CODE!! Posted January 19, 2016 Posted January 19, 2016 Okay so yesterday someone tried to login to my facebook WITH my password. (Note: I haven't shared my password with anyone and its quite complicated) I Don't know how he got it.. I Was scared because i have a really expensive steam account and also my paypal.. I Changed all my passwords from a secure network and pc so that's not a problem for now. But today i have a scheduled LAN and when i was setting up the CS:GO Server ports i noticed a port that i didn't open and i know i didn't i'm 100% sure and i'm the only one that has access to the router it was port 63478 TCP/UDP. So i checked my router logs and this is what i found. i have no idea what it means and the guy that tried to log in to my facebook was from the usa or he used a vpn. Also he was logged in to my steam account when i tried to deauthorize all other devices and i have steam mobile authenticator which means he somehow might have made an image of my ssd and copied all my serial numbers? i don't really know how steam guard works. i had UPnP enabled which i disabled now. Note: i changed the router login credentials. Log: Jan 16 16:51:51 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 16:53:35 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 17:01:53 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 17:03:37 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 17:11:56 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 17:13:48 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 17:21:58 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 17:23:56 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 17:32:01 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 17:34:16 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 17:38:52 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 16 17:38:52 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 16 17:39:14 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 16 17:39:14 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 16 17:42:04 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 17:44:24 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 17:52:06 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 17:54:34 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 18:02:09 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 18:04:42 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 18:12:12 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 18:14:48 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 18:22:14 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 18:24:56 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 18:32:17 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 18:35:02 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 18:38:51 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 16 18:38:51 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 16 18:39:14 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 16 18:39:14 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 16 18:42:19 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 18:45:09 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 18:52:22 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 18:55:12 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 19:02:24 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 19:05:15 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 19:12:27 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 19:15:22 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 19:22:30 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 19:25:24 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 19:32:32 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 19:35:29 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 19:38:52 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 16 19:38:52 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 16 19:39:14 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 16 19:39:14 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 16 19:42:35 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 19:45:35 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 19:52:37 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 19:55:41 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 20:02:40 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 20:05:46 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 20:12:42 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 20:15:52 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 20:22:45 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 20:25:58 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 20:32:48 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 20:36:04 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 20:38:52 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 16 20:38:52 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 16 20:39:14 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 16 20:39:14 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 16 20:42:50 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 20:46:14 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 20:52:53 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 20:56:20 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 16 21:39:15 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 16 21:39:15 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 16 22:39:15 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 16 22:39:15 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 16 23:39:15 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 16 23:39:15 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 17 08:08:23 DHCP INFO DHCPS:Recv DISCOVER from C0:9F:42:D0:16:9A Jan 17 08:08:24 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100 Jan 17 08:08:24 DHCP INFO DHCPS:Recv DISCOVER from C0:9F:42:D0:16:9A Jan 17 08:08:24 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100 Jan 17 08:08:25 DHCP INFO DHCPS:Recv REQUEST from C0:9F:42:D0:16:9A Jan 17 08:08:25 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 17 09:08:26 DHCP INFO DHCPS:Recv REQUEST from C0:9F:42:D0:16:9A Jan 17 09:08:26 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 17 14:58:15 DHCP INFO DHCPS:Recv DISCOVER from 28:E3:47:29:65:8D Jan 17 14:58:16 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.103 Jan 17 14:58:16 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 17 14:58:16 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 17 15:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 17 15:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 17 16:38:23 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 17 16:38:23 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 17 17:36:43 DHCP INFO DHCPS:Recv DISCOVER from 00:1C:25:DC:41:67 Jan 17 17:36:44 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100 Jan 17 17:36:47 DHCP INFO DHCPS:Recv DISCOVER from 00:1C:25:DC:41:67 Jan 17 17:36:47 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100 Jan 17 17:36:47 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 17 17:36:47 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 17 17:36:52 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 17 17:38:23 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 17 17:38:23 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 17 17:41:40 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 17 17:44:28 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 17 18:19:32 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 17 18:36:47 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 17 18:36:47 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 17 18:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 17 18:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 17 19:36:47 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 17 19:36:47 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 17 19:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 17 19:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 17 20:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 17 20:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 17 21:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 17 21:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 17 22:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 17 22:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 17 23:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 17 23:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 18 00:37:17 DHCP INFO DHCPS:Recv DISCOVER from 00:1C:25:DC:41:67 Jan 18 00:37:18 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100 Jan 18 00:37:20 DHCP INFO DHCPS:Recv DISCOVER from 00:1C:25:DC:41:67 Jan 18 00:37:20 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100 Jan 18 00:37:20 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 00:37:20 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 00:37:26 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 18 00:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 18 00:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 18 00:41:41 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 18 01:02:26 OTHER WARNING Username and password are successfully updated Jan 18 01:19:20 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 18 01:37:20 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 01:37:20 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 01:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 18 01:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 18 01:46:30 DHCP INFO DHCPS:Recv DISCOVER from C0:9F:42:D0:16:9A Jan 18 01:46:31 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.101 Jan 18 01:46:32 DHCP INFO DHCPS:Recv REQUEST from C0:9F:42:D0:16:9A Jan 18 01:46:32 DHCP INFO DHCPS:Send ACK to 192.168.0.101 Jan 18 02:37:20 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 02:37:20 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 02:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 18 02:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 18 02:52:49 DHCP INFO DHCPS:Recv REQUEST from C0:9F:42:D0:16:9A Jan 18 02:52:49 DHCP INFO DHCPS:Send ACK to 192.168.0.101 Jan 18 03:09:21 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 18 03:09:21 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 18 05:30:34 DHCP INFO DHCPS:Recv DISCOVER from 28:E3:47:29:65:8D Jan 18 05:30:34 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.103 Jan 18 05:30:34 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 18 05:30:34 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 18 06:30:34 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 18 06:30:34 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 18 07:44:08 DHCP INFO DHCPS:Recv DISCOVER from 00:1C:25:DC:41:67 Jan 18 07:44:09 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100 Jan 18 07:44:11 DHCP INFO DHCPS:Recv DISCOVER from 00:1C:25:DC:41:67 Jan 18 07:44:11 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100 Jan 18 07:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 07:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 07:44:25 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 18 07:48:09 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 18 08:19:25 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 18 08:24:45 DHCP INFO DHCPS:Recv DISCOVER from E4:12:1D:53:73:3B Jan 18 08:24:46 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.101 Jan 18 08:24:46 DHCP INFO DHCPS:Recv REQUEST from E4:12:1D:53:73:3B Jan 18 08:24:46 DHCP INFO DHCPS:Send ACK to 192.168.0.101 Jan 18 08:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 08:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 09:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 09:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 10:27:20 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 18 10:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 10:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 11:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 11:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 12:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 12:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 12:46:24 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 18 12:49:01 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 18 13:19:19 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 18 13:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 13:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 14:44:10 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 14:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 15:44:10 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 15:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 16:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 16:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 17:44:10 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 17:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 18:19:37 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67 Jan 18 18:44:10 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 18:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 19:44:10 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 19:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 20:30:19 DHCP INFO DHCPS:Recv DISCOVER from 28:E3:47:29:65:8D Jan 18 20:30:20 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.103 Jan 18 20:30:20 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 18 20:30:20 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 18 20:44:10 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67 Jan 18 20:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 21:30:20 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 18 21:30:20 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Jan 18 22:30:20 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D Jan 18 22:30:20 DHCP INFO DHCPS:Send ACK to 192.168.0.103 Quote
0phoi5 Posted January 19, 2016 Posted January 19, 2016 (edited) Looks to me like you may have been a victim of these methods. Cracked your WiFi, then probably used Man-in-the-Middle to get your credentials for Facebook, or something like Airdecap-ng to capture traffic. Look up 'deauth wifi'. The regular 'ACKs' you see there are you being kicked from your WiFi in order to capture a handshake. Possibly. Occasional ACKs are normal, as your own devices connect etc., but regular ACKs is normally a sign of a direct attempt to capture the password handshake. This is speculation, I can't be certain of course. *Edit* Check each of your own device's MAC addresses and IPs and rule them out of the above log. Anything left over is highly suspect. *Edit Edit* Just looked at the dates/times a bit more closely. To be fair, I'm probably wrong above, although worth reading anyway. Sustained WiFi attacks would show more ACKs than your log. Do the MAC/IP checks on your devices, you may find the log is just showing you the times your own stuff connects to your WiFi, as there are minutes if not hours in between each connection. A sustained attack would probably look more like; Jan 18 12:44:01 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 12:44:02 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 12:44:03 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 12:44:04 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 12:44:05 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 12:44:06 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 12:44:07 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 12:44:08 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 12:44:09 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 12:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100 Jan 18 12:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100 etc. Edited January 19, 2016 by haze1434 Quote
CODE!! Posted January 19, 2016 Author Posted January 19, 2016 None of the mac addresses are my own computer i checked them and also i really doubt someone would crack my wifi since i live in macedonia people are not that intelligent.. i really think this was done remotely. I have used some of the methods.. "For research purposes" ofc but i don't know how he managed to do it since i have bitdefender ts 2016 always on and didn't download/install anything suspicious.. And also why did he open port 63478? Thanks for the reply anyways :D Quote
CODE!! Posted January 19, 2016 Author Posted January 19, 2016 Also since i play cs go professionally i have been ddosed quite a couple of times in a middle of a game.. Quote
fugu Posted January 20, 2016 Posted January 20, 2016 (edited) you have 4 MAC addresses that your router is talking too; find out if/which one doesn't belong: 00:1C:25:DC:41:67 Hon Hai Precision Ind. Co.,Ltd. 28:E3:47:29:65:8D Liteon Technology Corporation C0:9F:42:D0:16:9A Apple, Inc. E4:12:1D:53:73:3B Samsung Electronics Co.,Ltd Edited January 20, 2016 by fugu Quote
0phoi5 Posted January 25, 2016 Posted January 25, 2016 you have 4 MAC addresses that your router is talking too; find out if/which one doesn't belong: 00:1C:25:DC:41:67 Hon Hai Precision Ind. Co.,Ltd. 28:E3:47:29:65:8D Liteon Technology Corporation C0:9F:42:D0:16:9A Apple, Inc. E4:12:1D:53:73:3B Samsung Electronics Co.,Ltd This. More than likely; 00:1C:25:DC:41:67 H - Kindle iPad/iPhone 28:E3:47:29:65:8D - Possibly an Xbox C0:9F:42:D0:16:9A - iPad/iPhone/Mac E4:12:1D:53:73:3B - Samsung Phone All seem legit, but to be sure (as it is quite possible to spoof MACs), I would blacklist each one and see which of your devices then don't connect. Quote
digip Posted January 26, 2016 Posted January 26, 2016 MAC addresses work at layer 2, and are local, physical hardware addresses only, and shouldn't be any remote device other than VPN'ed to the router, whihc I doubt is the case from the above hardware ID's. You can punch them into Wireshark to get the manufacturer - https://www.wireshark.org/tools/oui-lookup.html As for the port, can you do a netstat on the router? More than likely, this was just a port in use by a device, and not necessarily an "opened" port to the outside world. You could test by opening telnet and opening your external IP at that port number. example: telnet xx.xx.xx.xx 63478 You should do this, from another network, not from a home/internal lan machine to test, otherwise could be false positive, but even locally if open, you may get a banner of anything running on it if there is. if it was just a socket from some program that used that port, it won't show anything. netstat can show what IP and port is using it. When in an actual OS, you can also see the process using it depending on the command switches, but most routers just have a simple netstat button in the admin panel with minimal output. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.