Home network hacked

@Ciceroo
 
If you are not sure about IP addresses, these articles will help you understand better.

• Public vs. Private IP Address: What's the Difference
• Difference between Private and Public IP addresses
• Public vs. Private IP Address: How Are They Different?
• How Often Does Your IP Address Change?

Sorry for taking this long to answer. Here's a link to one of the Wireshark logs. I have more if needed. Also I will upload later unedited screenshots of the cable gateway logs.

 

https://mega.nz/file/xe0DxDLD#fZW6V3CMNSdwhP2Bs_-Wj1IvhFh8kp08rb-wtJtzHeE

Upload the ones you have so there's more information.

I have looked at the log, and so far I see no information that could be of malicious nature and looks like normal traffic.

Edited by cryptodan, 29 February 2024 - 10:55 AM.

The hacker was able to see everything I was doing on my computer, he was streaming my desktop to some people also. That was my definite proof I was hacked. Is it possible he was smart and once he saw me boot up Wireshark he turned off everything ?

The two devices that show up are likely your cable boxes COAX connection

The Second Device: https://maclookup.app/macaddress/0023BE

The final device: https://maclookup.app/search/result?mac=105F49

In the logs what do you suspect is the malicious activity I am looking for the source IP.

As I said earlier, I do not understand Wireshark logs - at all. And of my cable gateway screenshots I only understand to look for unknown MACs and IPs. What's your explanation to me getting port scanned by my ISP's DNS server and strange IP addresses constantly ?

 

Also I called my ISP's tech support about not being able to access cable gateway's DMZ settings at all, my browser gave some error every time I tried to do it. My ISP said it is not typical behaviour, if factory reset doesn't fix it there's something strange going on.

 

If you were a hacker and blocked the victim from accessing DMZ and set the settings to further your own goals - whatever they might be - how could I find proof of it ? I could possibly fetch the cable gateway from authorities and hire an expert to look at it.

 

Sorry for my questions, I barely understand anything about cyber security.

I get port scans all the time in my router from all over the internet looking for vulnerable computers that have potential exploits, and I just ignore them.

The DMZ is a place for things outside your network. If there is nothing in there, then yes you wont be able to get to it. The DMZ aka Demilitarized Zone is generally used for public web facing services that then forward specific traffic to the internal network if setup. These are common in major enterprise configurations with networks.

So where are you trying to access in the DMZ? Is it a server thats wide open to the internet?

Yes it is no uncommon for Botnets and Zombie computers to constantly scour the Internet, randomly scanning a block of IP addresses, searching for vulnerable/commonly probed ports and make repeated attempts to access them.

I meant I was not able to access the DMZ settings of my cable gateway at all, I was not even able to see if DMZ was enabled or not. Everytime I tried to access DMZ settings my browser gave an error - even after a factory reset which shouldn't happen according to my ISP's tech support.

 

The hacker and his associates also boasted about being in the root of my cable gateway and other devices. That's why I said the hacker was very gifted, I would guess being able to infect devices with something that can survive a factory reset is not something most hackers can do.

Edited by Ciceroo, 29 February 2024 - 12:14 PM.

For the hacker to disable the DMZ Settings they would need to upload custom firmware to your router and that would then require a reboot which would likely prevent them from accessing your gateway all together.

The error which you got would be nice to have as to that would convey a likely issue.

"which would likely prevent them from accessing your gateway all together."

 

What do you mean by this ? My public IP changing ?

 

"The error which you got would be nice to have as to that would convey a likely issue."

 

I can try fetching the cable gateway from authorities tomorrow. I do not remember the error message.

Yes the IP address changing or the router returning to default settings as if not setup.

I do not have a static IP - my ISP charges extra for it - but I just checked and my IP has been the same for atleast 2 days even though I have rebooted my current cable gateway multiple times. I shall call my ISP tomorrow and ask how often the IP is supposed to change.

 

"the router returning to default settings as if not setup."

 

But if the hacker uploaded a custom firmware/changed factory default settings, doesn't he decide what are the default settings ?