Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I mean. Yes, you're pwned. You need to reflash all possible firmware, dd your disks to zeros and start again.. I wouldn't even trust it then, personally.

What's the IP address it was talking to? Maybe we can help find out what it was?



If you are to go this far, don't stop at dd-ing disks to zero. Replace the SSD controller firmware as well + BIOS + all firmware everywhere.


Why stop at the firmware? Shred the hardware altogether. /s


… and bury it at least 8 feet deep on land no closer than a mile from your residence.


seems to be careless not to burn current residence to the ground as well


Then salt the earth


I think 6 feet should be enough in most cases, if you're short on time or energy.


Turn off your computer and make sure it powers down,

Drop it in a 35-foot hole in the ground,

Cover it completely, rocks and boulders should be fine...


Pretty sure you could still recover the flash-based memory. Unless you're dropping into acid or lava.


Yeah. That's definitely the plan, but I want to see if there's anything I can learn from the machine before I even do so.

The IP address was 107.122.31.71.


It looks like a consumer IP address (AT&T US); ungood. Either your attacker is unsophisticated and they actually had that IP, or they're bouncing through a pwned machine.

Kill it. Kill it with fire.


one open port it seems: https://www.shodan.io/host/107.122.31.71


Well, I've dug around, there's no hostname associated with it or pointing to it.

There's no obvious connections to any orgs or sites, and no entries in virustotal or abuseipdb, however there is an open port 179 (looks like BGP??).


Its a carrier grade NAT IP for ATT's cellular service, the BGP is likely just the ATT router.


Yeah, I'm now realizing that this might be multicast traffic I'm seeing from another device, and I do use AT&T which is making me think this may not actually be malicious.


Out of curiosity, how do you know it's CGNAT? Is it just because all of AT&T's mobile traffic is through CGNAT?




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: