Jump to content
Sign in to follow this  
PositiveG

ArmA modding IP stack?

Recommended Posts

I rebuilt my home network yesterday.

By chance I did an IPCONFIG /ALL from a CMD prompt on my primary PC. For some strange reason, my default domain search suffix was defined as this;

dffclan.com

WTF?

Now how in the heck did that get changed to that? It should be blank. Weird!!!

If you go to dffclan.com, it redirects to dffclan.nl.

They appear to be a ArmA site. I'm not blaming this on them, they may be a victim too.

I'd love to know how that setting was modified on my PC, no way I changed it myself. Not good.

Just an FYI to you guys.

Share this post


Link to post
Share on other sites

There two ways to apply this manually, in TCP/IP properties under Advanced>DNS>"DNS Suffix for this connection" or if you have an internet router you can put it in as the name of the DHCP scope.

If you haven't been hacked, it must have manually got in there somehow. Either way, to ease paranoia, buy an enterprise class firewall lol

Share this post


Link to post
Share on other sites

ArmA is definitely not intentionally configuring IP parameters in any way. I cannot even see any reason why we should do this.

Share this post


Link to post
Share on other sites

If you're the only one using your computer then you've been hacked somewhere along the line. As stated earlier it needs to be changed by someone, it won't just appear in there.

I don't see what you could possibly do by changing it though.

Put it in the "Weird" file.

Share this post


Link to post
Share on other sites

Well it also has BF2, Swat, Rainbow six, racedrive on that site.

I say you got some spyware a while ago. Try finding a way to clean it out. I dont think I can post or recommend antispyware programs.

Share this post


Link to post
Share on other sites
ArmA is definitely not intentionally configuring IP parameters in any way. I cannot even see any reason why we should do this.

I don't think he meant that Suma...nor did I.

Just wondering where it came from?

A mod???

One of those nutcase TK'ers hacks???

Share this post


Link to post
Share on other sites

Thanks for the replies guys.

As soon as I noticed that in my ipconfig /all output, first thing I did was to remove that in the TCP/IP settings.  

Just a bit more background.  I run two Firewalls.  One is an enterprise class Netscreen product.  The other is a cheap soho DLINK one.  I have two ISPs (cable and DSL), thus the reconfiguring my home network comment.  I collapsed everything onto a single 24 port Cisco switch with multiple VLANs defined.  Had a bunch of cheap switches strung together for the Home LAN, the ISP's were directly attached to the Firewalls.  One VLAN is defined for each ISP and one for the home LAN. I plan on port mirroring to sniff my traffic, thus the switch upgrade. Note that this search setting was noticed, BEFORE I made these network changes.

True, this setting could have been put on there by almost anything.  The "change" on that search suffix was certainly automated somehow as I didn't key it in.  The box is only several months old, built from scratch (XP) and is Trojan and virus free, at least Avast and Windows Defender haven't said anything.  I do not and will not use DHCP on my home LAN.  

I thought I'd mention it here as per Nixers suggestion.  Just in the off chance someone else has noticed this as well.   False alarm, I hope so too.  Certainly "weird".

Share this post


Link to post
Share on other sites
Thanks for the replies guys.

As soon as I noticed that in my ipconfig /all output, first thing I did was to remove that in the TCP/IP settings.

Just a bit more background. I run two Firewalls. One is an enterprise class Netscreen product. The other is a cheap soho DLINK one. I have two ISPs (cable and DSL), thus the reconfiguring my home network comment. I collapsed everything onto a single 24 port Cisco switch with multiple VLANs defined. Had a bunch of cheap switches strung together for the Home LAN, the ISP's were directly attached to the Firewalls. One VLAN is defined for each ISP and one for the home LAN. I plan on port mirroring to sniff my traffic, thus the switch upgrade. Note that this search setting was noticed, BEFORE I made these network changes.

True, this setting could have been put on there by almost anything. The "change" on that search suffix was certainly automated somehow as I didn't key it in. The box is only several months old, built from scratch (XP) and is Trojan and virus free, at least Avast and Windows Defender haven't said anything. I do not and will not use DHCP on my home LAN.

I thought I'd mention it here as per Nixers suggestion. Just in the off chance someone else has noticed this as well. False alarm, I hope so too. Certainly "weird".

For home I can see DHCP being eh. Still handy if you have quite a few devices. With the correct setup you would be amazed how much it can help. Works perfect to lead anyone who might have tapped into your juice to somewhere else.

Most items out there will never show up on a virus scan. Just cause that shows clean does not merit a clean pc. Most trojans that people get far with are designed to nail users who download them or specific functions. who knows.

smile_o.gif

Share this post


Link to post
Share on other sites

Yes, DHCP is a very handy service.  

My three home PCs are fixed in place, so I use static IP addressing for them.  My two Xbox 360's are also fixed in place, so I use static IPs for them too.   My server is fixed as well, another static IP.   The two Firewalls, the IP address of my switch, also fixed.   All drawn on a nice Visio drawing, using easy to remember addresses and host names.

The only PCs that don't have Static IPs are my two Laptops (however those two use separate PCMCIA NICs when on my home LAN (and those NICs have their IPs static in the OS).   I remove the NICs when I leave the house.   The built in NICs on those Laptops are DHCP (for use at work).

Good point about setting up a fake DHCP service, might be handy. You could even use a valid range, just block them on your Firewall.

Share this post


Link to post
Share on other sites
Yes, DHCP is a very handy service.

My three home PCs are fixed in place, so I use static IP addressing for them. My two Xbox 360's are also fixed in place, so I use static IPs for them too. My server is fixed as well, another static IP. The two Firewalls, the IP address of my switch, also fixed. All drawn on a nice Visio drawing, using easy to remember addresses and host names.

The only PCs that don't have Static IPs are my two Laptops (however those two use separate PCMCIA NICs when on my home LAN (and those NICs have their IPs static in the OS). I remove the NICs when I leave the house. The built in NICs on those Laptops are DHCP (for use at work).

Good point about setting up a fake DHCP service, might be handy. You could even use a valid range, just block them on your Firewall.

All my traffic is blocked until your auth to a radius server in the house. All wireless is open to the public anyway.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×