Forum Discussion

simonh8's avatar
simonh8
Tuning in
7 months ago

Public IP change

Hi All,

My public IP address and MAC address has been spoofed, which in return they have managed to be able to create VM which in-return then was able to access all accounts MS, 2fa etc because they basically proposed as my machine using the public ip address and mac address.

I have rang virgin media today three times to ask for them to change it.

First time I spoke with an agent who then tranfered me to:

"Technical Department" - who then transfered me to
"Boarband department" - who then transfered me to

"Home boardband" - who then hung up.

 

I then called again, and the agent just hung up.

I then called for the third time, for the agent to then basically said you need to be apart of business to be able to do it. However I know that it is possible for them to change this.

 

  • jpeg1's avatar
    jpeg1
    Alessandro Volta

    Switch your Hub to modem mode and get a separate router. This will get a different WAN IP address and show a different MAC code.

    • simonh8's avatar
      simonh8
      Tuning in

      Hi, is there anyway I can ask virgin media to change this for me?

      • carl_pearce's avatar
        carl_pearce
        Superstar

        You could ask for a new HUB, however, it's unlikely they will swap it out other than a fault.

        I really don't think spoofing a public IP and MAC would allow someone to bypass 2FA.

  • 用心棒's avatar
    用心棒
    Very Insightful Person

    simonh8 wrote:

    Hi All,

    My public IP address and MAC address has been spoofed, which in return they have managed to be able to create VM which in-return then was able to access all accounts MS, 2fa etc because they basically proposed as my machine using the public ip address and mac address.


    Out of curiosity, who suggested the compromise of  “access all accounts MS, 2fa etc” was due to spoofing of your public IP Address and did they provide any further information to support this claim?

    -- 
    I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
    Have I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks

    • simonh8's avatar
      simonh8
      Tuning in

      Sadly, I work in IT and they have by-passed all my authentications 2FA, I can only assume that they have used my Public IP Address and a MAC address. And as I have changed most of my passwords on MS. the only attack they can do now is a brute force attack at the moment. Hence why I am asking for my Public IP address to be changed

  • cje85's avatar
    cje85
    Trouble shooter

    It's not something Virgin can do. Gamers who get banned from certain servers for whatever reason quite often ask on here about a getting a new IP but without success.

    Getting your own router is the only guaranteed solution (or switching your hub off for at least seven days can work, but probably not practical).

  • legacy1's avatar
    legacy1
    Alessandro Volta

    Err maybe your PC or device has been compromised 

  • legacy1's avatar
    legacy1
    Alessandro Volta

    If I'm right the hub in router mode is less secure then modem mode in spoofed MAC because people know the hub MAC range for its WAN MAC where as modem mode can be from any make of router or you don't have to use the router MAC and use any MAC.

    ARP spoofing is I think not possible on VM network but if I'm right no one can get your MAC by a ARP scan because VM gateway lies for all the IP's MAC's you scan for because the MAC is not important.

    So you DHCP you get a IP the gateway knows your true MAC but in rare case you not to connect to someone in your IP range you ARP that IP but get a lie as to the MAC they are on so when you send a packet to that MAC the VM gateway gets it does not care about the MAC see the IP lookups up the real MAC for that IP then sends the packet to the correct MAC then when they get the packet they have to send a reply and the same for them meaning no one knows your MAC when ARP scanning in order to spoof the hubs router mode or modem mode MAC but router mode is less secure.

  • Client62's avatar
    Client62
    Alessandro Volta

    Cloning a Hub's  MAC & IP,  how does that help mount an attack ?

    Just how does one compromise a 2FA element ?

    The challenge / response would go out to the intended person who is not expecting to respond, so being very IT savvy would not respond, or the 2FA would require a response code to enter from an RSA Key or similar which is only held by the OP.

    Quite a puzzle.