ow7iee

Holy crap! Is this normal? I have at least 200 computers in OA and I'm not even running a network!

Recommended Posts

This started after I had switched to a new ISP a few days ago... Before that the list was almost empty, only my smartphones were in the list if they were connected.

 

firewallu.jpg

 

 

 

I don't get this... new computers all the time now in my list... At least 10-20 unknown computers / day, I give them all the "Distrust" status...

 

I'm not running a network, I live alone with my kids... We only have 1 computer atm....

 

Any ideas whats going on here???

Share this post


Link to post
Share on other sites

Looks like a serious configuration issue of your new ISP. Usually ISP customers can't see each other over the Internet connection, but in your case they can. You may want to talk to your ISP about this.

Share this post


Link to post
Share on other sites

Hi again... The female on the phone didn't really get what I was trying to explain and I was in a hurry so I we didn't solve this issue...

 

However... today I got an idea, I downloaded a network scanner, I thought it would show the name of the computers, just like OA always done for me in the past until I got the new ISP.


Here .... This picture might explain it? Every http;// found in there goes to a "WEB LOGIN" page... different ip:s but always the same page!!! That means it CAN NOT be computers that is filling the "computers" list in my Online Armor... Is it a server that is acting weird, changing ip:s all the time?? I tought it might be easier for you now after this, to solve it and tell me what's wrong?


lalalalalalao.png

I hope you can see what's wrong now...

Many thanks :)



 

Share this post


Link to post
Share on other sites

Actually each of the IP you mentioned seems to be the router or modem administration interface of ADB (a US internet service provider) customers. Honestly, it is quite disconcerting that you are able to access administration interfaces of ADB customers. That being said: Using the Network Scanner is not the correct way to determine how those computers showed up. Essentially there are two ways of how Online Armor detects computers on your network:

 

First of all there is an active mode that causes Online Armor to actively seek out computers by sending packets out and seeing if anyone answers. This mode is disabled by default as it isn't necessary in most cases. So unless you enabled the active subnet scans, this won't cause the issue. If you have that enabled, you may want to disable it.

 

The second method will passively look at what packets arrive at your computer. There are two ways how packets may end up on your computer. First of all, if you are using a hub instead of a switch, if computer A tries to connect to computer B the packets of those connections are not directly sent to computer B, but to all computers connected to the hub instead. Usually every computer except computer B will ignore them, but every computer essentially receives them and can look at them. The other way, if you are using a switch that only sends packets to the computer they are addressed to, is that another computer actively seeks your computer out and tries to connect to it. In both cases Online Armor will see the packets and use them to get an idea of your network and to fill up the computer list.

 

What is most likely happening on your system, if the active sub-net scan is disabled, is, that packets that are not directly addressed to your computer end up at your computer, which is quite bad actually, because those packets may contain private information and if you can see other customer's packets chances are they can see yours. In addition those packets will eat up some of your bandwidth decreasing your download speeds and if you pay for traffic consumption increasing your monthly traffic bill.

 

The easiest and most definitive way to confirm that this is indeed the case would be to run a sniffer on your system. A sniffer essentially is a program that logs all packets your computer sees. If packets show up on your computer that don't belong there the sniffer will allow you to determine where they came from (meaning if they came through your internet connection or somewhere from your local home network). Unfortunately sniffers can be quite hard to use, especially if you are not familiar with network terminology. So I would offer you to take a look at your system remotely to see where those packets come from through the means of remote control software. This won't cost you anything and you will be able to watch every step I do to make sure I don't do anything on your system that you don't want me to. If you don't feel 100% comfortable with that I will do my best to explain to you the steps involved in installing and using a sniffer yourself. It will take quite a bit longer though but I am fine with either way. Just let me know which way you prefer :).

Share this post


Link to post
Share on other sites

In addition to what Fabian said, if you open Online Armor, then go to Options in the menu to the left, and then go to the Firewall tab, do you have "Active subnet scanning" enabled? If so, then you may want to turn it off.

Also, if you can connect to your ISP using a router rather than directly connecting your computer to your modem, then that might help as well.

Share this post


Link to post
Share on other sites

Wow! I never seen customer support as great as here anywhere else... Many thanks for all your efforts trying to help :)
No I don't have active subnet scanning enabled. My computer is connected directly to the broadband wall socket (temporarly until I'll get a new wireless router)

About the sniffer... Many thanks for your offering your help.. I know exactly what it is and how to use such software... I played a practical joke on a neighbour friend a few years ago, he laughed when I told him to change from WEP to WPA because of the weak security in wep.. This was before facebook supported the secure server protocol, I called him and told him to come over to my house, I showed him so he could se with his own eyes, I had captured just about 100 megs of data, I revealed his wep password just in a few seconds with aircrack, also he is a great friend so I didn't want to look at the data in the packets so I asked first and when he saw that his latest facebook status update was visible right there in clear text in commview he understood. Afterwards he thanked me :)
I would never use a sniffer for illegal activities, people that doesn't respect our laws makes me angry! I do like to experiment and try stuff, to learn more and improve my computer skills... Since I know a little more than the average Joe about network security and related stuff and how a person with bad intentions can use a sniffer to steal passwords and other private data I got a little worried when I saw all the computers appearing in online armor.

That's why I started this topic, also thats why I'd never accept using anything else than online armor for firewall protection. A million thanks for your efforts... And for the best firewall software aswell... I don't really know what problem can be, can an ISP really be so incompetent that they let us customers access and view their own router interface? But now when I think about it, I guess you're right... It can't be anybody elses, especially since I'm connected via wire and don't have a wireless router atm...

If you get some new ideas what can be causing this I'm happy if you can post more info here. Thanks again :)

Oh btw... maybe I'm a bit stupid and this feauture is already available in OA. An option / setting that automatically sets all future computers that pops-up in the "Computers List" into "Not Trusted" state. Would be a great option when weird stuff like these happens...

Edited by ow7iee

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.