Jump to content

What does this router log mean?

CODE!!

By CODE!!
in Questions

 Share

Recommended Posts

CODE!! Newbie

CODE!!

Posted
Posted

Okay so yesterday someone tried to login to my facebook WITH my password. (Note: I haven't shared my password with anyone and its quite complicated) I Don't know how he got it.. I Was scared because i have a really expensive steam account and also my paypal.. I Changed all my passwords from a secure network and pc so that's not a problem for now. But today i have a scheduled LAN and when i was setting up the CS:GO Server ports i noticed a port that i didn't open and i know i didn't i'm 100% sure and i'm the only one that has access to the router it was port 63478 TCP/UDP. So i checked my router logs and this is what i found. i have no idea what it means and the guy that tried to log in to my facebook was from the usa or he used a vpn. Also he was logged in to my steam account when i tried to deauthorize all other devices and i have steam mobile authenticator which means he somehow might have made an image of my ssd and copied all my serial numbers? i don't really know how steam guard works. i had UPnP enabled which i disabled now. Note: i changed the router login credentials.

Log:

Jan 16 16:51:51 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 16:53:35 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 17:01:53 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 17:03:37 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 17:11:56 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 17:13:48 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 17:21:58 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 17:23:56 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 17:32:01 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 17:34:16 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 17:38:52 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 16 17:38:52 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 16 17:39:14 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 16 17:39:14 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 16 17:42:04 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 17:44:24 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 17:52:06 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 17:54:34 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 18:02:09 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 18:04:42 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 18:12:12 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 18:14:48 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 18:22:14 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 18:24:56 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 18:32:17 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 18:35:02 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 18:38:51 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 16 18:38:51 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 16 18:39:14 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 16 18:39:14 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 16 18:42:19 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 18:45:09 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 18:52:22 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 18:55:12 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 19:02:24 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 19:05:15 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 19:12:27 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 19:15:22 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 19:22:30 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 19:25:24 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 19:32:32 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 19:35:29 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 19:38:52 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 16 19:38:52 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 16 19:39:14 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 16 19:39:14 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 16 19:42:35 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 19:45:35 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 19:52:37 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 19:55:41 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 20:02:40 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 20:05:46 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 20:12:42 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 20:15:52 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 20:22:45 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 20:25:58 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 20:32:48 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 20:36:04 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 20:38:52 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 16 20:38:52 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 16 20:39:14 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 16 20:39:14 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 16 20:42:50 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 20:46:14 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 20:52:53 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 20:56:20 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 16 21:39:15 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 16 21:39:15 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 16 22:39:15 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 16 22:39:15 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 16 23:39:15 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 16 23:39:15 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 17 08:08:23 DHCP INFO DHCPS:Recv DISCOVER from C0:9F:42:D0:16:9A
Jan 17 08:08:24 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100
Jan 17 08:08:24 DHCP INFO DHCPS:Recv DISCOVER from C0:9F:42:D0:16:9A
Jan 17 08:08:24 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100
Jan 17 08:08:25 DHCP INFO DHCPS:Recv REQUEST from C0:9F:42:D0:16:9A
Jan 17 08:08:25 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 17 09:08:26 DHCP INFO DHCPS:Recv REQUEST from C0:9F:42:D0:16:9A
Jan 17 09:08:26 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 17 14:58:15 DHCP INFO DHCPS:Recv DISCOVER from 28:E3:47:29:65:8D
Jan 17 14:58:16 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.103
Jan 17 14:58:16 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 17 14:58:16 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 17 15:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 17 15:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 17 16:38:23 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 17 16:38:23 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 17 17:36:43 DHCP INFO DHCPS:Recv DISCOVER from 00:1C:25:DC:41:67
Jan 17 17:36:44 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100
Jan 17 17:36:47 DHCP INFO DHCPS:Recv DISCOVER from 00:1C:25:DC:41:67
Jan 17 17:36:47 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100
Jan 17 17:36:47 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 17 17:36:47 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 17 17:36:52 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 17 17:38:23 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 17 17:38:23 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 17 17:41:40 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 17 17:44:28 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 17 18:19:32 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 17 18:36:47 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 17 18:36:47 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 17 18:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 17 18:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 17 19:36:47 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 17 19:36:47 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 17 19:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 17 19:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 17 20:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 17 20:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 17 21:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 17 21:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 17 22:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 17 22:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 17 23:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 17 23:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 18 00:37:17 DHCP INFO DHCPS:Recv DISCOVER from 00:1C:25:DC:41:67
Jan 18 00:37:18 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100
Jan 18 00:37:20 DHCP INFO DHCPS:Recv DISCOVER from 00:1C:25:DC:41:67
Jan 18 00:37:20 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100
Jan 18 00:37:20 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 00:37:20 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 00:37:26 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 18 00:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 18 00:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 18 00:41:41 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 18 01:02:26 OTHER WARNING Username and password are successfully updated
Jan 18 01:19:20 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 18 01:37:20 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 01:37:20 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 01:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 18 01:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 18 01:46:30 DHCP INFO DHCPS:Recv DISCOVER from C0:9F:42:D0:16:9A
Jan 18 01:46:31 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.101
Jan 18 01:46:32 DHCP INFO DHCPS:Recv REQUEST from C0:9F:42:D0:16:9A
Jan 18 01:46:32 DHCP INFO DHCPS:Send ACK to 192.168.0.101
Jan 18 02:37:20 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 02:37:20 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 02:38:24 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 18 02:38:24 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 18 02:52:49 DHCP INFO DHCPS:Recv REQUEST from C0:9F:42:D0:16:9A
Jan 18 02:52:49 DHCP INFO DHCPS:Send ACK to 192.168.0.101
Jan 18 03:09:21 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 18 03:09:21 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 18 05:30:34 DHCP INFO DHCPS:Recv DISCOVER from 28:E3:47:29:65:8D
Jan 18 05:30:34 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.103
Jan 18 05:30:34 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 18 05:30:34 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 18 06:30:34 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 18 06:30:34 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 18 07:44:08 DHCP INFO DHCPS:Recv DISCOVER from 00:1C:25:DC:41:67
Jan 18 07:44:09 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100
Jan 18 07:44:11 DHCP INFO DHCPS:Recv DISCOVER from 00:1C:25:DC:41:67
Jan 18 07:44:11 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.100
Jan 18 07:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 07:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 07:44:25 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 18 07:48:09 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 18 08:19:25 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 18 08:24:45 DHCP INFO DHCPS:Recv DISCOVER from E4:12:1D:53:73:3B
Jan 18 08:24:46 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.101
Jan 18 08:24:46 DHCP INFO DHCPS:Recv REQUEST from E4:12:1D:53:73:3B
Jan 18 08:24:46 DHCP INFO DHCPS:Send ACK to 192.168.0.101
Jan 18 08:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 08:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 09:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 09:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 10:27:20 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 18 10:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 10:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 11:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 11:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 12:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 12:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 12:46:24 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 18 12:49:01 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 18 13:19:19 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 18 13:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 13:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 14:44:10 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 14:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 15:44:10 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 15:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 16:44:11 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 16:44:11 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 17:44:10 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 17:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 18:19:37 DHCP INFO DHCPS:Recv INFORM from 00:1C:25:DC:41:67
Jan 18 18:44:10 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 18:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 19:44:10 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 19:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 20:30:19 DHCP INFO DHCPS:Recv DISCOVER from 28:E3:47:29:65:8D
Jan 18 20:30:20 DHCP INFO DHCPS:Send OFFER with ip 192.168.0.103
Jan 18 20:30:20 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 18 20:30:20 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 18 20:44:10 DHCP INFO DHCPS:Recv REQUEST from 00:1C:25:DC:41:67
Jan 18 20:44:10 DHCP INFO DHCPS:Send ACK to 192.168.0.100
Jan 18 21:30:20 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 18 21:30:20 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Jan 18 22:30:20 DHCP INFO DHCPS:Recv REQUEST from 28:E3:47:29:65:8D
Jan 18 22:30:20 DHCP INFO DHCPS:Send ACK to 192.168.0.103
Link to comment
Share on other sites
0phoi5 Apprentice

0phoi5

Posted
Posted (edited)

Looks to me like you may have been a victim of these methods.

Cracked your WiFi, then probably used Man-in-the-Middle to get your credentials for Facebook, or something like Airdecap-ng to capture traffic.

Look up 'deauth wifi'.

The regular 'ACKs' you see there are you being kicked from your WiFi in order to capture a handshake. Possibly. Occasional ACKs are normal, as your own devices connect etc., but regular ACKs is normally a sign of a direct attempt to capture the password handshake.

This is speculation, I can't be certain of course.

*Edit* Check each of your own device's MAC addresses and IPs and rule them out of the above log. Anything left over is highly suspect.

*Edit Edit* Just looked at the dates/times a bit more closely. To be fair, I'm probably wrong above, although worth reading anyway.

Sustained WiFi attacks would show more ACKs than your log. Do the MAC/IP checks on your devices, you may find the log is just showing you the times your own stuff connects to your WiFi, as there are minutes if not hours in between each connection.

A sustained attack would probably look more like;

Jan 18 12:44:01  DHCP       INFO    DHCPS:Send ACK to 192.168.0.100
Jan 18 12:44:02  DHCP       INFO    DHCPS:Send ACK to 192.168.0.100
Jan 18 12:44:03  DHCP       INFO    DHCPS:Send ACK to 192.168.0.100
Jan 18 12:44:04 DHCP       INFO    DHCPS:Send ACK to 192.168.0.100
Jan 18 12:44:05  DHCP       INFO    DHCPS:Send ACK to 192.168.0.100
Jan 18 12:44:06  DHCP       INFO    DHCPS:Send ACK to 192.168.0.100
Jan 18 12:44:07  DHCP       INFO    DHCPS:Send ACK to 192.168.0.100
Jan 18 12:44:08  DHCP       INFO    DHCPS:Send ACK to 192.168.0.100
Jan 18 12:44:09  DHCP       INFO    DHCPS:Send ACK to 192.168.0.100
Jan 18 12:44:10 DHCP       INFO    DHCPS:Send ACK to 192.168.0.100
Jan 18 12:44:11  DHCP       INFO    DHCPS:Send ACK to 192.168.0.100
etc.
Edited by haze1434
Link to comment
Share on other sites
CODE!! Newbie

CODE!!

Posted
  • Author
Posted

None of the mac addresses are my own computer i checked them and also i really doubt someone would crack my wifi since i live in macedonia people are not that intelligent.. i really think this was done remotely. I have used some of the methods.. "For research purposes" ofc but i don't know how he managed to do it since i have bitdefender ts 2016 always on and didn't download/install anything suspicious.. And also why did he open port 63478? Thanks for the reply anyways :D

Link to comment
Share on other sites
fugu Newbie

fugu

Posted
Posted (edited)

you have 4 MAC addresses that your router is talking too; find out if/which one doesn't belong:

00:1C:25:DC:41:67 Hon Hai Precision Ind. Co.,Ltd.
28:E3:47:29:65:8D Liteon Technology Corporation
C0:9F:42:D0:16:9A Apple, Inc.
E4:12:1D:53:73:3B Samsung Electronics Co.,Ltd
Edited by fugu
Link to comment
Share on other sites
0phoi5 Apprentice

0phoi5

Posted
Posted

you have 4 MAC addresses that your router is talking too; find out if/which one doesn't belong:

00:1C:25:DC:41:67 Hon Hai Precision Ind. Co.,Ltd.
28:E3:47:29:65:8D Liteon Technology Corporation
C0:9F:42:D0:16:9A Apple, Inc.
E4:12:1D:53:73:3B Samsung Electronics Co.,Ltd

This.

More than likely;

00:1C:25:DC:41:67 H - Kindle iPad/iPhone

28:E3:47:29:65:8D - Possibly an Xbox

C0:9F:42:D0:16:9A - iPad/iPhone/Mac

E4:12:1D:53:73:3B - Samsung Phone

All seem legit, but to be sure (as it is quite possible to spoof MACs), I would blacklist each one and see which of your devices then don't connect.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

MAC addresses work at layer 2, and are local, physical hardware addresses only, and shouldn't be any remote device other than VPN'ed to the router, whihc I doubt is the case from the above hardware ID's. You can punch them into Wireshark to get the manufacturer - https://www.wireshark.org/tools/oui-lookup.html

As for the port, can you do a netstat on the router? More than likely, this was just a port in use by a device, and not necessarily an "opened" port to the outside world. You could test by opening telnet and opening your external IP at that port number.

example:

telnet xx.xx.xx.xx 63478

You should do this, from another network, not from a home/internal lan machine to test, otherwise could be false positive, but even locally if open, you may get a banner of anything running on it if there is. if it was just a socket from some program that used that port, it won't show anything. netstat can show what IP and port is using it. When in an actual OS, you can also see the process using it depending on the command switches, but most routers just have a simple netstat button in the admin panel with minimal output.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...