I know my ISP logs and retains data, but does it go further than that ?

Discussion in 'privacy problems' started by Fly, May 26, 2009.

Thread Status:
Not open for further replies.
  1. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    First this very recent post of mine:

    https://www.wilderssecurity.com/showthread.php?t=243275

    It seems I have been able to solve the problem mentioned in the above link.

    I know it's a bit long, but this lead to the question as stated in the title. If you read it this post becomes a bit more clear :)

    Windows XP Home Edition system.

    The 'computer name', as stated in the configuration panel, system, computer name used to be a name I had made up. Partially because of privacy concerns, I vaguely recall cookies having my REAL NAME in it. But that was a long time ago, before a reformat. I think that in the installation process Windows asks for a name, and by default, puts that name in 'computer name' as stated in the first sentence of this paragraph.

    Last time I reformatted and reinstalled the OS plus the rest (to get a clean image, for imaging software and hardware) was somewhere in mid-June 2008.
    This configuration (wireless, router) has worked without problems, until very recently. In the past 2 or 3 days the connection problems became intolerable.
    So I did some research, and tried changing the 'computer name' to the host name I had been given many years ago.
    And suddenly my problems appear to be gone !
    IPCONFIG /renew now works, IPCONFIG /release causes the loss of my connection, not sure why.
    The old configuration has worked for a long time without problems. Just giving my router the host name used to be sufficient (wireless connection between computer and router, router connected by wire/cable to modem). (Btw, I did not buy the router from my ISP)
    And this suddenly changed.

    How can my ISP know what name I have given my computer ON MY COMPUTER ?? I mean, how can they see it, especially since I have a router between my computer and the modem ? The router has and had my host name, and uses DHCP. I don't have any software of my ISP on my computer, so I wonder to what extent they have access to my computer. Call me paranoid if you will, but this ISP also sets Flash cookies when you visit the site of the ISP, even with the latest version of the Flash player and having it configured so noone should be able to place a 'Flash cookie'. I don't get Flash cookies anymore, only when I visit the site of my ISP !

    So, I wonder to what extent my ISP can see what happens on my computer (I know that they log internet traffic, that's not the issue). Since they ARE able to detect what name I use for my computer name, it makes me wonder !
     
    Last edited: May 26, 2009
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
  3. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Ouch !

    I've read the URL. I refers to communication 'across the network'.

    So I'd expect DPI from what is sent from either the router or the modem (configuration: wirless connection from computer to router, router connected to modem by wire/cable, modem connects to internet).

    You're saying that they can see what happens on my computer/past the router ?? I'm not sure if I understand you. If they are doing that it would be very disturbing. You may not have all the details, but how far would it go ?
    I thought that what was on my computer was private. :eek:
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    If they can see your computers name, you are either broadcasting it, forwarding network requests directly to your computer, or running some huge leaky adapter like hamachi, or the router you have is spying on you and reporting to the ISP.
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I agree with Steve, something is going on that goes further than DPI because your computer name shouldn't be in any packets (data, headers, etc.). It could all be because of some weird innocent configuration, but something is leaky somewhere.
     
  6. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Thank you for the information.

    To be honest, I'm not sure what has been going on.

    I was thinking that it was either a technical issue related to my ISP/router, or that other wireless signals or other electromagnetic interference were causing my problem.

    I tried using setting my 'computer name' back to the original host name I received many years ago, and thought I had fixed the connection issue, but that didn't last long. (See post #1) (It also seems I cannot give my router a host name without connecting to the internet, or I just don't know how).

    I've done some further research (without contacting my ISP), and I've read (not sure if it's true - I'll find out) that the router no longer requires a host name in the configuration process. I've reconfigured the router without giving a host name. Time will tell if the connection problems persist.

    I'm not sure if my ISP has access to what (under ipconfig /all) is called the host name. I've changed it back to the fantasy name I'd been using for a long time without problems. Why is that 'computer name' called the host name ?

    'forwarding network requests directly to your computer' What do you mean by that ?

    Is there any way - a tool, documentation - to find out if my ISP is engaged in DPI ?

    I also frequently receive ICMP pings (always same number) apparently originating in my own country (Europe), but there is also a hop in the USA - I don't know if the pings originate in the USA, or whether information is forwared to the USA. Almost certainly related to my ISP.
     
    Last edited: May 27, 2009
  7. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    This evening I've been losing my connection very frequently.

    I'm not sure why.

    The 'cable light' of my modem suggests that the connection is not perpfect. (it's not always constantly on, it sometimes briefly blinks, although most of the time it's on).

    I've had this issue before, but never lost my internet connection before.
    Could this be cause of my connection problems ?

    I can't really go to my ISP, they'd say 'we don't support your router' (they do support their own, but I'm not going to buy one), and that would be the end of the conversation.

    I'd guess that there is something technical behind the scenes going on, but I don't know what. Does anyone have any suggestions ?

    MY POINT IS: can a temporary (partial?) loss of connectivity (cable light on modem) cause a 'permanent' loss of connection, without an automatic restoration of the connection to my computer later ? I tend to have to unplug my modem and router, plug in my modem, then router, then using a recover/restore option (non-English version here) to get my connection back. Sometimes that works for hours, somtimes just for minutes.

    I'll keep trying to solve this problem.
     
    Last edited: May 28, 2009
  8. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    This is the exact scenario of events that was ocurring with my SBC dsl connection. I replaced the router with an SBC router which was supported & Voilla problem solved. I still don't understand what was happening. I did however find a keylogger opeerating undetected by all AV programs. I tried out Outpost pro & the Spyware module found it. Very interesting. Finallly I got it deleted. It was there because the privacy cleanup program cleaned out a ton of new stuff,. I the restored a snapshot & started over just to be sure.
     
  9. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Well, I've recently restored a known clean image, and even after that my problems have persisted.
    So I don't think my problem is caused by an infection, unless my ISP somehow sneaked one in. I also can't see how my router could be infected, I don't seem to have any open ports, no default password, access to router from internet has been disabled, WPA-PSK encryption is on.
    Given the situation, I even did reset my router, and configured it again.
    No luck.

    In the router there is an option to (allow ?) 'pass through' IPSEC, PPTP and VOIP, enabled by default. Since I don't need VOIP I disabled it. Could this IPSEC/PPTP thing possibly have anything to do with my problem ? I'm not using a VPN.
     
  10. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I'm still troubleshooting.

    Sometimes the connection works for hours, sometimes the connection drops every few minutes or more frequent.

    When I lose my connection and check the router, I sometimes see the cable light on the modem 'blinking' (light going out briefly). That suggests that the signal coming from my ISP has some problems ? When I try to get a connection again (unplugging router and modem, then plugging those in again), it seems that my router/modem/(ISP?) has a problem giving me a network address, at least it takes some time.

    Btw, I looked in the EVENTVRW, and under systems, there are lots of warnings about Dhcp, event 1003, 1005, 1007, some IPSEC errors (I can enable and disable IPSEC pass-through in the router, I'm not sure what's the best), some errors about DCOM (10010 en 10005), IPNATHLP (32003). Some of the errors are older, but the dhcp mostly recent.

    If anyone can shed some light on this or has a solution, it would be much appreciated. I just can't go to my ISP because they'd say that they don't support my router. And I think (haven't tried it yet) that a long cable between my modem and my computer would allow a more or less proper connection to the internet. I guess I could disable Dhcp and enter a static IP, my IP is usually static but it sometimes changes (currently configured as dynamic IP), but I don't want to get in trouble by using someone else's IP !
     
  11. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    If you haven't yet checked here, a great source of info on cable-specific networking issues is the forums on dslreports

    Folks there are very knowledgeable about working around the issues of cable co's often not supporting other routers.
     
  12. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Problems are continuing.

    When I booted my computer this morning, I could not connect to the internet.

    I even couldn't see my router in the list of network connections (I could see others though).

    I did the usual to get a connection.

    A service control manager error (7023), paraphrasing : IPSEC service services has been stopped, service for verification is unknown. (first problem)
    2 more Dhcp warnings 1003

    In the wizard for configuration of my router the MAC address (default) is different from what I find when I type Ipconfig /all.
    Also, the 1003 error/message states that the computer cannot renew the network address from (DHCP server) for the network card with network address ...(which is the same as listed under ipconfig /all)

    Should I perhaps do something with my MAC address ??
    I'm in way over my head.

    Btw, I have taken a look at www.dslreports.com , but I can't even find a single reference to my specific brand/type of router. It also seems rather American orientated. They have virtually no information about my ISP, which certainly does not help. Starting a thread, asking, replying would be time-consuming and success would be doubtful at best.

    Something else that I just noted in eventvwr: at about the same time as I get the DHCP connection error, I get a Tcip 4201 event that states: (paraphrasing): the system has discovered that network adaptor X is connected with the network, normal operation of the network adaptor has begun. This 'information event' has occured each time before I lost my connection, at the same time, or a few seconds earlier (according to eventvwr). The same goes for event Tcip 4202 which states that the network adaptor X is no longer connected to the network and the network configuration of the adaptor has been released, followed by more text stating that there may be an error in the network adaptor, followed by the suggestion to contact the manufacturer for a newer driver (I already have that). The 4201 typically occurs before the 4202. It's a bit inconsistant, sometimes I just see a 4201 only before a Dhcp error. I do have one other network adaptor which is part of the mainboard and which I have disabled.

    The adaptor/router isn't old, I really don't think it's damaged.

    Some more: from eventvwr: network adaptor \DEVICE\TCPIP_{x} (where x is a string, which apparently has something to do with the network, I looked it up in the registry) 4201 suggests initiation of normal functioning of the network adaptor, network adaptor \DEVICE\TCPIP_{x} 4202 suggests disconnection from the network. Sometimes, before the Dhcp error and loss of connection, the 4201 comes first, sometimes the 4202 comes first.
    \DEVICE\TCPIP_{x} is listed under EAPOL in the registry. Googling Eapol suggests that it has something to do with a wireless LAN/network. Btw, it doesn't look like an Eapol service is running.

    I REALLY don't understand. Help would be appreciated very much.

    Note: from what I understand, my cable modem is assigned a dynamic IP, which rarely changes so it's mostly static, the IP/connection is sent from the modem to the router, the latter connects wirelessly with my computer.
    I just don't see how I could possibly lose my connection to the router (I even did reset it, and reconfigured it again).
     
    Last edited: May 30, 2009
  13. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    I had very similar issues in the past. Spotty connection, light on modem blinking etc.
    It turns out my modem was old and not supported by the ISP. I went out and bought a new modem and problem has been fixed ever since.
     
  14. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    How does hamachi leak? I was under the impression it was fairly secure.
     
  15. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    hamachi works by forcing it's way as the core network adapter for your system and then performs network bridging. We would consider this malware in a security environment. It does not follow standard operating protocols, it is a fascist device, and forces networks to leak to each other in a desperate attempt at connectivity. It's like if someone asked you if you wanted to get your money out of the bank a little faster, and so it warped the universe together to merge the location of the bank and the location of your home into the same place. Yeah it technically works, but is a very very dirty method of doing something, and screws up the rest of your network security.
     
Loading...
Thread Status:
Not open for further replies.