No_Body Posted September 14, 2018 Share Posted September 14, 2018 That is a long story, but now I am in some mindfuck program, these guys are like nothing I could ever even contemplate, but they are funny, which I mean they're gonna kill me might as be humorous about it. So what they do is watch you a while then in no uncertain terms let you know they have been watching, some of the stuff they do is actually pretty funny. Like one time I fired up Wireshark, then all this shit started pouring out like I was being hacked all these names of well known exploits and then even more obvious shit like in big bold upper case letters "***KERNEL PANIC***, etc. I freaked for a split second and then was like wait a while, Wireshark doesn't report exploit names and kernel panic and all this other shit. Then I noticed they had put my Wireshark in random packet mode and were inputting packets from a named pipe. Fuckers. But they do it just to let you know they are right there beside you on your computer to fuck with you. So another thing they want me to think is that they put cameras in my place. So I nmap my network and lo and behold 4 unknown devices with port 554 (rtsp) and 7070 (realstreamer) open, must be IP cameras. So I head into monitor mode and fire up airmon-ng, no radio traffic from these devices. Traceroute said 2 of the 4 were directly connected to my router and the other 2 went through a defense contractor who shall remain nameless, I saved a ZenMap scan of it and they edited the nameless defense contractor out, and then stopped any of those servers from responding to ICMP requests. They edited the contractor right out so it looked like all 4 IP cameras were directly connected to my network then shut off my internet, when it came back all of a sudden traceroute wouldn't return anything beyond my router. So I bought a Raspberry Pi and have been using that, but still they own me and enjoy fucking with me, but I think they want me to get the hint that maybe my demise might be accelerated if I share who is watching. So onto the question, I nmapped 192.168.*.* and found my devices and the 4 alleged IP cameras. However when I add the -Pn switch and scan 192.168.*.* I get about 37MB of results all looking like this (recently they just added Skype port (1863)). It seems setting --max-retries 1 gets you good solid wide scan to get a good sense of the network, don't know if --min-parallelism helps, might be superstition, but with this I can scan 192.168.*.* in a couple minutes on a Raspberry Pi. nmap -sS -T4 -v -Pn --min-parallelism 500 --max-retries 1 192.168.*.* I find the above combo doesn't get "stuck" like you see sometimes when you do wide range scan that usually gets hung on a small 64 or 128 address block like this after a while... SYN Stealth Scan Timing: About 35.61% done; ETC: 09:35 (0:53:39 remaining) SYN Stealth Scan Timing: About 36.66% done; ETC: 09:43 (0:57:50 remaining) SYN Stealth Scan Timing: About 37.91% done; ETC: 09:53 (1:02:26 remaining) SYN Stealth Scan Timing: About 39.47% done; ETC: 10:04 (1:07:30 remaining) So the result is just 50 some odd megabytes of ... Nmap scan report for 192.168.255.157 Host is up (0.0082s latency). Not shown: 997 closed ports PORT STATE SERVICE 554/tcp filtered rtsp 1863/tcp filtered msnp 7070/tcp filtered realserver Nmap scan report for 192.168.255.158 Host is up (0.0061s latency). Not shown: 997 closed ports PORT STATE SERVICE 554/tcp filtered rtsp 1863/tcp filtered msnp 7070/tcp filtered realserver Nmap scan report for 192.168.255.159 Host is up (0.013s latency). Not shown: 997 closed ports PORT STATE SERVICE 554/tcp filtered rtsp 1863/tcp filtered msnp 7070/tcp filtered realserver Yes thousands and thousands of devices allegedly looking like IP cameras ( and now running Skype on 1863 for some reason, they weren't at first ). But its not just these, in the lower ranges I see some normal boxes scattered about, por ejemplo: Nmap scan report for 192.168.53.128 Host is up (0.0060s latency). Not shown: 973 filtered ports PORT STATE SERVICE 21/tcp closed ftp 22/tcp closed ssh 23/tcp closed telnet 53/tcp closed domain 80/tcp closed http 110/tcp closed pop3 111/tcp closed rpcbind 113/tcp closed ident 135/tcp closed msrpc 139/tcp closed netbios-ssn 143/tcp closed imap 199/tcp closed smux 256/tcp closed fw1-secureremote 443/tcp closed https 445/tcp closed microsoft-ds 554/tcp open rtsp 587/tcp closed submission 993/tcp closed imaps 995/tcp closed pop3s 1025/tcp closed NFS-or-IIS 1720/tcp closed h323q931 1723/tcp closed pptp 3306/tcp closed mysql 3389/tcp closed ms-wbt-server 7070/tcp open realserver 8080/tcp closed http-proxy 8888/tcp closed sun-answerbook And now the moment you have been anxiously awaiting for, is 192.168.*.* always considered my network? All my devices seem to be on 192.168.1.1-5. Consider the alternatives: 1.) They are fucking with me, they have a long storied history of fucking with me. 2.) I'm a retard and think 192.168.*.* is my network. I'm really just scanning random addresses. *But* then why are they all IP cameras with just 554,1863,7070 open? Are really the vast majority of random IP addresses cameras? I don't think so. I don't think. Like 99.9% of these have just 554, 1863, and 7070 open. 3.) I really am on a network with thousands of IP cameras and some serious shit is going down. Much fuckery is afoot is all I've managed to ascertain up until this point. So if some other grime sdobber wishes to step in and provide direction I'd be much obliged. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.