MozillaZine

(complications un-solved) Where's Wiredo - help?

Discuss various technical topics not related to Mozilla.
Grumpus

User avatar
 
Posts: 12040
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted November 19th, 2016, 6:02 am

I cannot find the wireless provider which manages/allocates 192.168.3.0/24 subnet.
Individual ip numbers return a private address and no network affiliation.
some info:
NetType: Early Registrations, Maintained by ARIN
RegDate: 1993-05-01
Updated: 2010-06-30

OrgTechHandle: CKN23-ARIN
OrgTechName: No, Contact Known
OrgTechPhone: +1-800-555-1234 <---baloney phone number.
OrgTechEmail: removed email address
OrgTechRef: http://whois.arin.net/rest/poc/CKN23-ARIN <---no help at this link.

Whomever is working this subnet seems to like to interfere with downloads, and try and force you back to your wireless company's set-up page, possibly to milk information on your connection during a bogus setup. Jams up any true data transfer and interferes with package updates.
Last edited by Grumpus on December 7th, 2016, 5:19 am, edited 2 times in total.

trolly
Moderator

User avatar
 
Posts: 39899
Joined: August 22nd, 2005, 7:25 am

Post Posted November 19th, 2016, 10:44 am

Err, 192.168.x.x is used for local subnets. The system with that address is most likely in your own private network.

https://en.wikipedia.org/wiki/Private_n ... ess_spaces
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.

Grumpus

User avatar
 
Posts: 12040
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted November 19th, 2016, 1:41 pm

I really searched to figure out what is going on before posting, this has been going on for a couple of months now.
I saw the wiki and some other sites with explanations but appreciate the response.
I'd like to think that it's something gone awry with my system but it looks more like an air gap intrusion.
The system network has two IP numbers aside from the usual loop. What this is something else entirely.
It appears to be from somewhere besides anything I connect to and attempts to commandeer the wireless connection device.
When this happens the good connection is still showing but it changes to DOS and forces opening of my ISPs administrative setup page.
Once I disconnect from the ISP turn off the wireless, remove the power to the mifi along with the battery.
Re-install the battery and turn the power back on it is usually gone on the next connection which could be in minutes.
There's no other private system connected to, lan has been disabled along with a number of services and no local network outside of this system.
There's no reason to use the 192.168.3.0/subnet for anything.
It was attempting to use the 443 port and then I blocked it on the 80 port but it still shows up in the IP monitor and when it does that's when things go DOS.
Might seem hard to believe but it's not coming from my box and there's no private network other than the ISP which is connected.
I'm inclined to thing it's some smart ass kid or someone else in my neighborhood who thinks access is something to achieve.

trolly
Moderator

User avatar
 
Posts: 39899
Joined: August 22nd, 2005, 7:25 am

Post Posted November 19th, 2016, 3:03 pm

Is your wireless router open or secured?
Do you have other wireless devices which can act as access point?
Smartphones for example can be configured to act as access point.

What says the router log?
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.

Grumpus

User avatar
 
Posts: 12040
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted November 20th, 2016, 6:43 am

Router is actually a secured Mifi device from Virgin Mobile, no other connections allowed. IPV6 ignored.
No other wireless devices to make connection, no phone within immediate area.
I have run several traces of the offending IPs, and have come up with a trail back to Sprint which is the Main net for Virgin Mobile.
I notified the Virgin Mobile tech support of this issue a couple of months ago and seemed to abide for a week or so.
I ran another trace this morning on an individual IP and it's coming through the Sprint network and is located in Las Vegas.
This information has been forwarded to Sprint abuse but it might not be an abuse issue just a glitch in their system.
WPA/WPA2 level on the connection and it seems some of the errant connection attempt is diminished to just the temporary DOS with the blocking of the IP range and the individual IP numbers. Which is why I think it's probably a glitch more than something else.
I also noticed my connection data transfer is around 2.8Kb for normal connection but the monitor shows a 40Kb packet transfer from the offending IP range.
Traffic logs just show the reconnect data and I have to open the archives for anything else.
There's no specific Mifi log which is probably kept by Virgin or Sprint for accounting purposes.
Hopefully Sprint will sort this out. as it's in their lap now.

It's been a fun week. Thanks.

PS: Apparently Sprint won't help directly, have to go through Virgin Mobile who has no free voice contact any more, email to Sprint did not go through but we shall see. Sprint Technicians are in the "Not my job" mode. Referred me to a number for some kind of health alert sign-up. Somebody needs to fix the IP range contact numbers and emails, most don't go through anymore. Seem blocked and are using a different type face than the page typeface. Probably compromised.

Grumpus

User avatar
 
Posts: 12040
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted November 22nd, 2016, 6:25 am

Virgin Mobile fixed it. Probably network level and the fix was a reset of the device on this end and a change in the network on Virgin Mobile's end.
In complete honesty, anytime help is needed these folks have been more than cooperative and patient.

Grumpus

User avatar
 
Posts: 12040
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted December 7th, 2016, 5:20 am

There;s this in the register this morning: Wifi router hacking
Betcha 192.168.3.0/24 is one of the problems.

mightyglydd

User avatar
 
Posts: 9260
Joined: November 4th, 2006, 7:07 pm
Location: Hollywood Ca.

Post Posted December 7th, 2016, 9:03 am

Image
#KeepFightingMichael

Grumpus

User avatar
 
Posts: 12040
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted December 7th, 2016, 10:21 am

Might help if instead of being cute you added something of value, then again why would you if it isn't in your interest to fix these things.
Did you bother to read the link or is it "let's just stop any kind of fix by ridiculing the post."

morat
 
Posts: 2949
Joined: February 3rd, 2009, 6:29 pm

Post Posted December 7th, 2016, 11:09 am

Grumpus wrote:something of value

Tips for Securing Your Home Router
http://www.practicallynetworked.com/sec ... router.htm

I also disable UPnP.

Universal Plug and Play
http://en.wikipedia.org/wiki/Universal_Plug_and_Play

Grumpus

User avatar
 
Posts: 12040
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted December 7th, 2016, 2:56 pm

Thanks for the links but the problem appears to be due to use of the Mifi which has only a couple of tweaks and doesn't act like a normal router.
It's more of a secure hotspot for an individual connection and the wireless is not set to allow others.
Traffic monitor is also not doing reverses and not set to promiscuous.
Power has been reduced to the dongle, region set and ipv6 ignored. There's no way around the Mifi ID use, remote admin.
We tried the reset and changed the administrator passwords but the issue appears to be more like the link posted from the Register.
The way it worked the other day a connection reset signal was generated and a Mozillazine page spoofed.
It was a pretty good duplicate but the graphic for Quote in the upper right corner was missing.
The area would slightly highlight (just whiter) and when clicked attempted to compromise the connection immediately trying to connect to 192.168.3.0/24.
As all single IPs are blocked in that range it ran through all twenty four a couple of times before connections were broken
NoScripts applications boundary enforcement issued a warning and all connections were physically broken and etc.
the ip range showed in the traffic monitor and it was successfully blocked by the firewall or at least slowed down long enough to break the connections.

It was suggested it was someone local but the reset appeared to come from Mozillazine according to the log.

Return to MozillaZine Tech


Who is online

Users browsing this forum: No registered users and 2 guests