It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

An answer would be great...

page: 1
1

log in

join
share:

posted on May, 11 2012 @ 01:30 PM
link   
Anyone care to explain to me why for the past few days im getting hit by a quadruple 1 ip range ?




posted on May, 11 2012 @ 01:31 PM
link   
High Altitude Auroral Research Project?

NSA?



posted on May, 11 2012 @ 01:35 PM
link   
reply to post by cerebralassassins
 


Care to elaborate?

What exactly is "getting hit with" this? Your home network? your router? your personal machine?

Quadruple 1 range?

As in : 111.111.111.111 ? or 1.1.1.1 ?
=====
Lol you know, this grinds my gears, posts up a question with little information then goes offline and doesn't reply, then he will and I won't be paying attention.

anyways... If you are loading webpages and they fail to load and give you a 1.1.1.1 ip you might have a hostfile redirect virus.

If you are noticing 1.1.1.1 traffic on your router, verify your DHCP server is properly configured within the router, if it's external traffic, it could be a very half assed intrusion attempt.


edit on 11-5-2012 by phishyblankwaters because: (no reason given)



posted on May, 11 2012 @ 01:38 PM
link   
reply to post by cerebralassassins
 
What is that, OP? What are you experiencing?



posted on May, 11 2012 @ 01:44 PM
link   
1 1 1 1 , 1 1 1 1 , 1 1 1 1 , 1 1 1 1 , with mass packet delays, network is almost at standstill. Huge incoming packets from this ip range. Im currently capturing packets to decode later. The comodo firewall running on a zombie win xp has been constantly red flagging *blocking and sandboxing various programs that are attempting to send packets. The linux machine is doing fine without any weird surges. The actual router is blazing its lights as if it was a xmas tree. This has been going on for several days, i do have a hunch but i need to open a machine and allow what ever wants to come in to come in and do its stuff. Like bees to honey.


soz for delay in reply, its extremely hard to reply and get things posted atm. This usually lasts for about an hour or so..oh yeah..i just received a google message from my gmail that apparently someone has tried or has logged into my gmail as i have set the mail to always send me sms no matter what and sure enough only 15secodns i received a google sms regarding my gmail.
edit on 11-5-2012 by cerebralassassins because: (no reason given)



posted on May, 11 2012 @ 01:49 PM
link   
DHS.



posted on May, 11 2012 @ 01:55 PM
link   
reply to post by cerebralassassins
 

The address you posted simply does not exist in IPv4 (or Internet Protocol v6 for that matter). You must have some other problem than an attack by malicious letter agencies, enemies, hackers or whatever. Good luck!
Could be a virus, broken hardware, ISP problems, windows problems, other problems.
ETA As a first step I would try disabling Comodo Firewall. If that doesn't work, de-install it. If that doesn't work, scan for virus/trojan. As you already mentioned, the Linux machine is not showing these symptoms. I know nothing about your setup but assuming you are behind a home adsl/cable router, there is no way a machine on the internet can reach behing your ads;/cable modem.
edit on 11/5/12 by LightSpeedDriver because: ETA

edit on 11/5/12 by LightSpeedDriver because: Clarification



posted on May, 11 2012 @ 02:01 PM
link   

Originally posted by cerebralassassins
1 1 1 1 , 1 1 1 1 , 1 1 1 1 , 1 1 1 1 ,


There is no such thing as you've written it. Better information = better answers. Screen shot it or something. Helping people around here is like pulling teeth sometimes.



posted on May, 11 2012 @ 02:12 PM
link   
reply to post by LightSpeedDriver
 


this isn't a hardware issue or system setup. The ip i mentioned has been openly knocking at my door for several days now, only the last three days has it become more persistent. I have currently taken down the firewall from the xp zombie machine and the hdd went viral for about 45 seconds and then random intervals of read -write was observed. No apparent changes have been made but some reg keys have been added. The gmail sms has been confirmed and tripple checked from two close freinds who have access to my personal email for fail safe reasons and they have not accessed it within past four hours.

I had an encounter with some guys from Estonia last year that ended with both of us licking our wounds, perhaps its them, perhaps its the other them. All in all, the machine is wide open, so come in, have a seat, take your shoes off, relax, said the spider to the fly.



posted on May, 11 2012 @ 02:13 PM
link   
reply to post by schuyler
 


the ip is exactly what i typed i simply left out the dots in between so it wont be indexed.
edit on 11-5-2012 by cerebralassassins because: (no reason given)



posted on May, 11 2012 @ 03:16 PM
link   
I am intrigued by your problem because every so often (only while on ATS) when I click on a thread link I would breifly see http:/1.1.1.1 in the address bar.
I'd always assumed it was my (says quietly) anti ad set up. But now I am alerted by what you say though you are claiming 1111.1111.1111.1111. which as far as I know is not possible though 111.111.111.111. is.
Keep us updated please.



posted on May, 11 2012 @ 03:16 PM
link   
reply to post by cerebralassassins
 

I can only repeat, the address 1111.1111.1111.1111 can not and does not exist in IP addressing. 111.111.111.111 does but that is not what you posted.



posted on May, 11 2012 @ 03:41 PM
link   
reply to post by LightSpeedDriver
 


lightspeed, you are correct, excuse the obvious error in my typing. Yes it was 3 consecutive 1's in quadruple format just as a regular ip range is.



posted on May, 11 2012 @ 04:18 PM
link   
IP lookup say's it's from Japan.
I'm not sure how accurate that is.
Could just be a mask.



posted on May, 11 2012 @ 06:02 PM
link   
reply to post by cerebralassassins
 

Judging from the symptoms you post, I would say you have a virus Trojan, or some other ill-meaning program running but it is a bit of a stab in the dark without knowing if you are behind some kind of NAT (Network Address Translation) device. If you have a NAT device between you and the internet your PC is unreachable to the world, except for the data and connections you ask for. The NAT device automatically drops any connection attempts unless specifically defined and configured manually by you.

Hope it helps some.



posted on May, 13 2012 @ 04:12 PM
link   
Update:

The hdd has officially entered the digital heaven. If you recall i opened up the service, dropped the firewall and left the machine alone. Frequent read write and reg key added services was noted but it seemed to running fine. At about 4am the machine did a reboot and that was it. The hdd is inoperable, all data has been corrupted. I have kept all log files from incoming and outgoing traffic to the particular machine so its going to take some time to pin point from who or what this obvious above normal traffic originated from. Paste bin here i come...



posted on May, 14 2012 @ 11:24 AM
link   
reply to post by cerebralassassins
 


Is this coming over your wan, or the wifi?



posted on May, 14 2012 @ 11:26 AM
link   
reply to post by LightSpeedDriver
 





I know nothing about your setup but assuming you are behind a home adsl/cable router, there is no way a machine on the internet can reach behing your ads;/cable modem.


Worst advice.... ever....

If you can connect out, they can connect it, it's up to you to secure the connection, your ISP modem doesn't secure anything, even if it's a router, you have to configure the firewall yourself.

Why? Because just being connected is leaving you open, if your isp modem stopped all incoming attacks, you wouldn't need a firewall, or antivirus, oh, and also the entire internet would stop working.
====

Most isp modems / routers are basically running NAT. You've got a single external IP address out to your ISP network, then your modem/router hands out DHCP addresses to your clients in the network, usually in a 192.168.x.x network.

The datamodem does the network address translation between that internal network and the external network (and internet)

This is why, if you have a friend try to ping your internal address, it doesn't work, but if they try to ping your modem it does. It's by no means a security measure.
edit on 14-5-2012 by phishyblankwaters because: (no reason given)



posted on May, 14 2012 @ 01:45 PM
link   
reply to post by phishyblankwaters
 

Wrong. Only UPnP enabled routers can be a danger. I don't know about US ADSL modem routers, but the cheap crap they give away here has a built-in firewall. The only way you will leave ports open on that is by either doing it yourself via configure on the router or by running malicious programs that punch holes in your router open FIRST. Just to be clear.

But that was also why I added the disclaimer "I don't know what your setup is but...."

As for incoming attacks, I repeat, it's built in to the router.

I'm a sys-admin (not to brag), I understand the concept of NAT quite well. As for the single address, that's the whole point of NAT, but that address isn't yours, it's the router's external interface, not your PC.


As for the rest, you are preaching to the converted except you forgot to mention there is no way "your friend" can ping your internal address.



new topics

top topics



 
1

log in

join