My NetTime icon has gone dimmed.......Oh no my computer has been hacked!!!

wepee

Getting the hang of it
Joined
Jul 16, 2016
Messages
248
Reaction score
57
Hi guys,

My NetTime has been working fine for a few days.
Suddenly, I realized, its icon at the taskbar has gone from bright yellow & green to dimmed/grayed.
This usually indicates there is an error.

IP = 192.168.88.1 is the NIC that all my CCTV cameras are connected.

Just wondering if my NetTime icon at my windows has gone dimmed,
How to troubleshoot the root of the problem?

Later I found my answer:
When I did further investigation, someone has removed the Windows Firewall Rule (Inbound Rule) for NetTime time to allow the connection.

I tested on my wireless client adapter Tp-link, TL-WA1201, Time sync failed.
However, all my cameras' time is fully synced.

NetTime icon dimmed3.jpg

Here are the screenshots of my NetTime:

NetTime icon dimmed.jpgNetTime icon dimmed2.jpg

For the last few months, I have been having lots of issues regarding my cameras (I had all my Chinese cameras- Foscam connected to my local network)
I have an Asus RT-AC86U router and blocked all the internet connections for the camera, but still to no avail.

In the past, I was having......
Strange issues, like wifi client adapter will crash, camera IPs in BI network configuration will get messed up, so my camera view will get no signal.

Only recently I started to use a dual NIC set up.
Since then the above issues are solved.

But somehow or rather the hacker managed to remove the Windows firewall inbound rule for NetTime to work.

Has anyone faced this kind of serious problem at all?

Update 1: I suspected, 1 PC in my local (Main) network is compromised so the PC is permanently switched off
and disconnected from the network. I will keep monitoring my CCTV PC if there is any funny thing happening
for the next few days. I would not think my CCTV PC is compromised, since I had already freshly installed it a few
months ago.

Update 2: I redo the Windows Firewall inbound rule, now NetTime Service.exe is able to connect.

Below picture shows NetTime log Viewer:
2022-12-16_22-24-01.jpg
Time sync is working now:
2022-12-16_22-11-51.jpg
 
Last edited:

looktall

Getting comfortable
Joined
Sep 3, 2022
Messages
514
Reaction score
749
Location
Australia
That seems like a rather specific and unlikely thing for someone to do who has already gained access to your network.

It serves no purpose.
 

wepee

Getting the hang of it
Joined
Jul 16, 2016
Messages
248
Reaction score
57
I suspect windows did an update and changed permissions.
Yes recently, my windows just have an update.
But an update should not remove the Windows Inbound firewall rule.
 

wepee

Getting the hang of it
Joined
Jul 16, 2016
Messages
248
Reaction score
57
That seems like a rather specific and unlikely thing for someone to do who has already gained access to your network.

It serves no purpose.
Yes, I agree. It seems the motive does not serve any purpose.
But I have been battling this issue for more than a month now.......and till now it is still going on.
Unless you are a hacker, you won't understand the motive till you understand the thrill of screwing around.
 
Last edited:

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,428
Reaction score
47,541
Location
USA
What I have seen a Windows update do is change a computer from a private to a public network, and I suspect that is what happened and the firewall rule was different for each. I had a laptop do this very thing and I couldn't get to UI3 because of the network permission change in the firewall.

One of the many reasons why we disable Windows updates on our BI machines.

That is only an internal thing is it relates to YOUR network with the Windows computer and determined when you initially connect to your home network - it is saying your home network is public.

You could go to the effort of redoing the wifi network of everything in your house and setting up each computer to private network only, but you will find that is more trouble than it is worth.

You normally make this decision the first time you connect to a network. Windows will ask whether you want your PC to be discoverable on that network. if you select Yes, Windows sets that network as Private. If you select No, Windows sets that network as public. You can see whether a network is private or public from the Network and Sharing Center window in the Control Panel.

1671191277796.png
 

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
16,432
Reaction score
38,152
Location
Alabama
.....What I have seen a Windows update do is change a computer from a private to a public network......
I've had this happen to 3 clients this year:
  • A chiropractic office's front desk PC could no longer access the server on their own LAN to run their patient management program.
  • A church's PC for live streaming their services could no longer access Internet
  • A client lost Internet access
 

wepee

Getting the hang of it
Joined
Jul 16, 2016
Messages
248
Reaction score
57
What I have seen a Windows update do is change a computer from a private to a public network, and I suspect that is what happened and the firewall rule was different for each. I had a laptop do this very thing and I couldn't get to UI3 because of the network permission change in the firewall.

One of the many reasons why we disable Windows updates on our BI machines.

That is only an internal thing is it relates to YOUR network with the Windows computer and determined when you initially connect to your home network - it is saying your home network is public.

You could go to the effort of redoing the wifi network of everything in your house and setting up each computer to private network only, but you will find that is more trouble than it is worth.

You normally make this decision the first time you connect to a network. Windows will ask whether you want your PC to be discoverable on that network. if you select Yes, Windows sets that network as Private. If you select No, Windows sets that network as public. You can see whether a network is private or public from the Network and Sharing Center window in the Control Panel.

View attachment 148347
My CCTV network is listed as Public Network

2022-12-16_21-58-21.jpg
 

wepee

Getting the hang of it
Joined
Jul 16, 2016
Messages
248
Reaction score
57
I've had this happen to 3 clients this year:
  • A chiropractic office's front desk PC could no longer access the server on their own LAN to run their patient management program.
  • A church's PC for live streaming their services could no longer access Internet
  • A client lost Internet access
Would you suggest disabling the Windows update temporarily?
 

wepee

Getting the hang of it
Joined
Jul 16, 2016
Messages
248
Reaction score
57
Yes. Many here shut off winblows updates on their BI machines. Have you spend any time in the IPCT wiki's?
No obviously. I thought if I delay Windows update, the downside is Windows 10 OS will be less secure. Security patches not apply.
 

SpacemanSpiff

Known around here
Joined
Apr 15, 2021
Messages
1,456
Reaction score
2,431
Location
USA
No obviously. I thought if I delay Windows update, the downside is Windows 10 OS will be less secure. Security patches not apply.
Your thought process is not faulted. The update topic is definitely a double edge sword. Some additional details you may not be aware of:
Many have a dedicated BI machine. It is only purpose is to record their cameras' activities, and allow for footage playback. The BI machine is not used for perusing the Internet, running other software/apps for household members. Yes, the BI machine itself has the ability to access the Internet (from behind a router/firewall) but a dedicated BI machine will seldom have a need to access the Internet without a human doing things on it that causes it to.
If users want to access the BI machine when not at home, the best practice is to configure a VPN on your router.
 

wepee

Getting the hang of it
Joined
Jul 16, 2016
Messages
248
Reaction score
57
If users want to access the BI machine when not at home, the best practice is to configure a VPN on your router.
Yes, already configured in my ASUS RT-AC86U router as a VPN server.
Unfortunately, and temporarily I have some kids at my office who just want to watch youtube every 2 weeks.
But I get your point here.
 

SpacemanSpiff

Known around here
Joined
Apr 15, 2021
Messages
1,456
Reaction score
2,431
Location
USA
Regarding your concerns of being hacked. Have you enabled any port forwarding on your router?
 

prsmith777

Getting comfortable
Joined
Dec 23, 2019
Messages
268
Reaction score
379
Location
Colorado
I have had to redo permissions on several apps afters windows update. This is common.

They also have to be redone if there is a version change of the exe file. For instance, if you update an app, then often times the permissions need to be reset manually.
 

wepee

Getting the hang of it
Joined
Jul 16, 2016
Messages
248
Reaction score
57
Regarding your concerns of being hacked. Have you enabled any port forwarding on your router?
No, I have never opened any port for port forwarding purposes. But for VPN to work,
By default the router should open a port: 1194 (if not mistaken) automatically.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,428
Reaction score
47,541
Location
USA
It is clear the Windows update changed the permission. It either went from private to public or public to private or the update included an update to the firewall and changed the permissions.

You have never had anything update and it defaults settings or changes them? I have a few apps that every time they update it loses the login credentials and a few that change settings. It is common. And a few people have already confirmed same thing happened to them or their clients.

Not running the windows update is still more secure than an NVR that is rarely updated. Plus the computer has anti-virus and firewall protection....
 

wepee

Getting the hang of it
Joined
Jul 16, 2016
Messages
248
Reaction score
57
Regarding your concerns of being hacked. Have you enabled any port forwarding on your router?
Very strange, when I try to access my router's WEB interface.
Somehow the interface is not available- cannot access it. The HTTP server is screwed.

Errrgggh....:banghead:

I need to reboot my Asus router when I get to my office on next Monday.

Update: This is a non-issue. I forgot to update the browser shortcut on my windows desktop
which previously pointed to: 192.168.88.1.

Since I added a second NIC, my main network is using: 192.168.188.xxx subnet
So, logically, I should have updated the shortcut to point t: 192.168.188.1 (my new router address)
but, I didn't. Totally forgot about
. :facepalm:

2022-12-16_23-56-16.jpg

Now HTTP access to my router is working :D

2022-12-18_14-47-02.jpg
 
Last edited:

wepee

Getting the hang of it
Joined
Jul 16, 2016
Messages
248
Reaction score
57
It is clear the Windows update changed the permission. It either went from private to public or public to private or the update included an update to the firewall and changed the permissions.

You have never had anything update and it defaults settings or changes them? I have a few apps that every time they update it loses the login credentials and a few that change settings. It is common. And a few people have already confirmed same thing happened to them or their clients.

Not running the windows update is still more secure than an NVR that is rarely updated. Plus the computer has anti-virus and firewall protection....
Sorry I am not sure what the business is about changing permission.
Can you enlighten me. Perhaps can show some examples.
Thank you.
 
Top