Thread replies: 4
Thread images: 1
Thread images: 1
CTSTATEMARSHAL (ID: !!f44fgRk01gx)
In Regards to Comcast ("Xfinity") AP Mysterious Changing MAC 2017-03-02 08:26:51 Post No. 59204522
[Report] Image search: [Google]
In Regards to Comcast ("Xfinity") AP Mysterious Changing MAC 2017-03-02 08:26:51 Post No. 59204522
[Report] Image search: [Google]
File: fuckoffnsa.png (192KB, 1920x1080px) Image search:
[Google]
192KB, 1920x1080px
In Regards to Comcast ("Xfinity") AP Mysterious Changing MAC
CTSTATEMARSHAL (ID: !!f44fgRk01gx)
2017-03-02 08:26:51
Post No. 59204522
[Report]
Hey /g/ .. OP here of this archived thread from yesterday. >>59183087
So thought I'd let you know the whole thing
Brief summary the MAC of my Comcast-rented access point which is a DPC3941T about 3 or so months ago suddenly changed what I saw on KISMET Airodump-ng , etc for it's 10.0.0.1 or gateway IP (whatever I may set it to, but it is limited by firmware to the 10.x subnets) to this strange MAC address. So here's the full address as requested. Running Nirsoft's 'whoisconnected' or whatever actually shows the 10.0.0.1 IP changing to these different remote ones, some of which I've looked up on ripe or arin and they come back to Eastern European countries, and at least one did not and was apparently Comcast...
If you have either an Arris or Cisco AP , at least the ones Comcast lease out to you, please check vuln db's on it because this one's got this lovely vuln which isn't patched and probably won't be.
4A:F7:C0:B5:56:1F
^ NEW fake (I believe, it's not a known manufacturer anyway or anywhere near the BSSID 's of the device, or different kinds of MACs which start with EC:xx)
also
>>willingly (regarding the lawsuit, saying I willfully or willingly allowed Comcast to fuck me over, thus the suit is pointless or I can't win)
Nope, I did not do such a thing .. in fact the person who holds the account is in an old people's home and has dementia. She signed things, and I didn't.. either way I'm sure she didn't willfully say 'OK, I can't wait for Comcast to lease us a highly vulnerably set of Access Points for years for only 12 easy payment per year of $10!' It'll be a tort and I will file it with a
JD-CV-1 Rev. 4-16 under Connecticut General Asssembly applicable code to
ONE COMCAST CENTER 52ND FLOOR
1701 JOHN F KENNEDY BLVD
PHILADELPHIA PA
19103
Please kek at this: https://www.sec.gov/Archives/edgar/data/1141107/000095014406005226/g01717exv99w1.htm
"Why Arris" (Comcast's business reasons for going with Arris.. disclosed)
>>
>>59204522
So someone got into your network somehow and ???
>>
>>59204522
>MAC
Found your problem.
>>
>>59204611
I really don't know, man. I suspect they Telnet'd in but I can tell you whilst on IRC the other week, some malicious person was doing the typical 'pentesting' and also D(D?)OS-ing me offline several times, then told me 'You really should have your AP replaced..' and made it clear it was very very easy to infiltrate. Now, Comcast say in their Law Enforcement Manual now a few years possibly out of date, that TCP 43000 or UDP 9000 are prefered ports, and I dont see much going on there. If I were to run Wireshark for a while, or during a certain procedure like initializing the whole AP while it goes through its DOCSIS 3.0 stuff with a cap filter for only that MAC (Machine Access Code, not Apple.. nice one though) maybe I can post it somewhere and have you or others review it if you care to. Thank you for reading my post.
If you have any methods you could briefly or however describe regarding the detection of traffic being diverted to another AP , as done in wiretaps actually.. that'd be cool. The fact that said program detects all these different IP's instead of just 10.0.0.1 and shows em changing up in real time is very suspect on top of the changed MAC. Peace.
Thread posts: 4
Thread images: 1
Thread images: 1