Possible Internet / ISP Surveillance?

Status
Not open for further replies.

LittleJess

Banned
Messages
1,089
I know this might be a unusual thing to bring up, but I'm suspecting someone is using surveillance on my internet connection, not your classical man in the middle attack or anything, I'll explain.

1. I have a dynamic ip address, It's literally been the same for a month now, no matter how many times I flush my DNS or reboot my router, I always end up with the same IP address.

2. I keep getting weird messages like 'Access to website blocked" or "suspected Session Fixation"

3. I do some work in open source software, dealing with cryptography, and have delt with chinese and russian hackers attacking a few VPS's of mine.

4. My steam account was hacked within the last year, by someone in Russia.

5. Considering using a VPN because of this, its weird as hell.

6. I'm involved in a lot of activism and wouldn't be surprised if someone was trying to gather up information.

I just find this weird and unusual, maybe its just a bug in my router.

I've also looked at a lot of the certificates and the footprints match the originals, so there isn't a Man in the middle attack or anything.

If there is surveillance going on, it would be at the ISP level.

Maybe I'm just paranoid, haven't done anything illegal, but have had some weird things happen, like police coming to my house asking about specific things that I don't know anything about, I sometimes see weird cars parked outside near my house...

I'm guessing if it is government related, it would be next door, as the housing numbers are stuffed up because of our old landlord so, mail gets mixed up often.

Often, its just seen as one house, and two appartments, for example.

Not my real address, 32B or and 32A but there is no 32, 32B doesn't exist, but 32A does. which is a real pain.

Okay, maybe I'm sketchy.
 
You can check with some tools. I haven't done it myself because I haven't had the need and I'm not that tech savvy, but I'm aware the tools exist. I think pwnie express makes some tools to monitor and even mess around with your network connection to see who's on there. You could also run a VPN as you mention and then try to do diagnostics using the safe connection. You could also try setting up a Tor node, although that won't necessarily help you if the issue is somebody snooping on your network from nearby.
 
Yeah, I'll look into it, I'll have to wait until I repair this PC before I can do any looking.


I just bought myself a VPN to use in the meantime, I needed it anyway.
 
DrunkBunny said:
1. I have a dynamic ip address, It's literally been the same for a month now, no matter how many times I flush my DNS or reboot my router, I always end up with the same IP address.

Contact your ISP. If they cannot help address the issue, use a different router with the same settings. Consider it like a trial and error case.

DrunkBunny said:
2. I keep getting weird messages like 'Access to website blocked" or "suspected Session Fixation"

Messages like 'Access to website blocked' could be down to anything from a false positive to a malicous webpage. Of course it's down to you to decide on this front. Check what's causing it. Is it the ISP issuing these notices, your web browser or is it the AV/AM software your using. In regards to the Session Fixation message read this article https://www.owasp.org/index.php/Session_fixation.

Are you using Linux or Windows?

DrunkBunny said:
4. My steam account was hacked within the last year, by someone in Russia.

Using strong complex passwords and using 2FA is strongly recommended. https://www.youtube.com/watch?v=pMPhBEoVulQ Whilst steam's attempt at 2FA isn't great at least it's something.
 
Okay I did some looking into it, what I've discovered, my IP does change every day, just not when I reset my router.

just the beginning of the IP is staying the same, for example (122.93) so maybe my ISP has a IP shortage? (not my real ip of course)

didn't even realize until I started to record my ip and compare it every day.
 
DrunkBunny said:
Okay I did some looking into it, what I've discovered, my IP does change every day, just not when I reset my router.

just the beginning of the IP is staying the same, for example (122.93) so maybe my ISP has a IP shortage? (not my real ip of course)

didn't even realize until I started to record my ip and compare it every day.

IP addresses are allocated in blocks of contiguous addresses. A block with the same first two parts (e.g. XXX.XX) has 65,534 possible IP addresses. It's very possible/likely that your ISP only has one block of addresses. (Most likely, the block is set up as a much smaller chunk; 65,534 is much more than most ISPs would need.)
 
Yeah, I'm aware, but I found it rather odd as I haven't had this occurrence before, usually It's very unique.

Maybe the IPV4 shortage is getting quite bad in Australia?
 
DrunkBunny said:
Yeah, I'm aware, but I found it rather odd as I haven't had this occurrence before, usually It's very unique.

Maybe the IPV4 shortage is getting quite bad in Australia?



Attacks are so common now at least in the USA I wouldn't even assume at first glance anything as a targeted attack. Many people proxy out of Russia or China for attacks as well. So hard to guess actual locations of hackers.

If you release your IP from your router, unless you leave it off for some amount of time(even if you do in some ISP's) it will just give you the same IP back. Also most ISP will give you an IP with only the last few digits changing.

VPN's are bad now days, most people say to use things like SSH tunnels but thats kind of sketchy. A VPN tho at least when I tried it drew twice as much attention and attacks as not having one.

If you're on windows, mac, or main stream linux(Ubuntu) privacy really isn't a thing anyway.

On average even without a PC on, my router detects around 40-80 attacks a day, mainly from Chinese IP's. most common current attacks are on DNS and Remote control. (mainly on old non updated systems not behind a NAT router, or just behind an old router)

As for pages not loading, that's not the work of a government trying to watch you (not saying they don't, any adv gov watches it's and other citizens even if it seems illegal). Any government or person trying to watch for data won't try to show them selves so openly as to restrict web request, at least I wouldn't think. However if you goto part of the internet that's for a group against another group, there could be malware from the opposing group(tho rare).

Rule of thumb keep browsers updated and block adds and un-needed scripts. and for extra protection you can run the browser in sandboxes(or in extreme cases in a VM)

Keep all programs running on the computer including the OS updated, and make sure your router's firewall is enabled. also setup an anti-virus, anti-malware, and firewall(assuming AV doesn't come with one)

Also close any remote back doors in your router put there by your ISP, if legal in your area/contract
Also if your ISP allows it block incoming ICMP on the router.

//side note
Web pages are commonly denied to IP's with bad reputation(VPN/Proxy or small ISP) or in countries outside of a disputed legal copy writes.
 
Status
Not open for further replies.
Back
Top