RodneyMcSnow
Technical User
This past weekend I noticed strange activity on our home network and I noticed on all of our computers (9) that a gm ware virtual machine was running and SQL was installed in addition to a Windows credential installed on several machines.
The computers are win 7 pro, ultimate and win 8.1pro and they all sit nicely behind a sonic wall tz210.
After 4-days we finally traced the issue back to our ISP whom didn't believe this until they sent a out a tech whom was forewarned if you connect your computer directly to the cable modem or behind any retail firewall you will be meet the same demise. I also mentioned that we have changed the cable modem twice already.
Well, once the tech pulled out another cable modem and activated it then instantly connected his laptop and within 15- seconds the win 8.1 laptop was installed with Cisco software to create sslvpn tunnel, Microsoft Visual Basic, SQL and several certificates loaded to the laptop.
I have to say that His reaction was jaw dropping. How could this happen.
The best part is it wasn't even connected to my network that laptop the tech missions laptop was connected directly to the cable modem and he was forewarned what was going to happen at this point the cable company is obviously trying to figure out who is doing this type of a scripts hack or man in the middle or whatever it's called attempt.
All I can say is we've been down now since the middle of last week and still no Internet access doesn't matter what brand of hardware firewall you install doesn't matter what type of operating system or computer you're running in a matter of seconds whatever's happening this remote hacker gets control the computer and starts loading him script files a change everything.
I've never seen this before everybody I talk to is never seen this before has anybody ever seen a firewall weathered be a sonic wall Linksys Amick year I nieces or many of the other ones get totally bypassed in a matter of just a couple seconds and then complete access to the lamb network?
The one thing I can say when I was watching the Lawtons I do see 0.0.0.0:67 as the source address 2255.255.255.255:68 as the destination.
Someone or some group is totally screwing things up and if someone has any recommendations as to how to prevent a hardware firewall from instantly being bypassed I'm all ears. By the way, as previously mentioned we have changed the cable modem but different types of hardware firewalls made sure to configure them with a brand-new computer right out of the box and still the problem exists please if anybody has any recommendations please help!
The computers are win 7 pro, ultimate and win 8.1pro and they all sit nicely behind a sonic wall tz210.
After 4-days we finally traced the issue back to our ISP whom didn't believe this until they sent a out a tech whom was forewarned if you connect your computer directly to the cable modem or behind any retail firewall you will be meet the same demise. I also mentioned that we have changed the cable modem twice already.
Well, once the tech pulled out another cable modem and activated it then instantly connected his laptop and within 15- seconds the win 8.1 laptop was installed with Cisco software to create sslvpn tunnel, Microsoft Visual Basic, SQL and several certificates loaded to the laptop.
I have to say that His reaction was jaw dropping. How could this happen.
The best part is it wasn't even connected to my network that laptop the tech missions laptop was connected directly to the cable modem and he was forewarned what was going to happen at this point the cable company is obviously trying to figure out who is doing this type of a scripts hack or man in the middle or whatever it's called attempt.
All I can say is we've been down now since the middle of last week and still no Internet access doesn't matter what brand of hardware firewall you install doesn't matter what type of operating system or computer you're running in a matter of seconds whatever's happening this remote hacker gets control the computer and starts loading him script files a change everything.
I've never seen this before everybody I talk to is never seen this before has anybody ever seen a firewall weathered be a sonic wall Linksys Amick year I nieces or many of the other ones get totally bypassed in a matter of just a couple seconds and then complete access to the lamb network?
The one thing I can say when I was watching the Lawtons I do see 0.0.0.0:67 as the source address 2255.255.255.255:68 as the destination.
Someone or some group is totally screwing things up and if someone has any recommendations as to how to prevent a hardware firewall from instantly being bypassed I'm all ears. By the way, as previously mentioned we have changed the cable modem but different types of hardware firewalls made sure to configure them with a brand-new computer right out of the box and still the problem exists please if anybody has any recommendations please help!