Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tunnel Adapters - What Is It - Is It A Spy Or Hijacker


  • Please log in to reply
12 replies to this topic

#1 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:21 AM

Posted 08 December 2006 - 11:11 PM

I have a router with the ususal 192... address. Normally I'd see two adapters in ipconfig /all: ethernet and wireless. Recently I noticed presence of something really odd - 2 Tunneling things. But I'm not sure whether I saw it before or after IE7 came in.

I read these references and do not understand one word, or more specifically WHAT it is and WHY do I see it and WHO put it in and WHEN.
http://www.microsoft.com/technet/network/ipv6/default.mspx
http://www.microsoft.com/technet/network/i...ipv6config.mspx

Is this something that I installed when I was reinstalling XP?
Is it a security risk?
Should I get rid of it, and if so how?

These are the entries:

Tunnel adapter Teredo Tunneling Pseudo-Interface:

I suspect I posted this in a wrong section. Moderators, please move to an appropriat
		Connection-specific DNS Suffix  . :
		Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
		Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
		Dhcp Enabled. . . . . . . . . . . : No
		IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6
		Default Gateway . . . . . . . . . :
		NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

		Connection-specific DNS Suffix  . :
		Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

		Physical Address. . . . . . . . . :[color=#FF0000] <some new 8-character address is here>[/color]
		Dhcp Enabled. . . . . . . . . . . : No
		IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.5%2
		Default Gateway . . . . . . . . . :
		DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
											fec0:0:0:ffff::2%2
											fec0:0:0:ffff::3%2
		NetBIOS over Tcpip. . . . . . . . : Disabled

I think I posted this in the wrong section. Moderators, please move where it fits better. Thank you.

Edit:
Toredo tunneling related - a very long article which I also don't quite understand, other than it's some sort of a different protocol.
http://www.microsoft.com/technet/prodtechn...ain/teredo.mspx

Would this have anything to do with WPA enabled over wireless LAN? I don't use wireless that often really.
I just want to know how it got there and is it safe.

Edited by tos226, 09 December 2006 - 02:26 PM.


BC AdBot (Login to Remove)

 


#2 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:21 AM

Posted 10 December 2006 - 07:37 PM

According to several Microsoft articles, this thing is related to Vista. Or Longhorne server. I have neither. I use XP-Home. I have no idea why I got this. It's interfering with my LAN. See the "Developer" word below. It's IPv6 TCP/IP thing.

Ok, it started on 12/2 - as seen from the event log

Source=Tcpip6
Category=None
Type=Information
EventID=3100
User N/A
Computer=TOSHIBA
The Microsoft IPv6 Developer Edition driver was started.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

that useless links says:

Details
Event ID: 3100
Source: Tcpip6
We're sorry
There is no additional information about this issue in the Error and Event Log Messages or Knowledge Base databases at this time. You can use the links in the Support area to determine whether any additional information might be available elsewhere

According to wikipedia, http://en.wikipedia.org/wiki/IPv6, it's some sort of a new TCP/IP protocol.

#3 buddy215

buddy215

  • Moderator
  • 13,192 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:21 AM

Posted 10 December 2006 - 07:59 PM

What I got from reading the article in the link below is that you can uninstall the Advanced Network Pack using the Add/Remove list.
http://www.ipv6style.jp/en/tryout/20030929/index.shtml

Excerpt from link:
Advanced Networking Pack is provided through Microsoft’s download center and Windows Update. In Windows Update, it is provided as a module called “Advanced Networking Pack for Windows XP Service Pack 1 (817778)”
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:21 AM

Posted 10 December 2006 - 08:03 PM

2 questions:

1) Can you tell me exactly how you get to this ipconfig /all thing to see what is in there? I have a theory, but to see if there is any merit to it, I'll have to take a look at mine to see if I have the same entries.

2) By any chance did you update to IE7? The answer to that question is also related to my theory.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:21 AM

Posted 10 December 2006 - 09:54 PM

2 questions:

1) Can you tell me exactly how you get to this ipconfig /all thing to see what is in there? I have a theory, but to see if there is any merit to it, I'll have to take a look at mine to see if I have the same entries.

Orange Blossom, this ipconfig /all has got to be one of the most useful network debugging tools, so I've got it memorized:
Start > Run > type "cmd" without quotes > hit Enter > type "ipconfig /all" without quotes > press Enter.
Normally I see 2 adapters, Ethernet and Wireless with none of those tunneling things and none of the hex composite addresses, just normal IP, DHCP, DNS stuff.

2) By any chance did you update to IE7? The answer to that question is also related to my theory.art >

Yup. Didn't want it. Turned off the checkmark during review of patches, then I'm not sure what happened, but it installed. So I live with it. I managed to get the Main menu to the top so main suffering is over. I too wonder if there's connection.

I made a search on the computer for everything containing IPv6 and there's an old help file which says

Important

The IPv6 software supplied in this release contains prerelease code and is not intended for commercial use. This software is made available for research, development, and testing only and must never be used in a production environment. Microsoft is not responsible for your use of the code or for the results from your use of the code, and Microsoft does not provide any level of technical support for IPv6 in this release. Peer support is available from the microsoft.public.platformssdk.networking.ipv6 newsgroup found at msnews.microsoft.com.


And it dates from SP1. This is so confusing I want to cry. I use SP2 for the past 2 years.
So I got rid of it before I saw the link buddy215 posted (good article!). it was in the list of protocols used by LAN. Just zapped it. I retained the entries that used to be there, including the standard TCP/IP. The screen didn't even ask me are you sure. If windows needs it, I'm afraid they'll bring it back. Or I'll be back here crying some more.

Several weeks back, I've reinstalled windows completely and am up to date on all patches. So this is not the cause, especially that the first occurence of that v6 version is 12/2/06.

Edited by tos226, 10 December 2006 - 10:04 PM.


#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:21 AM

Posted 10 December 2006 - 11:54 PM

According to several Microsoft articles, this thing is related to Vista. Or Longhorne server.


In doing quite a bit of research on another issue, I frequently saw "Longhorne (Vista)" which leads me to suspect that Vista is based on Longhorne in some way.

Thanks for the info. on how to get to ipconfig. My internet connection is dial-up, so this may have an effect on what I see.

I do not have any tunneling stuff, and the only adapter that shows up is PPP. I do have an ethernet card, but I have disabled it as I do not have any broadband options out here. I also do not allow my computer to automatically connect which also may have an effect on how things show up.

I see that you have a router. By chance, do you have IP Routing Enabled? I don't, and I don't have a router.

Possibility: If the IP Routing were disabled, would the tunneling entries leave?

I have the same IPv6 help file that you do. I got 15 results when I searched for IPv6. Does this match the number you get, excluding recent document etc.? I browsed through some of the information in the help file, and from what I see it is a program designed to manually configure routing on an internet network: assigning IP addresses, tracing routes, connecting with remote computers and so forth. I certainly wouldn't have a use for it. Is this a program you have used? From the message in your event log, it appears that a driver related to it was in fact started up. I haven't seen anything resembling it in either my driver list with hidden drivers displayed or in my services list. I wonder what could have triggered it to start? Setting up the router?

especially that the first occurence of that v6 version is 12/2/06.

Hmm. Did you intend to write 2006 for the year? If so, IE7 updates could still be the culprit; however, if you intended an earlier year then obviously it couldn't be.

Oh, I just now saw buddy215's response, it must have posted while I was composing my first response, and I didn't see it when I scrolled to the bottom of the thread. From that response, the stuff came with SP1. I wonder: did the updates trigger something?

My guess would be that unless you are in charge of an internet set-up you wouldn't need IPv6. IPv4 was the previous version. Would this IPv6 STILL be in beta after all this time? How odd.

One wonders if the activity of the IPv6 responsible is for the appearance of the tunneling stuff you saw.

One last thing: You can find out it IPv6 is actually installed by typing ipv6 in the command window (same place where you had me type in ipconfig /all). If it doesn't show up, it's not installed.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 10 December 2006 - 11:56 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:21 AM

Posted 11 December 2006 - 11:23 PM

Orange Blossom,
At least we're learning tons of new things aren't we?

To answer few of your hints, and I thank you for them, of course:

1. No, I do not have "routing enabled", no need, no idea what it is anyway :thumbsup:

2. I doubt setting up the router has anything to do with it, since I've had this router for ages, and even after the installation of XP from scratch it all took care of itself nicely, I had nothing to do other than retype the WPA key for the wireless section and telling Windows the router's address.

3. IPv6 is legit, and in fact it appears that it is in use. Linksys router doesn't support it. I've learned that on the Hyperwrt.org site today. It's a protocol that likely will be in use more commonly later. Some different way of packaging the packets :flowers:

4. Tunneling IS a feature of this protocol, that's what it's supposed to do.

5. But how or why I suddenly got it in the list of TCP/IP protocols is beyond me. I suspect it came in with the original SP1 installation (as development/beta), and then did not get overwritten by subsequent migration to SP2 and the patches. But it sat quiet all the time, till it suddenly came into action.

6. Yes, I intended 2006 for the year. It started Dec.12,2006, and IE7 came in a week before.

I consider the subject closed at this point, unless it returns all by itself again.

Since you have dialup, if you would you like to see examples of ipconfig outputs for PPP via DSL, DSL with a router, and then FIOS, I can post them. It's off-topic in a way, but will show you what I'm talking about when I see a difference. It's good stuff to know when you're setting up a firewall. Most useful - to diagnose and fix network connection troubles.

Cool signature!

Edited by tos226, 11 December 2006 - 11:25 PM.


#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:21 AM

Posted 13 December 2006 - 12:39 AM

I read in the help file that v6 came out because folks were running out of IP addresses to assign. I haven't a clue as to why it would have activated on your computer unless you are assigning IP addresses, following where data packets are going, or something else involving network control.

What on earth is FIOS? Freshly incinerated oak stumps is all I can think of :flowers: And yes, I'd be interested in seeing the IP config. for PPP via DSL and DSL with a router. Eventually DSL will come out here, and when it does, I'm getting it. I suspect it will be a few years down the road yet though.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:21 AM

Posted 13 December 2006 - 04:49 PM

FIOS or FiOS is fiberoptic system. Verizon is stringing up lots of East Coast places. They do it for the Internet and TV and possibly other things. Great connection, great speed, no bottlenecks (yet) like people get on cable. No need for a any modem, you just plug the ethernet cable into the wall. Easier on the user - instead of having to configure two boxes, you do just one.

A really nice description and photographs are here http://www.bricklin.com/fiosinstall.htm

A jump from a standard phone modem to DSL is a huge one in terms of performace. Next step to FiOS is, surprisingly, not as huge in reality. Oh, it works great, web pages load fast, most Microsoft downloads take seconds, not minutes, but most of the servers out there are bogged down anyway, so DSL matches the reality better. Good luck in getting it!

ipconfig samples will follow later, I have to collect them out of some logs here and there.

Edited by tos226, 13 December 2006 - 04:56 PM.


#10 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:21 AM

Posted 14 December 2006 - 05:01 PM

Collection of few examples I have:

Usually Linksys routers address is 192.168.1.1, DLink address is 192,168.0.1, others similar.

IP addresses that begin with 10, 169 and 198 are "black hole" type of things.
DNS server IP addresses depend on the ISP provider and the geographical location, and change over time.

Windows XP network setup needs to know the router address, obtains IP automatically, DHCP should be enabled.
The following are examples, somewhat out of context since the setup in Windows isn't included, so I don't know how useful this sort of a list might be.

Google or use Wikipedia for exact definitions of the entries. If anyone wants to annotate these ipconfig captures, please go ahead

(1) DSL modem example
PPP adapter Verizon Online:
		Connection-specific DNS Suffix  . : 
		Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
		Physical Address. . . . . . . . . : <MAC address of the box xx-xx-xx-xx-xx-xx>
		Dhcp Enabled. . . . . . . . . . . : No
		IP Address. . . . . . . . . . . . : 141.151.70.205
		Subnet Mask . . . . . . . . . . . : 255.255.255.255
		Default Gateway . . . . . . . . . : 141.151.70.205
		DNS Servers . . . . . . . . . . . : 71.242.0.12
											151.204.0.84
=====================================================================
(2) DSL modem and Linksys router. Example of incomplete connection due to not yet setup in Windows
Windows IP Configuration
		Host Name . . . . . . . . . . . . : <computer name>
		Primary Dns Suffix  . . . . . . . : 
		Node Type . . . . . . . . . . . . : Hybrid
		IP Routing Enabled. . . . . . . . : No
		WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
		Connection-specific DNS Suffix  . : 
		Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
		Physical Address. . . . . . . . . : <MAC address of NIC xx-xx-xx-xx-xx-xx>
		Dhcp Enabled. . . . . . . . . . . : Yes
		Autoconfiguration Enabled . . . . : Yes
		Autoconfiguration IP Address. . . : 169.254.13.109 <-- FAILED connection
		Subnet Mask . . . . . . . . . . . : 255.255.0.0
		Default Gateway . . . . . . . . . : 
=====================================================================
(3) DSL modem + Linksys router. This shows one type of proper setup
Windows IP Configuration
		Host Name . . . . . . . . . . . . : <computer name>
		Primary Dns Suffix  . . . . . . . : 
		Node Type . . . . . . . . . . . . : Hybrid
		IP Routing Enabled. . . . . . . . : No
		WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
		Connection-specific DNS Suffix  . : 
		Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
		Physical Address. . . . . . . . . : <MAC address of NIC xx-xx-xx-xx-xx-xx>
		Dhcp Enabled. . . . . . . . . . . : Yes
		Autoconfiguration Enabled . . . . : Yes
		IP Address. . . . . . . . . . . . : 192.168.1.100	<- assigned by router
		Subnet Mask . . . . . . . . . . . : 255.255.255.0
		Default Gateway . . . . . . . . . : 192.168.1.1		<- router is the gateway
		DHCP Server . . . . . . . . . . . : 192.168.1.1
		DNS Servers . . . . . . . . . . . : 71.242.0.12		<- 2 ISP's DNS servers
											151.204.0.84
		Lease Obtained. . . . . . . . . . : <from date>
		Lease Expires . . . . . . . . . . : <to date>
=====================================================================
(4) DSL or FIOS setup with Linksys router taking care of DNS servers 
Windows 2000 IP Configuration
		Host Name . . . . . . . . . . . . : <computer name>
		Primary DNS Suffix  . . . . . . . :
		Node Type . . . . . . . . . . . . : Hybrid <- might be Unknown
		IP Routing Enabled. . . . . . . . : No
		WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
		Connection-specific DNS Suffix  . :
		Description . . . . . . . . . . . : Intel(R) PRO/100+ MiniPCI
		Physical Address. . . . . . . . . : <LAN adapter MAC address>
		DHCP Enabled. . . . . . . . . . . : Yes
		Autoconfiguration Enabled . . . . : Yes
		IP Address. . . . . . . . . . . . : 192.168.1.149
		Subnet Mask . . . . . . . . . . . : 255.255.255.0
		Default Gateway . . . . . . . . . : 192.168.1.1
		DHCP Server . . . . . . . . . . . : 192.168.1.1
		DNS Servers . . . . . . . . . . . : 192.168.1.1
		Lease Obtained. . . . . . . . . . : <from date>
		Lease Expires . . . . . . . . . . : <to date>  
=====================================================================
(5)  Example while being part of some domain
Windows 98 IP Configuration
	Host Name . . . . . . . . . : <computer name and domain>
	DNS Servers . . . . . . . . : 10.229.212.101
								  10.230.100.200
	Node Type . . . . . . . . . : Hybrid
	NetBIOS Scope ID. . . . . . : 
	IP Routing Enabled. . . . . : Yes
	WINS Proxy Enabled. . . . . : No
	NetBIOS Resolution Uses DNS : No
2 Ethernet adapter :
	Description . . . . . . . . : FE574B-3Com Megahertz 10/100 LAN PCCard
	Physical Address. . . . . . : <MAC address of LAN card xx-xx-xx-xx-xx-xx>
	DHCP Enabled. . . . . . . . : Yes
	IP Address. . . . . . . . . : 10.229.12.8
	Subnet Mask . . . . . . . . : 255.255.255.0
	Default Gateway . . . . . . : 10.229.12.254
	DHCP Server . . . . . . . . : 10.229.212.101
	Primary WINS Server . . . . : 10.229.204.1
	Secondary WINS Server . . . : 10.229.204.2
	Lease Obtained. . . . . . . : <from date>
	Lease Expires . . . . . . . : <to date>
===================================================================


#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:21 AM

Posted 17 December 2006 - 03:58 PM

thanks tos226

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#12 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:21 AM

Posted 17 December 2006 - 09:42 PM

You're very welcome, Orange Blossom :thumbsup:

#13 JuinorEck

JuinorEck

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 06 February 2018 - 11:37 PM

@tos226 & @Orange Blossom,I wanted to know what it was to, actually before I even did it I turned my IPv6 off, and prior to that I turned off stuff for Microsoft... my problem was a hacker but not now anymore I took care of that bleep!... and I saved this one because you two were talking back and forth and I got more out of just the two of you talking than anywhere I've ever searched on the web for anything, I thought I was hella cool... thanks for the four one one if you're still having that problem you can turn it off you can also disable it or uninstall it but like I said I had a hacker who had already had stuff in there to reconfigure it anyways thank you guys very much...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users