I'll try to make this as short as possible but I need to give some background so you can see how much crazy crap I have been through. Also so my question makes more sense. I'll break it into 2 Parts: The Story and The Conclusion.
The Story
My router was hacked into what must have been a neighbor about 3 years ago. I granted, stupidly broadcasted a wireless signal with no encryption for the heck of it one day.
I didn't care much about the stuff on my pc and figured in the event I somehow got hacked, I could just simply format and reinstall as a worst case scenario.
Well big problem. Weird scary stuff starting showing up in search results in google searches that I did. For example every search I did was just about an EXACT match for what I was looking for, not just general keyword results that you would expect. Almost like it already knew what I was searching for. Also, the searches were only bringing up a few results on really basic searches, which should bring up many thousand.
Later that same day my computer would just randomly lockup and crash explorer. One time it even locked up so much that my mouse pointer would not even move. To the point where my router whole connection would be lost and my modem would reset. Then the final thing that really freaked me out was a text file I happened to notice on my harddrive oddly named wizard.txt, that I did not make. It had random lines of my MySpace profile, Some moves I made in a chess game from a couple years ago, some old credit card info from years back, and finally my router password with a smiley next to it.
I immediately reformatted my hd and reinstalled windows. Well things went from bad to worse. My antivirus was automatically turned off at random times for no reason. Some of the programs I tried to install would come up with bogus error messages. Etc. Believe it or not my BIOS settings were changed even. I could not belive what was going on and noone would believe it if i told them.
I even built another brand new pc, not thinking about the fact that the problem could be coming from the connection. (Yeah I know, retarded) The last thing I figured it could be was my connection because I figured a hacker would have to know the ISP password to get to my network. (I knew very little about networking at the time) Of course that one had the same problems.
The Conclusion
Over the years I've been forced to do a ton of research on this and here in a nutshell is all the information i can come up with as to what happened:
Probably using a program called Cain and Abel or similar, he saw my open network. Connected to it, poisoned my connection. Changed MY router, IP address and PC to point to the mac addresses of HIS router,ip, and pc. Then created a bridge between me and my isp. Known as the Man-In-The-Middle attack. So he could intercept any on my traffic before it reached the REAL DNS servers, point it to his local computer and then send it back to me.
Thats only the beginning of it. I noticed under the network settings of ipconfig that it was configured for a secure socket tunnel adadpter. As far as I can tell it's only used in Virtual Private Networks, Using SSH(Secure Shell). Probably adding me to a BotNet. It seems that he has me as a client on his VPN and made his own customized version of windows. There are a TON of PROCESSES running in Task Manager(50+) after a FRESH INSTALLATION of windows. I used to see 20 at the very most after a fresh install before this. Mind you im only running windows home premium and not any business version. He seemingly has REMOTE control of my pc(s) at all times.
To avoid making this unreadable I'll stop here even though i could write pages more of all the bs ive encountered.
My main question: Is ARP Poisoning irreversable and what steps can be taken?
I've tried for years to get rid off it, but it seems to almost be buried in the hardware or something impossible. It makes no sense and I'm NOT making this up. This is serious.
Arp Poisoning Terror Story
in Questions
Posted · Edited by eliminatebotnets
I'll try to make this as short as possible but I need to give some background so you can see how much crazy crap I have been through. Also so my question makes more sense. I'll break it into 2 Parts: The Story and The Conclusion.
The Story
My router was hacked into what must have been a neighbor about 3 years ago. I granted, stupidly broadcasted a wireless signal with no encryption for the heck of it one day.
I didn't care much about the stuff on my pc and figured in the event I somehow got hacked, I could just simply format and reinstall as a worst case scenario.
Well big problem. Weird scary stuff starting showing up in search results in google searches that I did. For example every search I did was just about an EXACT match for what I was looking for, not just general keyword results that you would expect. Almost like it already knew what I was searching for. Also, the searches were only bringing up a few results on really basic searches, which should bring up many thousand.
Later that same day my computer would just randomly lockup and crash explorer. One time it even locked up so much that my mouse pointer would not even move. To the point where my router whole connection would be lost and my modem would reset. Then the final thing that really freaked me out was a text file I happened to notice on my harddrive oddly named wizard.txt, that I did not make. It had random lines of my MySpace profile, Some moves I made in a chess game from a couple years ago, some old credit card info from years back, and finally my router password with a smiley next to it.
I immediately reformatted my hd and reinstalled windows. Well things went from bad to worse. My antivirus was automatically turned off at random times for no reason. Some of the programs I tried to install would come up with bogus error messages. Etc. Believe it or not my BIOS settings were changed even. I could not belive what was going on and noone would believe it if i told them.
I even built another brand new pc, not thinking about the fact that the problem could be coming from the connection. (Yeah I know, retarded) The last thing I figured it could be was my connection because I figured a hacker would have to know the ISP password to get to my network. (I knew very little about networking at the time) Of course that one had the same problems.
The Conclusion
Over the years I've been forced to do a ton of research on this and here in a nutshell is all the information i can come up with as to what happened:
Probably using a program called Cain and Abel or similar, he saw my open network. Connected to it, poisoned my connection. Changed MY router, IP address and PC to point to the mac addresses of HIS router,ip, and pc. Then created a bridge between me and my isp. Known as the Man-In-The-Middle attack. So he could intercept any on my traffic before it reached the REAL DNS servers, point it to his local computer and then send it back to me.
Thats only the beginning of it. I noticed under the network settings of ipconfig that it was configured for a secure socket tunnel adadpter. As far as I can tell it's only used in Virtual Private Networks, Using SSH(Secure Shell). Probably adding me to a BotNet. It seems that he has me as a client on his VPN and made his own customized version of windows. There are a TON of PROCESSES running in Task Manager(50+) after a FRESH INSTALLATION of windows. I used to see 20 at the very most after a fresh install before this. Mind you im only running windows home premium and not any business version. He seemingly has REMOTE control of my pc(s) at all times.
To avoid making this unreadable I'll stop here even though i could write pages more of all the bs ive encountered.
My main question: Is ARP Poisoning irreversable and what steps can be taken?
I've tried for years to get rid off it, but it seems to almost be buried in the hardware or something impossible. It makes no sense and I'm NOT making this up. This is serious.