ebrke Posted May 18, 2014 Share Posted May 18, 2014 (edited) My knowledge of networking is just about nill--I left all default settings when I installed ESET Smart Security 7 on mother's win 7 laptop. Last night I found an ESET message that a new network connection had been detected. The DNS extension shown in the message was standard for Comcast (hsd1.xx.comcasat.net) but I didn't recognize the subnet shown, it wasn't my router. I debated for a few minutes then gave the connection a Public status figuring there wouldn't be much damage done. Went to the zone entries in ESET. The new zone was the same as original Comcast zone except that it showed 2 subnets, the first unknown to me, the second my router's IP address. Long story short, I wound up deleting the new zone that showed the unknown subnet in addition to my router. In retrospect, I should have done some investigation of the new subnet address, but it was late and I got a little freaked out wondering if I should even have allowed it as Public. Sorry to be so vague, but does anyone have any idea what might have been going on? What causes ESET to generate the New Connection notification? I have the ESET manual, but the Advanced section where this is covered is a little over my head. Wireless is disabled through win 7 control panel by the way. EDIT: Forgot I have to link to an image. Don't have a way to do that right now, so can't show the ESET Zone entry I was going to post. Edited May 18, 2014 by ebrke Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted May 18, 2014 Share Posted May 18, 2014 This is definitely a job for Aryeh (Goretsky). Hopefully, he'll see this post soon. If not, one of us will PM him about it, Elizabeth. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 18, 2014 Share Posted May 18, 2014 EDIT: Forgot I have to link to an image. Don't have a way to do that right now, so can't show the ESET Zone entry I was going to post. RE: Images You could upload (as guest) to imgur.com and click the one that is for forums on the right hand side. Quote Link to comment Share on other sites More sharing options...
ebrke Posted May 19, 2014 Author Share Posted May 19, 2014 (edited) Looking through the log files on that PC, I also see warnings about DNS cache poisoning attacks. No messages have displayed--I know she would have asked me), and I'm assuming that the attacks were stopped because if you right-click on the entries one of the options is "Don't block similar event in the future", so I'm assuming that they were blocked and just logged. EDIT: nslookup shows the source of the "poisoning" is cdns01.comcast.net. I think this is just Comcast doing stuff--there are a few reports at other sites of the same happening, although they're from a year or more ago. Edited May 20, 2014 by ebrke Quote Link to comment Share on other sites More sharing options...
goretsky Posted May 19, 2014 Share Posted May 19, 2014 Hello, Was there some change to the network connection (update to cable modem or router, installation of virtual machine software)? Regards, Aryeh Goretsky Quote Link to comment Share on other sites More sharing options...
ebrke Posted May 19, 2014 Author Share Posted May 19, 2014 (edited) Hello, Was there some change to the network connection (update to cable modem or router, installation of virtual machine software)? Regards, Aryeh Goretsky No, nothing like that, unless it originated at Comcast's end.EDIT: Comcast supposedly "increased" my speed recently and said to be sure I got this benefit, I should power cycle their modem and my router. Didn't do it--my speed is already fine for my modest needs and with Comcast equipment, you're never sure something's going to come back on line once you shut it off. Edited May 20, 2014 by ebrke Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 19, 2014 Share Posted May 19, 2014 When our connection reconnects it does something similar, but it actually says it's a wireless network (my wireless card is disabled) so I just cancel it. Quote Link to comment Share on other sites More sharing options...
ebrke Posted May 19, 2014 Author Share Posted May 19, 2014 When our connection reconnects it does something similar, but it actually says it's a wireless network (my wireless card is disabled) so I just cancel it. No, there was nothing about a wireless connection, just a new network connection notification from ESET. I'm bummed that didn't get a Snip and I can't even find the piece of paper where I jotted the unfamiliar subnet address. Quote Link to comment Share on other sites More sharing options...
goretsky Posted May 20, 2014 Share Posted May 20, 2014 Hello, You can always call tech support at +1 866 343 3738 and ask support. Regards, Aryeh Goretsky Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted May 20, 2014 Share Posted May 20, 2014 Hello, You can always call tech support at +1 866 343 3738 and ask support. Regards, Aryeh Goretsky But we have personal tech support right here. 1 Quote Link to comment Share on other sites More sharing options...
goretsky Posted May 22, 2014 Share Posted May 22, 2014 Hello, Heh. I'm in research. My realm is more on the "let's infect it and see what gets pulled down" side of things, as opposed to trying to block them. Regards, Aryeh Goretsky 1 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted May 22, 2014 Share Posted May 22, 2014 Oooh! You get to do the fun stuff. 1 Quote Link to comment Share on other sites More sharing options...
crp Posted May 22, 2014 Share Posted May 22, 2014 Oooh! You get to do the fun stuff. until it escapes into the wild. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted May 22, 2014 Share Posted May 22, 2014 No worries. Linux for me. Quote Link to comment Share on other sites More sharing options...
goretsky Posted May 23, 2014 Share Posted May 23, 2014 Hello, Which explains certain features of the places in which I work, like the lack of network connections and windows, plus EMF shielding in the walls. I suppose I could walk a floppy diskette out, though. Actually, the worst thing I ever had to deal with, in terms of amount of work for me, wasn't even Windows- or Linux-based malware. It was Mac-based. Regards, Aryeh Goretsky until it escapes into the wild. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 24, 2014 Share Posted May 24, 2014 Quite understandable Aryeh. Macs are relatively new to the malware arena and now researchers must figure out how it gets in, what it ads, changes, what it is doing, how it hides. Plus Macs make it not as easy for users to get under the hood in some cases. Of course as more and more are injecting themselves into Macs and Linux as well as Windows through browser exploits in some ways it will get easier for researchers over time. Not sure I am happy with it becoming a bit more prevalent on Macs or Linux as in time they will catch up to Windows. But that will take a long time yet. Until then, it's a relatively new frontier and OS X keeps evolving as well. But obviously the malware purveyors are figuring that out, so the good researchers will have to follow... Quote Link to comment Share on other sites More sharing options...
goretsky Posted May 25, 2014 Share Posted May 25, 2014 Hello, It wasn't the technical issues surrounding it--it was a porn-related piece of malware. Regards, Aryeh Goretsky Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 25, 2014 Share Posted May 25, 2014 Hello, It wasn't the technical issues surrounding it--it was a porn-related piece of malware. Regards, Aryeh Goretsky People still think they can go to sites that put their systems at risk without using a LiveCD running Linux. Sigh... Quote Link to comment Share on other sites More sharing options...
Capt.Crow Posted May 28, 2014 Share Posted May 28, 2014 People still think they can go to sites that put their systems at risk without using a LiveCD running Linux. quote from LilBambi Trisquel.. the only live cd I have.. Does that mean I have to boot to that or just put it in after I start up and connect to ISP.. 1 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 28, 2014 Share Posted May 28, 2014 Boot from the LiveCD For risky behavior, especially if you have Windows. Quote Link to comment Share on other sites More sharing options...
Capt.Crow Posted May 28, 2014 Share Posted May 28, 2014 Windows is reduced to a folder . No boot . MBR wrecked . Wont even run exe.'s with wine. Complete mess. Dont care . I think.Just dont want to messup Deb, Quote Link to comment Share on other sites More sharing options...
goretsky Posted May 29, 2014 Share Posted May 29, 2014 Hello, Next month I get to help manage Cyber Boot Camp for the approximately twenty-four high school students (three teams) who won the fifth annual San Diego Mayor's Cyber Cup Challenge. Usually it's one team. *twitch* Regards, Aryeh Goretsky awesome! you'd be great fun at a hacking party! 2 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 29, 2014 Share Posted May 29, 2014 Sounds like a great opportunity for the teams! Wow, much more than usual. I hope you have some help! Quote Link to comment Share on other sites More sharing options...
goretsky Posted May 30, 2014 Share Posted May 30, 2014 Hello, There will be lots of adult supervision. Regards, Aryeh Goretsky Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted May 30, 2014 Share Posted May 30, 2014 Define "adult". Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.