Infected Sat TV / CCTV boxes?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Infected Sat TV / CCTV boxes?
Infected Sat TV / CCTV boxes?
05-12-2014 8:55 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
2014/12/03 19:31:07
IN=ppp0 OUT= MAC= SRC=80.189.their.ip DST=80.189.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=60 ID=39062 DF PROTO=TCP SPT=34976 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
2014/12/05 19:37:57
IN=ppp0 OUT= MAC= SRC=146.199.their.ip DST=146.199.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=59 ID=62927 DF PROTO=TCP SPT=60583 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
They appear to be some sort of Satellite TV (or possibly CCTV) boxes, which are wide open, and have been found and infected with malware that's part of some IRC controlled botnet.
Re: Infected Sat TV / CCTV boxes?
05-12-2014 9:22 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Last time I could be bothered to log anything, there were others, but these were the worst culprits -
<redacted>
I've even asked Plusnet to have a word with the account holders, but as far as I know nothing was done about it.
jim:red Personal information removed in accordance with this Forum Rule mod:end
Re: Infected Sat TV / CCTV boxes?
05-12-2014 9:31 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Infected Sat TV / CCTV boxes?
05-12-2014 9:38 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Infected Sat TV / CCTV boxes?
05-12-2014 9:47 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Perhaps if the full IPs were known, then Plusnet might help by taking a look at their traffic and perhaps having a quiet word !.
Re: Infected Sat TV / CCTV boxes?
05-12-2014 9:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Infected Sat TV / CCTV boxes?
08-12-2014 11:32 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote SRC=80.189.their.ip DST=80.189.my.ip/quote]
Quote SRC=146.199.their.ip DST=146.199.my.ip
Are the other entries the same, in the the source IP is always from the same range as the destination?
Re: Infected Sat TV / CCTV boxes?
08-12-2014 12:35 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Is there a preferred way to report things like this? e.g. ticket, abuse@plus.net, or just not bother based on the reaction I got for not posting other people's IP addresses to the public forum.
Re: Infected Sat TV / CCTV boxes?
08-12-2014 12:38 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Infected Sat TV / CCTV boxes?
08-12-2014 12:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Infected Sat TV / CCTV boxes?
08-12-2014 7:46 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Infected Sat TV / CCTV boxes?
09-12-2014 1:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: ejs ............., or just not bother based on the reaction I got for not posting other people's IP addresses to the public forum.
What on earth are you on about? This forum, and other fora elsewhere on the internet are full of modem/router logs showing a variety of IP addresses trying to make unsolicited connections to the then user's IP address. For example here is a sample of mine from earlier in the year - because I'm on a dynamic IP address, I have no need to redact the Dst Ip: from back in March, as I'm no longer on it.
<84> Mar 12 23:08:45 IDS proto parser : tcp null port (1 of 1) : 123.151.42.61 87.112.136.26 40
41 TCP 12206->0 [S.....] seq 1741428515 ack 0 win 8192
<81> Mar 13 01:32:51 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 61.234.109.246 Dst ip: 87
.112.136.26 Type: Time Exceeded Code: Time to Live exceeded in Transit
<81> Mar 13 03:28:55 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 202.39.218.14 Dst ip: 87.
112.136.26 Type: Destination Unreachable Code: Communication with Destination Host is Administrative
ly Prohibited
<81> Mar 13 03:32:31 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 211.178.52.60 Dst ip: 87.
112.136.26 Type: Destination Unreachable Code: Port Unreacheable
<81> Mar 13 07:52:59 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 129.44.137.232 Dst ip: 87
.112.136.26 Type: Destination Unreachable Code: Port Unreacheable
<81> Mar 13 08:50:38 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 67.51.197.18 Dst ip: 87.1
12.136.26 Type: Destination Unreachable Code: Port Unreacheable
<81> Mar 13 08:52:56 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 75.139.241.82 Dst ip: 87.
112.136.26 Type: Destination Unreachable Code: Port Unreacheable
<81> Mar 13 10:39:28 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 222.140.55.133 Dst ip: 87
.112.136.26 Type: Destination Unreachable Code: Port Unreacheable
<81> Mar 13 13:33:49 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 14.43.166.154 Dst ip: 87.
112.136.26 Type: Destination Unreachable Code: Port Unreacheable
<81> Mar 13 14:27:00 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 61.234.109.246 Dst ip: 87
.112.136.26 Type: Time Exceeded Code: Time to Live exceeded in Transit
<81> Mar 13 15:03:33 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 201.199.39.66 Dst ip: 87.
112.136.26 Type: Destination Unreachable Code: Port Unreacheable
<81> Mar 13 15:17:22 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 218.166.218.126 Dst ip: 8
7.112.136.26 Type: Destination Unreachable Code: Port Unreacheable
<81> Mar 13 15:43:25 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 210.48.107.30 Dst ip: 87.
112.136.26 Type: Time Exceeded Code: Time to Live exceeded in Transit
Would you like to pick any of them at random and hack into them
@Oldjim
Regarding reply #1, can you please explain exactly what is "Personal" about information that's available in the Public Domain?
Re: Infected Sat TV / CCTV boxes?
09-12-2014 7:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Infected Sat TV / CCTV boxes?
09-12-2014 7:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Infected Sat TV / CCTV boxes?
09-12-2014 8:36 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Anotherone Rubbish. So you can just pick a random IP address and hack into it eh?
From a list of two IP addresses? What's your point?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Infected Sat TV / CCTV boxes?