Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DHCP Disconnecting


  • Please log in to reply
11 replies to this topic

#1 Ruok2bu

Ruok2bu

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 20 December 2014 - 04:39 AM

Something very strange has been happening on my computer for the past few months usually when im not paying attention (eg. sleeping or playing a video game).  My DHCP lease get's released so i loose my internal ip and the internet disconnects.  I use Peerblock and everytime this has happened i see the following every few seconds:
 
Range: Jily.net
 
Source: 0.0.0.0:68
Destination: 255.255.255.255:67
 
Protocol: UDP
 
I've run virus scans and i even restored to a system image that doesn't (i think) suffer from this problem.
 
I just set my computer IP to static to see if it changes anything when it happens again (its been happening more often, around 1 to 2 times per day).
 
I've run scans with: Eset NOD32 Antivirus, Malwarebytes Anti-Malware, Super AntiSpyware and Spybot Search & Destroy and they haven't discovered anything.
 
Any idea what this is?
 
P.S. I'm also using MVPS hosts file.

Edited by Queen-Evie, 21 December 2014 - 03:50 AM.
moved from Malware Removal Logs due to absence of required logs


BC AdBot (Login to Remove)

 


m

#2 blacklabralph

blacklabralph

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 23 December 2014 - 03:07 AM

I am having the same Issue. It is happening on every computer on my network. I have wiped and reloaded one of my laptops (win8.1) - installed nothing but peerblock, and attempted to do nothing but windows updates subsequently. I have several routers. Configuration is as follows. Two dsl modems, behind two dd-wrt openVPN enabled netgear nighthawks, linked with a tplink dual wan to single lan combining router handing dhcp. Finally a Netgear wireless router in AP mode, using the TPlink dual wan combining routing device for dhcp. No matter if I connect to the DSL modems individually, the DD-WRT nighthawk OpenVPN enabled routers, or the end of the line with the TP link combining the two DD-wrt VPN enabled devices into one DHCP address range handled by the TPLINK. The same issue occurs, as described by the previous post. Seeing as Software wise, I have disconnected all devices from all network devices, and done a wipe and reload as described before, and the same issue is still occurring, I am currently stumped as well. If anyone know what this 'jily.net' garbage is im seeing on peerblock just within the past week, I would like to know, perhaps have an explanation, and breakdown of what this means for my network security. Thanks.



#3 IamERZA

IamERZA

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 23 December 2014 - 03:44 PM

I use peerblock and the same exact thing started to happen on all my computers after one of my many lists updated...one Desktop and two laptops... all were getting range: jily.net 

I got the same as you as well as source: 127.0.0.1 // destination 255.255.255.255:17500

I know ports 67 & 68 are your DHCP ports (you may be blocking them) and I got 0.0.0.0:68 as I disabled and renabled my network adapter and the PC was getting it's IP off the router, but why range=jily.net?
 


#4 bppsx

bppsx

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 26 December 2014 - 01:09 AM

This comes from the squid malicious list in my computer. For some reason one of the updates added that range in the list to be blocked, as it didn't happen before. Dropbox and torguard trigger this block in my computer. I simply whitelisted it.


Edited by bppsx, 26 December 2014 - 01:10 AM.


#5 Heero14

Heero14

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 31 December 2014 - 03:56 PM

Any new information on this jily.net?

 

My Internet hasn't been disconnecting, but my Peerblock has been blocking this jily.net for one or two weeks now. Like bppsx said, the Malicious list by Squidblacklist blocks jily.net. However, I do not have Dropbox or Torguard installed.

 

Another thing that's strange is that since other people here have reported this happening on more than one of their computers, I curiously took out my laptop that I hadn't used in a long time to see if Peerblock would block jily.net on it as well, and yes, it does. Not only does it block it, it blocks it a lot. On my PC, it blocks it maybe 6-8 times a day, but on my laptop, it blocks it like every 2 minutes!

 

If this is a program triggering this, it's one that was installed a long time ago in my case, because I haven't used my laptop in almost a year!



#6 Ruok2bu

Ruok2bu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 31 December 2014 - 06:47 PM

I found some info online that said its a internet explorer toolbar and it likely got installed when i installed something else but i haven't been able to find it on my computer.  The toolbar itself is from china and it acts like malware.


Edited by Ruok2bu, 31 December 2014 - 06:48 PM.


#7 Heero14

Heero14

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 31 December 2014 - 10:34 PM

I found some info online that said its a internet explorer toolbar and it likely got installed when i installed something else but i haven't been able to find it on my computer.  The toolbar itself is from china and it acts like malware.

 

I searched for that toolbar as well but found nothing, both on IE and Firefox. Did a virus scan and it found nothing. I also checked my processes to see if there was anything strange, but all was good. Checked the network traffic and all seemed normal. I'm also pretty sure I didn't install any toolbars; I always take my time to install things to make sure I don't install something that I don't want.

 

I also noticed that Peerblock blocks jily.net even when I'm not browsing the Web, so I looked for desktop toolbars but found nothing as well.



#8 Ruok2bu

Ruok2bu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 31 December 2014 - 10:44 PM

Just because av software doesn't detect anything doesn't mean you're clean.  Here's a case in point:

 

Around 8 years ago i downloaded an installer and saved it to my hard drive.  2 years ago my av software finally detected a trojan in it.  I dont use bad AV software either, i use one of the best; Eset NOD32.



#9 Heero14

Heero14

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 01 January 2015 - 12:07 AM

Just because av software doesn't detect anything doesn't mean you're clean.  Here's a case in point:

 

Around 8 years ago i downloaded an installer and saved it to my hard drive.  2 years ago my av software finally detected a trojan in it.  I dont use bad AV software either, i use one of the best; Eset NOD32.

 

I know that, something similar happened to me in the past. I was only saying that my AV didn't detect anything, and I also use NOD32.

 

Today, jily.net got blocked 6 times, but I started torrenting an hour ago and it's been blocking it like 14 times per minute ever since.

 

I think I have found what the addresses are: http://www.linklogger.com/UDP67_68.htm

 

I googled around and everyone was pretty much saying the same thing about these addresses. Why does the Malicious list calls it jily.net and blocks it? I don't know. Lists are wrong sometimes. It seems safe to allow it. This would also explain why this is happening on all devices connected to the network.



#10 Elbow Man

Elbow Man

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 AM

Posted 22 January 2015 - 03:11 PM

For the past four months approximately, I too was bombarded with jily.net entries in PeerBlock (Source: 0.0.0.0:68, Destination: 255.255.255.255:67).  I was getting multiple entries almost every minute.  However, this changed within the past month.  I no longer receive any jily.net entries.  Now it says "ademkingdz.zapto.org", with the same source and destination IPs as jily.net.  Perhaps this is just a name change in one of the PeerBlock lists, but I thought it was worth mentioning if it helps to troubleshoot this issue.



#11 Heero14

Heero14

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 22 January 2015 - 05:56 PM

I have also not been getting any Jily.net entries anymore but that's because it seems to have been removed from the Malicious list in an update. I don't get the ademkingdz.zapto.org entries though. Maybe it's from a list that I don't use.



#12 Elbow Man

Elbow Man

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 AM

Posted 23 January 2015 - 02:29 AM

The Malicious list has an entry named ademkingdz.zapto.org, with starting IP 0.0.0.0 and ending IP 0.0.0.0.  So, it appears to just be a name change from jily.net to ademkingdz.zapto.org.  Heero14, I'm not sure why you are not seeing ademkingdz.zapto.org in PeerBlock, since you were seeing jily.net.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users