Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Networking issue with unauthorized dmz/sql server


  • Please log in to reply
15 replies to this topic

#1 dfred2300

dfred2300

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 13 October 2017 - 12:12 PM

Hi guys, I have had an issue with networking for a long time now, I just realized the other day that my computer was set to an organization I dont have admin over it, the hacker does. And the dhcp is not set to my router. Its 192.168.2.* or something and 192.168.0.1 instead of 192.168.1.1. I realized how need to change dhcp.txt. How do I go about doing that and making sure my computer is not part of a domain or group / active directory or any organization. Also on my editionID in regard it local machine under windows nt current control set the buildGUID is fffffff-ffff-ffff-fffff-fffffff like 24 fs. And there is 3 adapters and connections I never setup. They are 6to4 tunnel, terror whch is nat traversal correct? And isatap. I have the windows server ip I am connecting to instead of my router which should be the dns server. Also I just fixed this it was in csm mode and loading win 8.1 under defaultuser0 I just setup secure boot in user mode. But regardless I am part of an organization I never joined or knew about till recently but it always would say my organization restricts this and its a personal pc. And then seeing the dmz and sql client. Akamai server client has installed something on my pc that I remove web client interface it was called. And all my certificates are messed up I have to set them up since every time I format it goes to disable auto root. Crrtificates. Oh and in the current versi n windows nt it says 6.3 and from what I read that stands for windows 8.1 and I am running win 10 pro. Can someone please help me set up my network to complete default and rid these people using the 224 and 239 protocol and rtsp to host my machine.

Thanks

I have a win10 pro and a Mac fyi. And the Bluetooth is hidden on my windows pc, the updates never update and are being used for the other active user.

Also far bar tool keeps on removing google dns which I never input into my pc. Someone is messing with it for sure.
 


Edited by hamluis, 13 October 2017 - 12:33 PM.
Merged posts, moved from Networking to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 13 October 2017 - 02:54 PM

Please post the results of a ipconfig /all for review as well as the following:

 

make and model of router/modem

results of the ver command via a command prompt

 

What makes you think you need to change dhcp.txt?

What other "active" user?

 

Can you explain what you mean by dmz and sql client?

 

FYI 6to4 and isatap are normal



#3 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 13 October 2017 - 03:37 PM

 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Killer E2200 Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 44-8A-5B-CD-1C-E6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.251(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, October 13, 2017 1:21:40 PM
   Lease Expires . . . . . . . . . . : Friday, October 13, 2017 1:35:34 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3cea:c5c:bfe1:afbd%6(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 150994944
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-71-E8-85-44-8A-5B-CD-1C-E6
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{EF8B0709-8720-41E2-B1BE-E988DBD6D276}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
 
And sometimes itll say 192.168.0.1 or 192.168.2.257 for the default gateway/dhcpserver i froget which one. I just set did a few commands, and defaultuser0 is on my cpu, there is a defaultuser on every pc, but trust me, it is remotely hacfked, i do not have admin on any of my pc's or electronics. My computer was setup to port forwarding to 192.168.0.1 and still  is, i cant remove it. i don't want port forwarding, and the sql server is always running, i hack a bunch of networking tools, there are ports open everywhere, different host ip addresses hosting my computer, and none of its normal. 


#4 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 13 October 2017 - 03:39 PM

my wan ip is my lan ip too, every single device has the exact same ip the wan ip, i know what my ip should be, but there isn't any lan to wan, its all static setup even tho it says its not, my ip never changes. and i have it set to every 120 seconds 



#5 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 13 October 2017 - 03:45 PM

I have asus rt3100 i believe and an arris modem



#6 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 13 October 2017 - 04:01 PM

There is no where for me to upload anything on this website, absolutely no attatch button anywhere but i hav edone it before.

 

 

 

Ill type it.

 

Microsoft windows

Version 1607 (OS Build 14393.1770)

C 2016 Microsoft Corporation ALl Rights Reserved.

The windows 10 pro operating systme and its user interface are protected by trademark and other poending or existing intellectual property rights in the united states and other coun tries/regiones

 

 

This product is licensed under the microswoft software license terms to:  Windows User



#7 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 14 October 2017 - 12:07 PM

"my wan ip is my lan ip too, every single device has the exact same ip the wan ip"

 

this is normal.  Why do you think this is a problem?

 

" i have it set to every 120 seconds "

 

what do you have set for 120 seconds?  dhcp in the router?

 

" Lease Obtained. . . . . . . . . . : Friday, October 13, 2017 1:21:40 PM

   Lease Expires . . . . . . . . . . : Friday, October 13, 2017 1:35:34 PM"
 
shows you have it set for 14 minutes which is a misconfiguration of dhcp.  It means you are generating a lot of traffic due to the dhcp renewal process which starts, for you, at 7 minutes.
that should be set for 24 hours minimum or longer in a home environment.
 
"My computer was setup to port forwarding to 192.168.0.1"  
 
Where are you seeing this?  

 

Your version is windows 10 not version 8

https://support.microsoft.com/en-us/help/4041691/windows-10-update-kb4041691

 

Do a tracert yahoo.com via a command prompt and paste the results into a post here.  We are looking for other private ips like 192.168.0.0/24

Can you login to your router?  Have you changed the admin login password recently to something only you know and is complex like MyD0g1s$mar! ?

If the router also supports wifi do you have it set to WPA2 and also a complex passphrase?


Edited by Wand3r3r, 14 October 2017 - 12:11 PM.


#8 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 16 October 2017 - 07:36 PM

dfred2300 you still there?



#9 Hacked2theByte

Hacked2theByte

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 19 October 2017 - 12:33 AM

This is exactly what most of us a dealing with, maybe admins can make a special thread, ive spoke with about 10 ppl here all same issues, some further in the investigation than others. Ive been at it for 3 months now, nearing either the peak or precipice not sure which...Not sure ppl or admins realize the gravity of this hack, or level of sophistication. Ive seen it on nearly every device in past 3 months.

#10 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 04 November 2017 - 09:17 AM

Hey yes I am, sorry. I have been so focused on this, but I do have a lot of information on this entire situation and what and how it is happening.  akamai net client interface and amazonaws.com or more over s3-1.amazonaws.com DNS is injecting SQL to just script windows to how ever they want it to run, I will install windows without internet even plugged in every thing off in my house and i get joined to an azure ad organization that controls all of my devices. 



#11 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 04 November 2017 - 09:18 AM

everytime i try and download even just drivers like i just tried i get redirected to a248.e.akamaized.net which is not safe, and i have had to uninstall their net interface client disguised as trend micros rootkitbuster a couple times.  malwarebytes sql service emailed me, it was a scam just to inject sql into my pc. it didnt work but provided the hackers a layer to use that i couldnt 



#12 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 04 November 2017 - 09:20 AM

all day long i get scam phone calls from all over the country especially when i am on my pc trying to fix this, but any help would be great, its definitley a hack, and its very hard to pick up on.  all my pc's do not run locally i am the interactive user on my own pc somehow it makes no sense. i am physically sitting in front of it but it says i logged in interactively



#13 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 04 November 2017 - 09:21 AM

even routers, the nighthawk router and a cheap router setups are the exact same lol there isnt any additional features for a r700 and a 50 dollar netgear router



#14 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 04 November 2017 - 09:42 AM

One thing my subnet mask is being changed, and subvertting the router.  Creating a host for my windows, and all the certificates are changed to server authentication only. 255.255.0.0 is what my subnet mask is changed to when it is supposed to be 255.255.255.0 like on my router, but windows using an entire different config because like i said i am connected to a "Server" of sorts and all my internet on my pc is hosted by an external remote pc that uses akamai web services. i have the dns names akadns1.net akadns2.net akadns3.net and up to 6, also cloudfront.com cloudflare and amazonaws.com are among others.  the windows store, any antivirus program including malwarebytes, and all the notifications sent to my pc are all fake and run thru the hacked host. all the windows apps are hacked, zune music groove music windows store, they are all public apps, and thus hosted by the hackers



#15 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 04 November 2017 - 09:45 AM

even my apple products everything is downloaded from sites to look like apple or dns names. itunes.apple.com.akadns or something of the sort its not just apple.com dns and even their website on my own iphone says it isnt safe lol






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users