Feds profiling opencarry.org surfers

This is definitely a little off-topic, but still has a lot to do with OCDO. I have been running some experiments and tests regarding web traffic and packets through my router specifically when I visit opencarry.org, and other sites affiliated with firearms and freedom, etc... So what, you may say.

Well, my logs will show no intrusion activity against my network most of the day with maybe a few blocked UDP packets and incoming tcp requests here and there, but mysteriously, when I visit this site, and others like it, my logs go ballistic with blocked intrusion attempts against a specific port number from another source that randomly changes its IP address. The attacked port will change from time to time to a different number, but the intrusion is always the same type, and it's blazing fast and many times per minute.

Does anyone else see this same behavior with your network when you come here, or is it just me? If so, why would that be, and what would be the motive? Maybe the super computer farms of the NSA in Langley are working overtime, aye? Who knows? Makes me uneasy to say the least, however. Where did I put my tin foil hat?

LovesHisXD45 said:

Does anyone else see this same behavior with your network when you come here, or is it just me?

Click to expand...

No need to see it.
http://www.nytimes.com/2012/02/23/us/house-questions-homeland-security-program-on-social-media.html



DHS | March 1, 2012
Words to get your website on a government watch list - Social media monitoring!


Angel Clark
Wilmington Civil Rights Examiner

Continue reading on Examiner.com Words to get your website on a government watch list - Social media monitoring! - Wilmington Civil Rights | Examiner.com http://www.examiner.com/civil-right...ch-list-social-media-monitoring#ixzz1nxhpqE9G

LovesHisXD45 said:

Does anyone else see this same behavior with your network when you come here, or is it just me? If so, why would that be, and what would be the motive? Maybe the super computer farms of the NSA in Langley are working overtime, aye? Who knows? Makes me uneasy to say the least, however. Where did I put my tin foil hat?

Click to expand...

From which IP's are these attacks originating? Can you post them?

Fbi ?

Stanley said:

From which IP's are these attacks originating? Can you post them?

Click to expand...

As a sidenote, what port monitoring s/w are you using?

Do a reverse look up on the source IP address for the owner information, this can be done from multiple sites (for example: http://ip-lookup.net/).

If I knew how to tell, I'd tell you.

More info

Contrarian said:

As a sidenote, what port monitoring s/w are you using?

Click to expand...

This is also for a response to Stanley.

The software is Packet Sniffer. http://packet-sniffer.net/
I also use the freeware edition of packet monitor: http://www.windows7download.com/win7-packet-monitor-free-edition/gonucnco.html

Also, I use my router logs a lot. Here is a snip from just a few minutes of being here just to post this reply. The IP address of the attacking host changes on the fly more often than this log capture, almost as if other valid computers are being used by the attacker to "sniff" me out. Every time I try to reverse lookup one of these IP addresses, they are invalid, or the information does me no good because they are most likely DHCP assignments to nodes on a network somewhere and will change on a variable timetable or have been routed through a DNS server. That makes it nearly impossible to determine the actual source. There is no way you are going to track this back the the originator. It's just not going to happen.


[INFO] Fri Mar 02 13:37:38 2012 Blocked incoming TCP connection request from 192.168.202.99:51470 to 192.168.202.164:80
[INFO] Fri Mar 02 13:37:35 2012 Above message repeated 1 times
[INFO] Fri Mar 02 13:36:59 2012 Blocked incoming UDP packet from 192.168.202.99:52448 to 192.168.202.164:1900
[INFO] Fri Mar 02 13:36:50 2012 Blocked incoming TCP connection request from 192.168.202.99:51405 to 192.168.202.164:445
[INFO] Fri Mar 02 13:36:47 2012 Above message repeated 1 times
[INFO] Fri Mar 02 13:36:41 2012 Blocked incoming UDP packet from 192.168.202.99:52387 to 192.168.202.164:137
[INFO] Fri Mar 02 13:36:35 2012 Blocked incoming TCP connection request from 192.168.202.99:51343 to 192.168.202.164:80
[INFO] Fri Mar 02 13:36:32 2012 Above message repeated 1 times
[INFO] Fri Mar 02 13:35:57 2012 Blocked incoming UDP packet from 192.168.202.99:60978 to 192.168.202.164:1900
[INFO] Fri Mar 02 13:35:46 2012 Blocked incoming TCP connection request from 192.168.202.99:51278 to 192.168.202.164:445
[INFO] Fri Mar 02 13:35:43 2012 Above message repeated 1 times
[INFO] Fri Mar 02 13:35:37 2012 Blocked incoming UDP packet from 192.168.202.99:60917 to 192.168.202.164:137
[INFO] Fri Mar 02 13:35:31 2012 Blocked incoming TCP connection request from 192.168.202.99:51216 to 192.168.202.164:80
[INFO] Fri Mar 02 13:35:28 2012 Above message repeated 1 times
[INFO] Fri Mar 02 13:34:52 2012 Blocked incoming UDP packet from 192.168.202.99:56715 to 192.168.202.164:1900
[INFO] Fri Mar 02 13:34:44 2012 Blocked incoming TCP connection request from 192.168.202.99:51151 to 192.168.202.164:445
[INFO] Fri Mar 02 13:34:41 2012 Above message repeated 1 times
[INFO] Fri Mar 02 13:34:34 2012 Blocked incoming UDP packet from 192.168.202.99:56654 to 192.168.202.164:137
[INFO] Fri Mar 02 13:34:31 2012 Blocked incoming TCP connection request from 192.168.202.99:51089 to 192.168.202.164:80
[INFO] Fri Mar 02 13:34:28 2012 Above message repeated 1 times
[INFO] Fri Mar 02 13:33:53 2012 Blocked incoming UDP packet from 192.168.202.99:64033 to 192.168.202.164:1900
[INFO] Fri Mar 02 13:33:44 2012 Blocked incoming TCP connection request from 192.168.202.99:51024 to 192.168.202.164:445
[INFO] Fri Mar 02 13:33:41 2012 Above message repeated 1 times
[INFO] Fri Mar 02 13:33:35 2012 Blocked incoming UDP packet from 192.168.202.99:63972 to 192.168.202.164:137
[INFO] Fri Mar 02 13:33:32 2012 Blocked incoming TCP connection request from 192.168.202.99:50962 to 192.168.202.164:80
[INFO] Fri Mar 02 13:33:29 2012 Above message repeated 1 times
[INFO] Fri Mar 02 13:32:53 2012 Blocked incoming UDP packet from 192.168.202.99:53681 to 192.168.202.164:1900
[INFO] Fri Mar 02 13:32:44 2012 Blocked incoming TCP connection request from 192.168.202.99:50896 to 192.168.202.164:445
[INFO] Fri Mar 02 13:32:41 2012 Above message repeated 1 times
[INFO] Fri Mar 02 13:32:35 2012 Blocked incoming UDP packet from 192.168.202.99:53620 to 192.168.202.164:137
[INFO] Fri Mar 02 13:32:07 2012 Blocked incoming TCP connection request from 192.168.202.99:50830 to 192.168.202.164:80
[INFO] Fri Mar 02 13:32:04 2012 Above message repeated 1 times
[INFO] Fri Mar 02 13:31:29 2012 Blocked incoming UDP packet from 192.168.202.99:62943 to 192.168.202.164:1900
[INFO] Fri Mar 02 13:31:20 2012 Blocked incoming TCP connection request from 192.168.202.99:50729 to 192.168.202.164:445
[INFO] Fri Mar 02 13:31:17 2012 Above message repeated 1 times
[INFO] Fri Mar 02 13:31:11 2012 Blocked incoming UDP packet from 192.168.202.99:57250 to 192.168.202.164:137
[INFO] Fri Mar 02 13:30:44 2012 Blocked incoming TCP connection request from 192.168.202.99:50667 to 192.168.202.164:80

Kevin

192.168.0.0 is an internal ip range. That's your network. Are you behind a router? Are you on your own network or someone else's? Multiple computers on the network?

That's all the same IP so I'd check devices on that network and applications. Many handle their own port assignments and even change ports. My torrent program switches ports every 2 minutes so that the ISP can't throttle me.

As an aside when I, in my youth, port scanned and later during "security tests" we were on rotating IPs. I doubt the NSA would scan from 1 ip.

Private IPv4 ranges.
http://en.m.wikipedia.org/wiki/Private_network


---
I am here: http://tapatalk.com/map.php?dkyyhv

...

Uh oh...call the police the Hacker.....IS IN YOUR HOUSE I don't know just trying to through a lil humor into the situation.

HandyHamlet said:

No need to see it.
http://www.nytimes.com/2012/02/23/us/house-questions-homeland-security-program-on-social-media.html



DHS | March 1, 2012
Words to get your website on a government watch list - Social media monitoring!


Angel Clark
Wilmington Civil Rights Examiner

Continue reading on Examiner.com Words to get your website on a government watch list - Social media monitoring! - Wilmington Civil Rights | Examiner.com http://www.examiner.com/civil-right...ch-list-social-media-monitoring#ixzz1nxhpqE9G

Click to expand...

It's all in the words lol..

All joking aside, most people know that the government monitors this site and MANY others. In fact State and Local PD monitor the state postings and some have said that quotes from this site have been used in the courts.

Thats why spellcheck is so important:lol:

"Hey, you know that thing we were talking about the other day? You know with that guy, and what we were gonna do? Yeah, it's been moved up.
We're now going to deliver the gift basket while bandit is going for the 18 instead of when he's hooking the fish."

lulz

I do funny things!

When I talk to my friends on Failbook, I talk to the DHS (or whoever they are) in brackets, I say nasty things for them to read, and I play word games! My friends get a huge laugh out of it! They join in as well, and soon, we're having a great one-way conversation with DHS (or whoever reads the stuff).

Fallschirmjäger said:

"Hey, you know that thing we were talking about the other day? You know with that guy, and what we were gonna do? Yeah, it's been moved up.
We're now going to deliver the gift basket while bandit is going for the 18 instead of when he's hooking the fish."

Click to expand...

The package is ready to be delivered.

TechnoWeenie said:

The package is ready to be delivered.

Click to expand...

Does the package include pomegranates?

April 19 ........ ooooohhhh noooooooooo they're a comin' for me

The CIA is in Langley
NSA is located at Ft. Meade, MD

[The chair is against the wall.] :monkey