Is this a wifi theft hack?

Status
Not open for further replies.

verndewd

Distinguished
Mar 27, 2009
634
0
18,990
PORT STATE SERVICE VERSION
23/tcp open telnet Broadcom BCM963268 ADSL router telnetd
80/tcp open tcpwrapped
443/tcp open tcpwrapped
5431/tcp open upnp Belkin/Linksys wireless router UPnP (UPnP 1.0; BRCM400 1.0)
8085/tcp open tcpwrapped
Service Info: OS: Linux 2.4; Devices: broadband router, router; CPE: cpe:/h:broadcom:bcm963268, cpe:/o:linux:linux_kernel:2.4

former state, literally minutes before. Case 2 I dont have any Linksys, ANYthing.

Not shown: 65529 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
443/tcp open https
1990/tcp open stun-p1
5431/tcp open park-agent
8085/tcp open unknown

Your input is greatly appreciated, it looks to me like wireless signal theft. wireshark , router and zenmap files available as well.,, Maybe
 
But wait there is more my router logs kept insisting there were intrusion attempts:::01/01/2019 02:42:34 AM Firewall Intrusion -> IN=ppp0.1 OUT= SRC=176.119.4.73 DST=65.129.63.97 PROTO=TCP SPT=44575 DPT=8344
01/01/2019 02:42:33 AM Firewall Intrusion -> IN=br0 OUT=ppp0.1 SRC=192.168.0.5 DST=47.254.79.165 PROTO=UDP SPT=29593 DPT=32100
01/01/2019 02:42:33 AM Firewall Intrusion -> IN=br0 OUT=ppp0.1 SRC=192.168.0.5 DST=47.93.34.139 PROTO=UDP SPT=29593 DPT=32100
01/01/2019 02:42:33 AM Firewall Intrusion -> IN=br0 OUT=ppp0.1 SRC=192.168.0.5 DST=47.91.222.210 PROTO=UDP SPT=29593 DPT=32100
01/01/2019 02:42:33 AM Firewall Intrusion -> IN=br0 OUT=ppp0.1 SRC=192.168.0.6 DST=108.177.98.188 PROTO=TCP SPT=48746 DPT=5228
01/01/2019 02:42:28 AM Firewall Intrusion -> IN=br0 OUT=ppp0.1 SRC=192.168.0.4 DST=205.171.3.25 PROTO=ICMP
01/01/2019 02:42:28 AM Firewall Intrusion -> IN=br0 OUT=ppp0.1 SRC=192.168.0.4 DST=205.171.3.25 PROTO=ICMP
01/01/2019 02:42:22 AM Firewall Intrusion -> IN=ppp0.1 OUT=

Not only that but i detected an android device with a cyanogen rom os which i later found was a hackers friend
 

i found a certified security guy on another forum, let me see what he says.. and fyi its a century link router , i cant change diddly and neither can tech support
 
I scanned the bloody hell out of everything. all I found was a linksys belkin port series on my technicolor router, i deduce that, its either a broadcom chip associated with those brands or this alleged hacker is invisible. I used zenmap extensively, But i did find an interesting randomized mac presence on my fingbox, since it does the same thing i really do doubt it would read itself but it could during an attack, But more than that I have no idea. I did get some fishy details from wire shark and through an android scanner i picked up hidden mac addresses and bridges.
 
Status
Not open for further replies.