redlinedone
Level 1 (5 points)
Servers Enterprise

Q: someone has remote accessed my network

>My friends Iphone was fine one minute and the next minute he is logged out and no longer has access to it. does this mean anything to anyone? I believe that a DNS service is routing from california to Colorado and so on but I am not sure. HELP

 

Further investigation showed I have a (

Proxies:

  Exceptions List: *.local, 169.254/16

  FTP Passive Mode: Yes)

I used my network utility to break it down and found this....

after ping....

Ping has started…

 

PING 198.105.244.130 (198.105.244.130): 56 data bytes

 

 

--- 198.105.244.130 ping statistics ---

10 packets transmitted, 0 packets received, 100.0% packet loss

 

after Lookup...

Lookup has started…

 

169.254/16 -> 198.105.254.130, 198.105.244.130

 

 

after whois....

Whois has started…

 

% [whois.apnic.net]

% Whois data copyright terms    apnic.net/db/dbcopyright.****

 

% Information related to '198.0.0.0 - 198.255.255.255'

 

inetnum:        198.0.0.0 - 198.255.255.255

netname:        ERX-NETBLOCK

descr:          Early registration addresses

remarks:        ------------------------------------------------------

remarks:        Important:

remarks:

remarks:        Networks in this range were allocated by InterNIC

remarks:        prior to the formation of Regional Internet

remarks:        Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC.

remarks:

remarks:        Address ranges from this historical space have now

remarks:        been transferred to the appropriate RIR database.

remarks:

remarks:        If your search has returned this record, it means the

remarks:        address range is not administered by APNIC.

remarks:

remarks:        Instead, please search one of the following databases:

remarks:

remarks:        - AfriNIC (Africa)

remarks:        website: afrinic.****

remarks:        command line: whois.afrinic.net

remarks:

remarks:        - ARIN (Northern America)

remarks:        website: afrinic.****

remarks:        command line: whois.arin.net

remarks:

remarks:        - LACNIC (Latin America and the Carribean)

remarks:        website: afrinic.****

remarks:        command line: whois.lacnic.net

remarks:

remarks:        - RIPE NCC (Europe)

remarks:        website: ripe.****

remarks:        command line: whois.ripe.net

remarks:

remarks:        For information on the Early Registration Transfer

remarks:        (ERX) project, see:

remarks:

remarks:        apnic.***

remarks:

remarks:        ------------------------------------------------------

country:        AU

admin-c:        IANA1-AP

tech-c:         IANA1-AP

mnt-by:         APNIC-HM

mnt-lower:      APNIC-HM

status:         ALLOCATED PORTABLE

source:         APNIC

mnt-irt:        IRT-APNIC-AP

changed:        hm-changed@apnic.*** 20030404

changed:        hm-changed@apnic.*** 20040926

changed:        hm-changed@apnic.*** 20070214

 

irt:            IRT-APNIC-AP

address:        Brisbane, Australia

e-mail:         helpdesk@apnic.***

abuse-mailbox:  security@apnic.***

admin-c:        HM20-AP

tech-c:         NO4-AP

auth:           # Filtered

remarks:        APNIC is a Regional Internet Registry.

remarks:        We do not operate the referring network and

remarks:        is unable to investigate complaints of network abuse.

remarks:        For more information, see www.apnic.net/irt

mnt-by:         APNIC-HM

changed:        hm-changed@apnic.*** 20101111

changed:        hm-changed@apnic.*** 20110124

source:         APNIC

 

role:           Internet Assigned Numbers Authority

address:        see www.iana.***.

country:        US

phone:          +1-310-823-9**8

e-mail:         nobody@apnic.***

admin-c:        IANA1-AP

tech-c:         IANA1-AP

nic-hdl:        IANA1-AP

remarks:        For more information on IANA services

remarks:        go to IANA web site at iana.***.

mnt-by:         MAINT-APNIC-AP

changed:        helpdesk@apnic.*** 20110811

changed:        hm-changed@apnic.*** 20111206

source:         APNIC

 

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

 

Traceroute.....

Traceroute has started…

 

traceroute to 198.105.244.130 (198.105.244.130), 64 hops max, 72 byte packets

1  homeportal (192.168.1.254)  7.119 ms  1.761 ms  2.915 ms

2  108-77-188-3.lightspeed.chrlnc.sbcglobal.net (108.77.188.3)  22.058 ms  19.985 ms  19.518 ms

3  99.133.205.70 (99.133.205.70)  24.619 ms  25.574 ms  25.102 ms

4  12.83.102.137 (12.83.102.137)  31.108 ms  24.771 ms  23.700 ms

5  12.122.154.134 (12.122.154.134)  28.680 ms  28.205 ms  27.829 ms

6  ggr2.attga.ip.att.net (12.122.140.93)  29.139 ms  33.113 ms  27.148 ms

7  10ge3-20.core1.atl1.he.net (216.66.24.133)  28.745 ms  27.831 ms  25.441 ms

8  100ge11-1.core1.ash1.he.net (184.105.213.70)  39.290 ms  59.698 ms  158.151 ms

9  100ge3-1.core1.nyc4.he.net (184.105.223.166)  43.016 ms  45.742 ms  50.432 ms

10  xerocole-inc.10gigabitethernet12-4.core1.nyc4.he.net (216.66.41.242)  46.462 ms  39.229 ms  39.838 ms

11  * * *

12  * * *

13  * * *

14  * * *     ETC>>

 

<Links Edited by Host>

Posted on May 29, 2016 2:59 PM

Close
redlinedone

Q: someone has remote accessed my network

  • All replies
  • Helpful answers

  • by IdrisSeabright,

    IdrisSeabright IdrisSeabright May 29, 2016 2:59 PM in response to redlinedone
    Level 9 (59,729 points)
    iPhone
    May 29, 2016 2:59 PM in response to redlinedone

    redlinedone wrote:

     

    >My friends Iphone was fine one minute and the next minute he is logged out and no longer has access to it. does this mean anything to anyone?

    What is your friend logged out of? The Wifi network? Or his phone?

  • by MrHoffman,

    MrHoffman MrHoffman May 29, 2016 3:05 PM in response to redlinedone
    Level 6 (15,637 points)
    Mac OS X
    May 29, 2016 3:05 PM in response to redlinedone

    Take the iPhone into the local Apple store and have them take a look at it.

     

    Take the iPhone to another network, and test it there.

     

    If you want to continue the discussion here, please elaborate on what is meant by "no longer has access to it."   That's typical with activation lock, or with a device software or hardware problem.   (How that behavior involves DNS is not clear to me — iPhone uses local network DNS, so if that's misconfigured, the iPhone can have connectivity problems.   Those connectivity problems will not result in an iOS user that has been "logged out" of the device, however.)   If this is activation lock and not a passcode or hardware problem, that can only be cleared by Apple or the AppleID that originally set up the activation lock.    If this is a hardware or software problem, that usually involves trying a restore or a device reset.

     

    If your network is breached, you'll have to address that.   What's involved with that varies by your network configuration, hardware, and what's happened during the breach.   If there has been a breach, which is not yet certain.   But that typically doesn't involve an iOS device user getting "logged out".