cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Aspiring Contributor
562 Views
Message 11 of 35

Re: My network is under attack

I considered the posibility but the attack began about 20 minutes after I replied to a bizzare and cryptic text to my mobile signed Ivan the terrible.
I responded and 2 months of my phones picture data was corrupted.
Then my PC began to suffer. I've always surfed a bit fast and loose, never thought I'd end up playing this game. The firewal was not doing it's job then because I hadn't set it up properly.

ActionFraud and the Police have been looking into it, but I lack the knowledge to trace the origin of these attacks.
Will BT be able to help them when/if they're contacted?

0 Ratings
Reply
Highlighted
Distinguished Sage
Distinguished Sage
543 Views
Message 12 of 35

Re: My network is under attack

I suspect it is more likely that you have downloaded malware onto your phone/computer which has then allowed the hacker access to your home network and any device that is connected to it rather than your firewall not being configured correctly.

Firewalls on routers and Windows built in firewall do not normally require any configuration to work safely, it is usually user intervention making incorrect changes that causes problems.

Only BT will be able to answer the question about assisting and it will only be if they are provided with the correct paper work.

Highlighted
Aspiring Contributor
538 Views
Message 13 of 35

Re: My network is under attack

I appreciate your help.
Certainly wasn't anything downloaded, I'm extremely cautious in that respect.
My firewalls weren't set up safely, it was adjusted for more speed in gaming, I had a great number of custom port forwarding rules in place and safe guards I had disabled.
I have since found out that the dropped customer I have suspicion of actually works for Microsoft so I'm pretty certain I've worked it out.

Will have to just wait for the Police to get back to me, but they said ISP's don't keep an extended log so it's likely going to go nowhere.

Anyway, time to upgrade to a non BT router!
0 Ratings
Reply
Highlighted
Distinguished Sage
Distinguished Sage
521 Views
Message 14 of 35

Re: My network is under attack

If it was you that changed port settings etc it would appear to be user error so I don't thing having a non BT router would have made any difference. 

A sore lesson to learn but make sure that you are fully aware of why and what you are doing if you make any firewall and security changes.

Highlighted
Aspiring Expert
519 Views
Message 15 of 35

Re: My network is under attack

I agree with gg30340, sounds like you have some malware. Best course of action is to format all your effected Devices back to factory settings. You might backup your pc’s if you use them for business, just make sure you chose a date from well before this whole thing started. 

my only other question is, why would a Microsoft employee cyber attack a landscape gardener for cancelling a job during COVID-19 outbreak? That doesn’t ring true. 

Highlighted
Aspiring Contributor
488 Views
Message 16 of 35

Re: My network is under attack

"A sore lesson to learn"
Agreed.

"Not sure what having a non-bt router would do"
A non BT router will not allow itself to be scrubbed of evidence in real time whilst a person bombards it to the point it jams wireless and other features. I need to pay for some extra protection because BT have shrugged at me down the phone and the community keep telling me alternative scenarios are a reality.

"Best course of action is to format all your effected Devices back to factory settings. You might backup your pc’s if you use them for business, just make sure you chose a date from well before this whole thing started. "
I think you wildly underestimate what I've already done in GTP formating the drives.
This is a fresh, OEM install I am running now, less than 2 weeks old.

"my only other question is, why would a Microsoft employee cyber attack a landscape gardener for cancelling a job during COVID-19 outbreak? That doesn’t ring true. "
He was an aggressive irish man with a heavily pregnant wife who wasn't happy with me saying I couldn't carry on during this outbreak and not charging him £600 for the work done so far aparently wasn't enough.
They both went on a tirade that I had to finish the job no matter what.
The Police have said this doesn't happen to random people for no reason, and that is the only motive my brain has added up.




0 Ratings
Reply
Highlighted
Distinguished Sage
Distinguished Sage
477 Views
Message 17 of 35

Re: My network is under attack

I did not say "Not sure what having a non-bt router would do"

I said "it would appear to be user error so I don't thing having a non BT router would have made any difference" and I still say that in view of what you said. "My firewalls weren't set up safely, it was adjusted for more speed in gaming, I had a great number of custom port forwarding rules in place and safe guards I had disabled".

It was you that changed and disabled various things so it was you and not the router that allowed anything through the firewall, if indeed that is the cause of your problem, and that would be the same on any router if you alter the settings in the manner in which you say you did.

In any event there is nothing further to add that would assist you so good luck in getting to the bottom of this.

Highlighted
Aspiring Expert
473 Views
Message 18 of 35

Re: My network is under attack

A BT router can be ‘scrubbed’ as easily as a 3rd party one. All have factory resets. 

however, restarting the router or performing a factory reset will cause you to pickup a new IP address. If whoever is attacking you can move to attacking the new IP address then that points to something inside your network publishing your address out. That gives the impression that something is infected. 

if you turn all devices off, including phones, iPads etc. So nothing is attached to the router. Then reboot your router, and ensure you have a new iPad address , then start up a clean machine, do you see the same attack? 

Highlighted
Aspiring Contributor
460 Views
Message 19 of 35

Re: My network is under attack

I hear you, but there are routers that have their own memory to record and keep backups and let you emulate the network to monitor the attack better. I'm just butthurt that I can't seem to get the same functionality with this one.

Yes, If I lock everything off and factory reset the network it carries on as normal.

Norton is finding nothing, I used masterkey forensic to read through the drives before I formated them back to NTFS and put a clean version of windows on. This SSD is clean.
I'm going to now remove the dead the HDD and see if this stops it.

0 Ratings
Reply
Highlighted
Aspiring Contributor
445 Views
Message 20 of 35

Re: My network is under attack

No luck. Attacks continued. However, I did see one entry from a non proxied IP 135.92.6.73
3 attempts in a row, the first ones after reset.
I managed to capture it, when I refreshed they had been removed and it was a another list of this.

16:59:10, 13 Apr.IN: BLOCK [16] Remote administration (TCP [51.38.94.74]:36276-​>[86.170.169.67]:22 on ppp3)
16:57:24, 13 Apr.BLOCKED 2 more packets (because of Default policy)
16:57:23, 13 Apr.IN: BLOCK [15] Default policy (TCP [185.255.84.151]:443-​>[86.170.169.67]:62570 on ppp3)
16:57:09, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [178.250.2.130]:443-​>[86.170.169.67]:62620 on ppp3)
16:57:03, 13 Apr.IN: BLOCK [15] Default policy (TCP [79.124.62.86]:51591-​>[86.170.169.67]:9833 on ppp3)

 

Am I correct in assuming your verdict would that my device is compromised?
I have ordered a new SSD but I feel pretty hopeless I won't shake this.

0 Ratings
Reply