FacebookTwitterDiggStumbleuponGoogle BookmarksRedditTechnoratiLinkedin

Welcome

The Martin Fleischmann Memorial Project is a group dedicated to researching Low Energy Nuclear Reactions (often referred to as LENR) while sharing all procedures, data, and results openly online. We rely on comments from online contributors to aid us in developing our experiments and contemplating the results. We invite everyone to participate in our discussions, which take place in the comments of our experiment posts. These links can be seen along the right-hand side of this page. Please browse around and give us your feedback. We look forward to seeing you around Quantum Heat.

Join us and become part of the project. Become one of the active commenters, who question our work and suggest next steps.

Or, if you are an experimenter, talk to us about becoming an affiliated lab and doing your work in a Live Open Science manner.

Username:
Password:
Remember me

Welcome to the New Fire Discussions

Tell us and our members who you are, what you like and why you became a member of this site.
We welcome all new members and hope to see you around a lot!

TOPIC: I need some unhacking help, please!

#761 5 years 10 months ago
I need some unhacking help, please!

bobeson's Avatar
OFFLINE
Karma: 0
It seems that I've been hacked, and my email is not working properly, among other things.
In going through my network router's syslog file, I find a few repeating patterns from certain IP addresses.
Can anybody help me identify what is going on here, and how I should best address this?
I would be most grateful for the help, as I am trying to complete a large amount of work for the MFMP right now, but instead I'm discovering that my carefully-composed emails are not getting out (sometimes!) and some large percentage (but not all!) are not arriving!

I can see some of the incoming mail in upstream network provider queues, so I know they exist but are not arriving.

Here are a few of the entries from my router's syslog that may be of use:
[INFO] Thu Aug 01 16:13:01 2013 Blocked incoming TCP packet from 208.97.132.231:143 to 10.1.10.36:51206 as ACK received but there is no active connection
[INFO] Thu Aug 01 16:10:55 2013 Blocked incoming TCP packet from 74.125.28.193:443 to 10.1.10.36:56466 as PSH:ACK received but there is no active connection
[INFO] Thu Aug 01 16:28:01 2013 Blocked incoming TCP packet from 208.97.132.231:143 to 10.1.10.36:51206 as RST:ACK received but there is no active connection
[INFO] Thu Aug 01 16:28:00 2013 Blocked incoming TCP packet from 208.97.132.231:143 to 10.1.10.36:51206 as FIN:ACK received but there is no active connection
[INFO] Thu Aug 01 16:28:00 2013 Blocked incoming TCP packet from 208.97.132.231:143 to 10.1.10.36:51206 as PSH:ACK received but there is no active connection

That pattern of messages originated at various times from these IP addresses:
74.125.239.128
208.97.132.231
173.194.79.125
184.73.219.139
157.56.98.80
157.56.98.98
157.56.98.120

I also see blocked outgoing packets, with the following syslog entries:
INFO] Thu Aug 01 16:05:41 2013 Blocked outgoing TCP packet from 192.168.0.188:49624 to 192.135.198.111:22 as PSH:ACK received but there is no active connection
[INFO] Thu Aug 01 16:04:51 2013 Blocked outgoing TCP packet from 192.168.0.188:51767 to 173.194.79.125:5222 as PSH:ACK received but there is no active connection
INFO] Thu Aug 01 16:04:48 2013 Blocked outgoing TCP packet from 192.168.0.191:26005 to 157.56.98.120:443 as RST:ACK received but there is no active connection
[INFO] Thu Aug 01 16:22:58 2013 Blocked outgoing TCP packet from 192.168.0.194:56556 to 207.46.11.152:443 as RST:ACK received but there is no active connection
[INFO] Thu Aug 01 16:22:24 2013 UPnP renew entry 255.255.255.255 <-> 10.1.10.36:50601 <-> 192.168.0.188:50601 UDP timeout:-1 'Teredo'

The following IP addresses were being sent packets:
192.135.198.111
173.194.79.125
157.56.98.120
207.46.11.152


Can anybody help me figure out what is happening here, and how I should best address it?
Thanks in advance for any insight you can offer!
The administrator has disabled public write access.

#762 5 years 10 months ago
I need some unhacking help, please!

Umino's Avatar
OFFLINE
Umino
What operating system are you using?

If you're using Windows XP or below I strongly suggest to upgrade to a newer version of Windows or using Linux, as it's become too insecure for use with an internet connection.
The administrator has disabled public write access.

#763 5 years 10 months ago
I need some unhacking help, please!

bob's Avatar
OFFLINE
bob
Karma: 14
I can only say that Francesco Celani has believed he has had serious hacking attempts since his demonstration at ICCF17.

Welcome to the new normal.
The administrator has disabled public write access.

#764 5 years 10 months ago
I need some unhacking help, please!

bobeson's Avatar
OFFLINE
Karma: 0
I am using Windows 7, with auto-updates turned on. I have a metric boatload of software installed, including java and flash, with as many disabled as I can manage at any given time.

I have observed packets outgoing from high port-numbers on my workstation, so I know my workstation itself is infected, among other things.
The administrator has disabled public write access.

#765 5 years 10 months ago
I need some unhacking help, please!

bob's Avatar
OFFLINE
bob
Karma: 14
You could install the free virtual box

www.virtualbox.org

Put a clean Ubuntu on there and connect via a VPN to send/receive mails.

I think that the Pirate Bay is developing tools to ensure that we get our privacy back. I think that it is important if we are discussing working in a LOS way with private companies given the vested interests in this field.
The administrator has disabled public write access.

#766 5 years 10 months ago
I need some unhacking help, please!

bobeson's Avatar
OFFLINE
Karma: 0
Put Ubuntu on there?? bleah. I hate administering Unix, and particularly on a graphics workstation. Ever since BSD3.2, it's been a long downhill slide, and every time one of those old neurons dissolves, my brain breathes a little bit easier.

In any case, it seems that port 50601 is being favored, in case this rings any bells:

[INFO] Thu Aug 01 16:56:48 2013 UPnP renew entry 255.255.255.255 <-> 10.1.10.36:50601 <-> 192.168.0.188:50601 UDP timeout:-1 'Teredo'
[INFO] Thu Aug 01 16:44:01 2013 Above message repeated 20 times

I'm about to turn off UPnP in that router and see what happens next.
The administrator has disabled public write access.

#767 5 years 10 months ago
I need some unhacking help, please!

bobeson's Avatar
OFFLINE
Karma: 0
One of those IP addresses (208.97.132.231) is my ISP's mail server. Somebody is interfering with the protocol in-between that and my workstation, presumably from my workstation.
The administrator has disabled public write access.

#769 5 years 10 months ago
I need some unhacking help, please!

bobeson's Avatar
OFFLINE
Karma: 0
whois information shows that a number of those IP addresses can be identified with connections known to be active on my LAN, but the reasons for the protocol violations are unclear. After some reconfiguring of my router to block whatever possible holes I could find (like the UPnP protocol being turned on, etc) the amount of malicious-appearing activity has dropped substantially, and email is working at the moment. I'm reasonably confident I'm still hacked, but I may have frustrated one communications hole at least. Hopefully it was the only one this tool uses, but I'd be surprised if it was...

Meanwhile, I guess I'll just have to keep a close eye on all of my syslogs... not much fun!
The administrator has disabled public write access.
Powered by Kunena Forum