yes
add route prefix= interface="iftype0_0" nexthop=192.168.???.??? metric=1 publish=Yes
add route prefix= interface="Local Area Connection 2" nexthop= publish=Yes
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled metric=4 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Local Area Connection* 6-QoS Packet Scheduler-0000" address= mask=
add address name="Local Area Connection* 9-QoS Packet Scheduler-0000" address= mask=
add address name="Local Area Connection 2" address= mask=
# End of IPv4 configuration
Thanks for any help.

BC AdBot (Login to Remove)


#2 fritzupped

  • Topic Starter

  • Members
  • 3 posts
  • Local time:08:46 PM

Posted 16 January 2014 - 09:52 PM

Not a Man In the Middle Attack but an old VPN that was setup. Please ignore.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users