|
Member
Iscritto dal: Oct 2003
Messaggi: 35
|
Ackers di Rete Esperti
Se sono utili vi fornisco tutto quanto trovato nei registri di XP alla chiave
HKEY-LOCAL-MACHINE\SYSTEM\currentcontrolset\services\Tcpip\parameters\Interfaces
e relative sottocartelle :
"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{267C0BDB-7732-4071-880D-B5E2A5CDEE7E}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DefaultGatewayMetric"=hex(7):00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00
"UDPAllowedPorts"=hex(7):30,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00
"NTEContextList"=hex(7):00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3173D457-F841-4AA9-933D-14383203BDED}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DefaultGatewayMetric"=hex(7):00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00
"UDPAllowedPorts"=hex(7):30,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00
"NTEContextList"=hex(7):30,78,30,30,30,30,30,30,30,32,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="192.168.2.1"
"Lease"=dword:0002a300
"LeaseObtainedTime"=dword:4c73ddac
"T1"=dword:4c752f2c
"T2"=dword:4c762c4c
"LeaseTerminatesTime"=dword:4c7680ac
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"ActiveConfigurations"=hex(7):41,6c,74,65,72,6e,61,74,65,5f,7b,33,31,37,33,44,34,35,37,2d,46,\
38,34,31,2d,34,41,41,39,2d,39,33,33,44,2d,31,34,33,38,33,32,30,\
33,42,44,45,44,7d,00,00
"DhcpIPAddress"="192.168.2.2"
"DhcpSubnetMask"="255.255.255.0"
"DhcpRetryTime"=dword:0001517e
"DhcpRetryStatus"=dword:00000000
"DhcpNameServer"="192.168.2.1"
"DhcpDefaultGateway"=hex(7):31,39,32,2e,31,36,38,2e,32,2e,31,00,00
"DhcpSubnetMaskOpt"=hex(7):32,35,35,2e,32,35,35,2e,32,35,35,2e,30,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6CAFA986-2FDE-49E6-B915-D805D3D3E539}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DefaultGatewayMetric"=hex(7):00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00
"UDPAllowedPorts"=hex(7):30,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00
"NTEContextList"=hex(7):00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6F0C18ED-3330-4F25-B02D-1D133724D75A}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):31,39,32,2e,31,36,38,2e,32,2e,34,00,00
"SubnetMask"=hex(7):32,35,35,2e,32,35,35,2e,32,35,35,2e,30,00,00
"DefaultGateway"=hex(7):31,39,32,2e,31,36,38,2e,32,2e,31,00,00
"DefaultGatewayMetric"=hex(7):30,00,00
"NameServer"="192.168.2.1"
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00
"UDPAllowedPorts"=hex(7):30,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00
"NTEContextList"=hex(7):00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:49b73d9b
"T1"=dword:49b744a3
"T2"=dword:49b749e9
"LeaseTerminatesTime"=dword:49b74bab
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:20f83391
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"ActiveConfigurations"=hex(7):41,6c,74,65,72,6e,61,74,65,5f,7b,36,46,30,43,31,38,45,44,2d,33,\
33,33,30,2d,34,46,32,35,2d,42,30,32,44,2d,31,44,31,33,33,37,32,\
34,44,37,35,41,7d,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7177D83D-FC84-4BB8-BD50-EB6B69884962}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F113F61-E50C-4FDD-8248-D65A59CA7F64}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DefaultGatewayMetric"=hex(7):00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00
"UDPAllowedPorts"=hex(7):30,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B152181F-D60B-4465-87C6-8EB846A3DAFD}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B1F55771-438F-4AA6-9D70-8C039E6D0C0C}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DefaultGatewayMetric"=hex(7):00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00
"UDPAllowedPorts"=hex(7):30,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00
"NTEContextList"=hex(7):30,78,30,30,30,30,30,30,30,34,00,00
"DhcpClassIdBin"=hex:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F1155369-52C3-4425-81AC-EB7FBA371780}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DefaultGatewayMetric"=hex(7):00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00
"UDPAllowedPorts"=hex(7):30,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00
"NTEContextList"=hex(7):00
".
Ciò che si ritiene è che il PC non veda direttamente il Modem Router USR9110 ma il traffico sia reidiretto ad un Server connesso al Modem Router USR9110.
Tale server utilizza USR9110 per andare in Internet o una sua linea ed indirizzi il traffico controllato di ritorno al PC :
MITM
Si noti :
USR9110 riporta solo i DHCP connessi;
talvolta è presente anche il Portatile sebbene spento;
tale Server potrebbe far credere al PC di essere 192.168.2.1 ed utilizzarne il relativo MAC.
In passato Kasperski mi rilevava un PDM.Keylogger ma non riusciva a dirmi dove era ed a eliminarlo.
Credetemi, non voglio polemizzare.
Sto solo cercando collaborazione per risolvere il problema.
Saluti e ringraziamenti,
Fabrizio
|