Wrong IP address (compromised?)



  • Hello, I've been prepping my system for a wipe and reinstall and am moving logins over to other computers however when I logged in it said I needed an email confirmation code because I was logging in from a new browser, no worries; this is normal. However, the email states that I am in the Russian Federation (Czech Republic), I thought their database or the way they lookup addresses must be wrong but nope, I googled my IP and there it is. The only problem is that I've set up OpenVPN to route my traffic through the Netherlands, I have NO VPN programs or proxies active on either the browser or the computer itself so why is this happening? Is my pfSense device compromised?

    Thanks for the time,

    John.


  • LAYER 8 Netgate

    What are you talking about?

    You'll need to provide much more information.

    Much more likely that your computer is broken than pfSense has some sort of malware in it.



  • @Derelict:

    What are you talking about?

    You'll need to provide much more information.

    Much more likely that your computer is broken than pfSense has some sort of malware in it.

    My IP address isn't the same as the OpenVPN tunnel ALL traffic should be going through and I was wondering if this could be pfSense itself being compromised.

    What additional information?


  • LAYER 8 Netgate

    I don't know. You're the one making the assertion. A screenshot of the full browser window would be a good start.

    Disconnect the VPN and try again.



  • @Derelict:

    I don't know. You're the one making the assertion. A screenshot of the full browser window would be a good start.

    Disconnect the VPN and try again.

    My apologies if I've caused any offense, just a bit confused & worried. Just reset my computer (wiped and installed Ubuntu)  and it's still showing my IP to be in the Prussian federation so it must be one of the settings I have enabled but I don't remember setting any of the settings. Not going to reveal personal information but the remote host is different that what my outward facing IP. The browser if fresh so I don't think that would help.


  • LAYER 8 Netgate

    Sounds like you're egressing through the VPN like you're trying to do. Lord.

    If you want me to see what it looks like for me, cut loose with your actual WAN IP address and whatever other addresses you're concerned with in a PM.

    Please be as specific as possible with what you think is wrong and why.


  • Banned

    @JohnSCarter:

    The only problem is that I've set up OpenVPN to route my traffic through the Netherlands

    Your VPN provider might be from the Netherlands, but that doesn't mean their endpoint servers are located there too. Actually if they provide a service without any logging, which is (legally) near to impossible within most of the EU, I would expect their servers to reside in a country with less strict laws.


  • LAYER 8 Global Moderator

    Lets all not forget that the IP database of location data - is far from perfect..

    Having a bitch of time trying to get maxmind to update theirs.. A /24 off our /16 they kept saying was in Malaysia..  When clearly its in the US..  Tried for months to get them to correct via their forms with little luck, until it became moot when we no longer proxied data web traffic through that connection.

    As to what vpn service your using.. Unless you got one that allows you to pick your endpoint location and country and you did.. And just using it to mask your traffic from your local isp then sure the endpoint could be almost anywhere does not matter where the HQ of the company is, etc.  If your having a issue with your VPN ip now showing the origin country that you want for its IP, then you should get with your vpn provider..

    Again - geoip information is not an exact science ;)

    This is not TV where they get an IP and lookup that is located in the bedroom of the house on 123 Street on the 2nd floor hehehehe


Log in to reply