Feds profiling opencarry.org surfers

LovesHisXD45 · Mar 4, 2012

This is more the stuff I get.

Stanley said:
192.168.0.0 is an internal ip range. That's your network. Are you behind a router? Are you on your own network or someone else's? Multiple computers on the network?

That's all the same IP so I'd check devices on that network and applications. Many handle their own port assignments and even change ports. My torrent program switches ports every 2 minutes so that the ISP can't throttle me.

As an aside when I, in my youth, port scanned and later during "security tests" we were on rotating IPs. I doubt the NSA would scan from 1 ip.

Private IPv4 ranges.
http://en.m.wikipedia.org/wiki/Private_network

---
I am here: http://tapatalk.com/map.php?dkyyhv

[INFO] Sat Mar 03 02:54:29 2012 Blocked incoming UDP packet from 151.70.125.75:31561 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:54:25 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:54:03 2012 Blocked incoming UDP packet from 75.47.2.134:41697 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:53:10 2012 Blocked incoming UDP packet from 151.76.150.130:13339 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:53:06 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:52:38 2012 Blocked incoming UDP packet from 218.238.152.89:61423 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:52:35 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:51:58 2012 Blocked incoming UDP packet from 76.7.23.121:20354 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:51:57 2012 Blocked incoming UDP packet from 83.11.111.5:36261 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:51:55 2012 Blocked incoming UDP packet from 76.7.23.121:20354 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:51:54 2012 Blocked incoming UDP packet from 83.11.111.5:36261 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:50:58 2012 Blocked incoming UDP packet from 94.71.148.21:13701 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:50:55 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:50:55 2012 Blocked incoming UDP packet from 80.116.14.54:18385 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:50:42 2012 Blocked incoming UDP packet from 66.61.105.27:62292 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:50:39 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:49:52 2012 Blocked incoming UDP packet from 151.70.125.75:31561 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:49:48 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:49:11 2012 Blocked incoming UDP packet from 84.229.84.134:22310 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:49:08 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:49:03 2012 Blocked incoming UDP packet from 85.136.227.43:54666 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:49:00 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:48:28 2012 Blocked incoming UDP packet from 151.76.150.130:13339 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:48:25 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:48:06 2012 Blocked incoming UDP packet from 151.70.125.75:31561 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:48:04 2012 Blocked incoming UDP packet from 218.238.152.89:61423 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:48:02 2012 Blocked incoming UDP packet from 151.70.125.75:31561 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:48:01 2012 Blocked incoming UDP packet from 218.238.152.89:61423 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:47:36 2012 Blocked incoming UDP packet from 213.171.51.170:1072 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:47:33 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:47:32 2012 Blocked incoming UDP packet from 83.11.111.5:36261 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:47:29 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:46:51 2012 Blocked incoming UDP packet from 62.198.63.194:34492 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:46:45 2012 Blocked incoming UDP packet from 218.238.152.89:61423 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:46:43 2012 Blocked incoming UDP packet from 80.116.14.54:18385 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:46:42 2012 Blocked incoming UDP packet from 218.238.152.89:61423 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:46:40 2012 Blocked incoming UDP packet from 80.116.14.54:18385 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:46:28 2012 Blocked incoming UDP packet from 151.76.150.130:13339 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:46:25 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:46:05 2012 Blocked incoming UDP packet from 66.61.105.27:62292 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:46:02 2012 Blocked incoming UDP packet from 218.238.152.89:61423 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:46:02 2012 Blocked incoming UDP packet from 66.61.105.27:62292 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:45:57 2012 Blocked incoming UDP packet from 83.11.111.5:36261 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:45:54 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:45:53 2012 Blocked incoming UDP packet from 66.61.105.27:62292 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:45:48 2012 Blocked incoming UDP packet from 178.128.89.159:12171 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:45:45 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:45:35 2012 Blocked incoming UDP packet from 83.11.111.5:36261 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:45:34 2012 Blocked incoming UDP packet from 85.72.153.115:12868 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:45:31 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:45:06 2012 Blocked incoming UDP packet from 87.1.52.194:20807 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:45:04 2012 Blocked incoming UDP packet from 80.116.14.54:18385 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:45:03 2012 Blocked incoming UDP packet from 87.1.52.194:20807 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:44:53 2012 Blocked incoming UDP packet from 80.116.14.54:18385 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:44:42 2012 Blocked incoming UDP packet from 66.61.105.27:62292 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:44:39 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:44:03 2012 Blocked incoming UDP packet from 85.136.227.43:54666 to 192.168.202.164:58908
[INFO] Sat Mar 03 02:44:00 2012 Above message repeated 1 times
[INFO] Sat Mar 03 02:43:55 2012 Blocked incoming UDP packet from 94.71.148.21:12362 to 192.168.202.164:58908

davidmcbeth · Mar 4, 2012

I have a red pencil box

GuidoZ · Mar 5, 2012

Yeah, that first capture doesn't mean a bunch by itself, but might after the answers to the following:

Do you have a BitTorrent client running? The IPs are from many places (TX to Italy to Poland), but all heading to the same UDP port (58908). Also, what operating system are you using?

It would be good to see what, if anything, is listening on that port. I can help you figure that out, but need to know your OS. (Professional "computer guy" here.)

--
Peace. ~G

mahkagari · Mar 5, 2012

Just for the mundane solution, might it be an ad attack? OCDO is like others where you need to watch where you click on the page to duck the sponsors' banners and popups. Could it be a data mining firm tracking traffic to sell statistics to Cabela's?

MSG Laigaie · Mar 5, 2012

john has a long mustache.

Stanley · Mar 5, 2012

Two things...

1) Why is the port open? Rather, why do you have that port open? Close it unless it's necessary.

2) I doubt it's a scan. Why would they keep hitting the same port. Like said above, I'm thinking torrent or some other file sharing software.

ncwabbit · Mar 5, 2012

When this thread started i was curious what was ping'g my system as well. so review of PC World, CNET came up with a free tracking blocking software called DNT+ (do not track plus) from:

http://www.abine.com/

interesting to note i have see upwards to 14 tracking activities blocked on one of my places i browsed and this site at one time had 6, one social network, 2 ad networks, and 3 tracking companies apparently ping'g my IE browser for information. according to the software feedback, all these were successfully 'blocked'.

i opted for the free version and it has not degraded my IE performance in the least so i am quite pleased w/its functionality.

might try the pgm and see if your 'pings' are actually tracking from your browser.

wabbit
(geek @ heart)

ps: how many have virus checker on your smart fones?

pps: have you turned off your 'preserve favorites, third party cookies, as well as the temporary internet files where it checks for newer version of stored copies of the places you have been BS etc?

Xulld · Mar 5, 2012

\\who is by ip
I only ran a few . . . .

[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '213.171.51.160 - 213.171.51.175'

inetnum: 213.171.51.160 - 213.171.51.175
netname: COMCOR-InterLogika
descr: Network for InterLogika
country: RU
admin-c: FSV23-RIPE
tech-c: FSV23-RIPE
status: ASSIGNED PA
mnt-by: AS8732-MNT
source: RIPE # Filtered

person: Fedorov Sergey Vladimirovich
e-mail: support@ilogica.ru
address: Moscow, Moskovskaya oblastj, Naro-Fominskiy rayon
phone: +7 499 271-4000
mnt-by: AS8732-MNT
nic-hdl: FSV23-RIPE
source: RIPE # Filtered

% Information related to '213.171.32.0/19AS8732'

route: 213.171.32.0/19
descr: comcor.ru
origin: AS8732
mnt-by: AS8732-MNT
source: RIPE # Filtered

----------------------------------

# ENGLISH

KRNIC is not an ISP but a National Internet Registry similar to APNIC.

[ Network Information ]
IPv4 Address : 218.236.0.0 - 218.239.255.255 (/14)
Service Name : broadNnet
Organization Name : SK Broadband Co Ltd
Organization ID : ORG3930
Address : 267, Seoul Namdaemunno 5(o)-ga Jung-gu SK NamsanGreen Bldg.
Zip Code : 100-711
Registration Date : 20020816

[ Admin Contact Information ]
Name : IP manager
Phone : +82-2-106-2
E-Mail : ip-adm@skbroadband.com

[ Tech Contact Information ]
Name : IP manager
Phone : +82-2-106-2
E-Mail : ip-adm@skbroadband.com

[ Network Abuse Contact Information ]
Name : manager
Phone : +82-2-106-2
E-Mail : abuse@skbroadband.com

--------------------------------------------------------------------------------

More specific assignment information is as follows.

[ Network Information ]
IPv4 Address : 218.238.152.0 - 218.238.152.255 (/24)
Network Name : HANANET-INFRA
Organization Name : SK Broadband Co Ltd
Organization ID : ORG3930
Address : 267, Seoul Namdaemunno 5(o)-ga Jung-gu SK NamsanGreen Bldg.
Zip Code : 100-711
Registration Date : 20041014
Publishes : Y

[ Technical Contact Information ]
Name : IP manager
Organization Name : SK Broadband Co Ltd
Address : 267, Seoul Namdaemunno 5(o)-ga Jung-gu SK NamsanGreen Bldg.
Zip Code : 100-711
Phone : +82-2-106-2
E-Mail : ip-adm@skbroadband.com

- KISA/KRNIC Whois Service -

===================================

inetnum: 83.4.0.0 - 83.11.255.255
netname: NEOSTRADA-ADSL
descr: Neostrada Plus
country: PL
admin-c: TPHT
tech-c: HT2189-RIPE
status: ASSIGNED PA
mnt-by: TPNET
mnt-lower: TPNET
mnt-routes: TPNET
source: RIPE # Filtered

role: TP S.A. Hostmaster
address: TP S.A.
address: ul. Nowogrodzka 47A
address: 00-695 Warszawa
address: Poland
phone: +48 800 120810
fax-no: +48 22 6225182
admin-c: TK569-RIPE
tech-c: TK569-RIPE
tech-c: JS1838-RIPE
nic-hdl: TPHT
mnt-by: TPNET
abuse-mailbox: abuse@telekomunikacja.pl
source: RIPE # Filtered

person: Hostmaster TPSA-CST
address: Telekomunikacja Polska S.A.
address: Data Transmission Systems Centre
address: ISP
address: POLAND
remarks: ! - ! - ! - ! - ! - !
remarks: CALL - CENTER
remarks: phone: (+48) 800 120811
remarks: ! - ! - ! - ! - ! - !
phone: +48 800 120810
fax-no: +48 22 6225182
remarks: ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - !
remarks: Please send spam and abuse notification only to:
remarks: abuse@tpnet.pl
remarks: ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - !
nic-hdl: HT2189-RIPE
mnt-by: TPNET
source: RIPE # Filtered

% Information related to '83.0.0.0/11AS5617'

route: 83.0.0.0/11
descr: TPNET
descr: for abuse: abuse@tpnet.pl
origin: AS5617
mnt-by: AS5617-MNT
source: RIPE # Filtered

% Information related to '83.8.0.0/13AS5617'

route: 83.8.0.0/13
descr: TPNET
descr: for abuse: abuse@tpnet.pl
origin: AS5617
mnt-by: AS5617-MNT
source: RIPE # Filtered

========================================

inetnum: 151.70.0.0 - 151.70.255.255
netname: IUNET-BNET70
descr: IUnet
descr: Via Lorenteggio 257
descr: Milano, I-20100
country: IT
admin-c: AN2056-RIPE
tech-c: AN2056-RIPE
status: ASSIGNED PA
mnt-by: AS1267-MNT
mnt-lower: AS1267-MNT
mnt-routes: AS1267-MNT
source: RIPE # Filtered

person: Abuse Notification
address: Via Lorenteggio 257
address: I-20152 Milano
address: Italy
phone: +39 02 41331
e-mail: abuse@infostrada.it
nic-hdl: AN2056-RIPE
source: RIPE # Filtered
mnt-by: AS1267-MNT

% Information related to '151.70.0.0/16AS1267'

route: 151.70.0.0/16
descr: INFOSTRADA
origin: AS1267
remarks: removed cross-mnt: AS1267-MNT
mnt-lower: AS1267-MNT
mnt-routes: AS1267-MNT
mnt-by: AS1267-MNT
source: RIPE # Filtered

--------------------------------------

inetnum: 94.71.128.0 - 94.71.191.255
netname: OTENET
descr: Multiprotocol Service Provider to other ISP's and End Users
descr: located in Greece and having nodes in 63 cities
country: GR
admin-c: OIA15-RIPE
tech-c: OIA15-RIPE
status: ASSIGNED PA
remarks: rev-srv: ns1.otenet.gr
remarks: rev-srv: ns2.otenet.gr
remarks: +---------------------------------+
remarks: |General enquiries: noc@otenet.gr |
remarks: |Abuse & Spam: abuse@otenet.gr |
remarks: |DNS & RIPE: hostmaster@otenet.gr |
remarks: +---------------------------------+
remarks: INFRA-AW
mnt-by: OTENET-GR-MNT
mnt-domains: OTENET-GR-MNT
source: RIPE # Filtered

role: OTENET IP ADM
address: OTEnet S.A.
address: 109 Kifissias Ave & Sina Str.Marousi
address: GR-15124 Athens
address: Greece
phone: +30 210 6151600
fax-no: +30 210 6151900
admin-c: AV323-RIPE
tech-c: PP5896-RIPE
tech-c: GZ1021-RIPE
nic-hdl: OIA15-RIPE
abuse-mailbox: abuse@otenet.gr
mnt-by: OTENET-GR-MNT
source: RIPE # Filtered

% Information related to '94.64.0.0/13AS6799'

route: 94.64.0.0/13
descr: OTEnet
origin: AS6799
remarks: OTEnet S.A. Multiprotocol Backbone & ISP
mnt-by: OTENET-GR-MNT
source: RIPE # Filtered

% Information related to '94.71.0.0/16AS6799'

route: 94.71.0.0/16
descr: OTEnet
origin: AS6799
remarks: OTEnet S.A. Multiprotocol Backbone & ISP
mnt-by: OTENET-GR-MNT
source: RIPE # Filtered

======================================================================

Nothing here would make me think feds. I would run a netstat -ano to make sure I had no processes connecting to any foreign ip ranges, otherwise you may have some spyware installed you are unaware of . . .

GuidoZ · Mar 6, 2012

ncwabbit said:
... came up with a free tracking blocking software called DNT+ (do not track plus) from: http://www.abine.com/ ...

Sounds like basic tracking cookie monitoring/blocking. There are a bunch of fine pieces of software out there (and browser plug-ins, like AdBlock+) that can handle this. It's not a bad idea to have one around, but not the same as what is being experienced here.

Xulld said:
Nothing here would make me think feds. I would run a netstat -ano to make sure I had no processes connecting to any foreign ip ranges, otherwise you may have some spyware installed you are unaware of . . .

Agreed. This is why I was curious about the operating system so I could recommend the next steps (such as netstat or similar). I'm still rolling with a P2P of some kind until I get more info.

--
Peace. ~G

Gunslinger · Mar 6, 2012

Going to have to watch what I say. As soon as they repeal the 1st Amendment.

Dreamer · Mar 6, 2012

swinokur said:
The CIA is in Langley
NSA is located at Ft. Meade, MD

First off, there is no "the" before CIA...

Secondly, to say that the NSA is in Ft. Meade is like saying Ford is in Detroit. There are large-scale NSA facilities all over the US, including a newly-built $1 BILLION cyber data analysis center near Salt Lake City UT, and a HUGE new cryptoanalysis center in GA. NSA is expanding operations faster than Sineloa (and probably getting some of their funding from the same sources...)

Just sayin'...

Daylen · Mar 6, 2012

Do we need to migrate to a .onion forum?

Dreamer · Mar 6, 2012

Gunslinger said:
Going to have to watch what I say. As soon as they repeal the 1st Amendment.

As long as there is spray paint, wheat paste, and printers ink, we have the First Amendment...

PistolPackingMomma · Mar 7, 2012

We may all have to become Thomas Paines...

The Silence Gun

Stanley · Mar 7, 2012

Dreamer said:
As long as there is spray paint, wheat paste, and printers ink, we have the First Amendment...

Wheat paste???

LovesHisXD45 · Mar 7, 2012

Locked tight

GuidoZ said:
Sounds like basic tracking cookie monitoring/blocking. There are a bunch of fine pieces of software out there (and browser plug-ins, like AdBlock+) that can handle this. It's not a bad idea to have one around, but not the same as what is being experienced here.

Agreed. This is why I was curious about the operating system so I could recommend the next steps (such as netstat or similar). I'm still rolling with a P2P of some kind until I get more info.

--
Peace. ~G

I have a D-Link DIR 655 Extreme Gigabit N-Router. I have ad-block plus installed in firefox, and I use Zone Alarm for my firewall. Nothing gets in or out without me knowing about it. I have all tracking disabled in firefox. I also have a ram drive set up for all of my system cache and internet temporary junk. My operating system is Windows XP Home edition SP3 (2002) 4 gig ram. I also use the blocksite addon installed for firefox and have blocked all access to all social networking sites including all of the domains that access or go through google and yahoo. Here is a "Netstat -abno" piped to a text file for my current session:

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 192.168.0.198:139 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:1026 127.0.0.1:1027 ESTABLISHED 1708
[firefox.exe]

TCP 127.0.0.1:1027 127.0.0.1:1026 ESTABLISHED 1708
[firefox.exe]

TCP 127.0.0.1:1028 127.0.0.1:1029 ESTABLISHED 1708
[firefox.exe]

TCP 127.0.0.1:1029 127.0.0.1:1028 ESTABLISHED 1708
[firefox.exe]

TCP 192.168.0.198:1754 72.233.104.107:80 ESTABLISHED 1708
[firefox.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 0.0.0.0:4500 *:* 760
[lsass.exe]

UDP 0.0.0.0:500 *:* 760
[lsass.exe]

UDP 127.0.0.1:123 *:* 1076
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.0.198:123 *:* 1076
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
-- unknown component(s) --
[svchost.exe]

UDP 192.168.0.198:138 *:* 4
[System]

UDP 192.168.0.198:137 *:* 4
[System]

I don't use bit torrent or any other similar software. This is pretty bare bones access to the most basic stuff, and you can see that not many ports are listening for anything. This type of netstat is what I usually see, and I would know if something was trying to get in or out that wasn't supposed to be.

Kevin

riverrat10k · Mar 7, 2012

Mr. Green has no shoes! Mr. Green has no shoes!

TechnoWeenie · Mar 8, 2012

LovesHisXD45 said:
I have a D-Link DIR 655 Extreme Gigabit N-Router. I have ad-block plus installed in firefox, and I use Zone Alarm for my firewall. Nothing gets in or out without me knowing about it. I have all tracking disabled in firefox. I also have a ram drive set up for all of my system cache and internet temporary junk. My operating system is Windows XP Home edition SP3 (2002) 4 gig ram. I also use the blocksite addon installed for firefox and have blocked all access to all social networking sites including all of the domains that access or go through google and yahoo. Here is a "Netstat -abno" piped to a text file for my current session:

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 192.168.0.198:139 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:1026 127.0.0.1:1027 ESTABLISHED 1708
[firefox.exe]

TCP 127.0.0.1:1027 127.0.0.1:1026 ESTABLISHED 1708
[firefox.exe]

TCP 127.0.0.1:1028 127.0.0.1:1029 ESTABLISHED 1708
[firefox.exe]

TCP 127.0.0.1:1029 127.0.0.1:1028 ESTABLISHED 1708
[firefox.exe]

TCP 192.168.0.198:1754 72.233.104.107:80 ESTABLISHED 1708
[firefox.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 0.0.0.0:4500 *:* 760
[lsass.exe]

UDP 0.0.0.0:500 *:* 760
[lsass.exe]

UDP 127.0.0.1:123 *:* 1076
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.0.198:123 *:* 1076
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
-- unknown component(s) --
[svchost.exe]

UDP 192.168.0.198:138 *:* 4
[System]

UDP 192.168.0.198:137 *:* 4
[System]

I don't use bit torrent or any other similar software. This is pretty bare bones access to the most basic stuff, and you can see that not many ports are listening for anything. This type of netstat is what I usually see, and I would know if something was trying to get in or out that wasn't supposed to be.

Kevin

Everything is internal except 72.233.104.107, which is wordpress.com

127.0.0.1 is LOCALHOST, basically, internal piping.

192.168.x.x is internal LAN addresses.

GuidoZ · Mar 9, 2012

LovesHisXD45 said:
I have a D-Link DIR 655 Extreme Gigabit N-Router. I have ad-block plus installed in firefox, and I use Zone Alarm for my firewall. Nothing gets in or out without me knowing about it. I have all tracking disabled in firefox. I also have a ram drive set up for all of my system cache and internet temporary junk. My operating system is Windows XP Home edition SP3 (2002) 4 gig ram. I also use the blocksite addon installed for firefox and have blocked all access to all social networking sites including all of the domains that access or go through google and yahoo. Here is a "Netstat -abno" piped to a text file for my current session:

(SNIP)

I don't use bit torrent or any other similar software. This is pretty bare bones access to the most basic stuff, and you can see that not many ports are listening for anything. This type of netstat is what I usually see, and I would know if something was trying to get in or out that wasn't supposed to be.

Kevin

Looks pretty clean, yes. I'd be curious to see a cross reference between netstat and your router logs. See, monitoring simply doesn't work that way. You don't toss UDP packets at a single port to "see" what someone is doing. That's also not a side effect of any type of monitoring, at any level. Add on the fact that these connections are coming from all over the world and you've got something wanting these connections on your system.

All software firewalls can be bypassed, as they simply run at the software/driver level. Drivers can be compromised, just like processes or memory. The only true protection (or monitoring for that matter) is a hardware device, like the router. Though connections can mask themselves quite well (proxies, SSL, SSH, etc), you're still going to see the traffic, be it pure bandwidth or some form of the TCP/IP communication. Anything on the system can lie or be fooled. A hardware device can't - turn on logging in your router (preferably the syslogd if available and look at Kiwi Syslog) and watch more of what is happening. Grab a copy of Wireshark, and watch what happens when you're doing nothing yourself. These are the way you're going to tap into any secrets that may be lurking.

::EDIT:: If you're the trusting type, I'd be happy to peek at your system remotely to see what can be seen. I'm certified in computer forensic investigations and incident response recovery. If something is there, we'll know. PM me for references and options.

--
Peace. ~G

since9 · Mar 10, 2012

bigdaddy1 said:
All joking aside, most people know that the government monitors this site and MANY others. In fact State and Local PD monitor the state postings and some have said that quotes from this site have been used in the courts.

Thats why spellcheck is so important:lol:

+1

It also helps to know the law so you don't violate it.

Feds profiling opencarry.org surfers

Regular Member

Banned

Regular Member

Regular Member

Campaign Veteran

Regular Member

Regular Member

Regular Member

Regular Member

Regular Member

Regular Member

Regular Member

Regular Member

Regular Member

Regular Member

Regular Member

Regular Member

Regular Member

Regular Member

Campaign Veteran