MK3

CAN WE TRUST THIS SITE?

23 posts in this topic

have been registered with this site for 2 days now

and yesterday I posted a topic on is the internet safe anymore

anyhow Abhayaa posted a comment in which

stated "you might want to learn about forensic linguistics"

from this I did some research into this topic

and found that its relevent to data mining along with

other things.

today my firewall has been blocking

09:53:52 n/a IN REFUSED ICMP 207.218.223.95 Echo Request/0 Echo Request/0 ICMP Traffic

09:46:59 n/a IN REFUSED ICMP 207.218.223.94 Echo Request/0 Echo Request/0 ICMP Traffic

09:40:06 n/a IN REFUSED ICMP 207.218.223.99 Echo Request/0 Echo Request/0 ICMP Traffic

09:33:13 n/a IN REFUSED ICMP 207.218.223.97 Echo Request/0 Echo Request/0 ICMP Traffic

09:26:19 n/a IN REFUSED ICMP 207.218.223.101 Echo Request/0 Echo Request/0 ICMP Traffic

09:19:26 n/a IN REFUSED ICMP 207.218.223.98 Echo Request/0 Echo Request/0 ICMP Traffic

09:12:33 n/a IN REFUSED ICMP 207.218.223.91 Echo Request/0 Echo Request/0 ICMP Traffic

08:45:00 n/a IN REFUSED ICMP 207.218.223.102 Echo Request/0 Echo Request/0 ICMP Traffic

from doing a whois lookup on this address it shows that these addresses are from

OrgName: Everyones Internet

OrgID: EVRY

Address: 390 Benmar

Address: Suite 200

City: Houston

StateProv: TX

PostalCode: 77060

Country: US

when I did a google search for the hostnames it came up with a few things related to this

1. data mining

2. and theplanet web server ev1servers.net (Powered by Invision Power Board) in which is also this page

so tell, me why my computer?

what is going down?

P.S Rambo noted yesterday "Just a little side note, Big brother watches these forums occasionally as well"

0

Share this post


Link to post
Share on other sites

Of course not!

While it's very nice that occurrences are rare here, they should certainly be expected given the nature of the site.

0

Share this post


Link to post
Share on other sites

Big brother doesnt really care about n00bs (such as you and myself lol) we are not even blips on the radar as of yet if thats what your worried about. why concern yourself with such small fish?

I cant really be of any help regarding the firewall stuff but i thought id put your mind to ease in case you were freaking out about that. Yes big brother is watching, but we are nothing. We may as well be dirt compared to some people.

0

Share this post


Link to post
Share on other sites

Probably nothing more than probing, which your firewall did fine at... no need to worry.

0

Share this post


Link to post
Share on other sites

Even if they do monitor this site from time to time its not like they could really pin anything on anybody. I mean, unless your publicly posting your crimes on these pages then what do they really have ? BinRev doesn't promote or condone piracy, or anything like that. Anyone who asks for stuff like cd keys or hacking anything particular gets reamed out anyways. I would think the gov. would look more into a site like 'hacker'threads.org or IRC channels rather than a common interest forum imo.

0

Share this post


Link to post
Share on other sites

maybe i'm wrong, but aren't they pings from worms on the Everyones Internet ISP??

0

Share this post


Link to post
Share on other sites

Probably worms pinging... Oh, sorry.

IT'S PROBABLY ONLY WORMS PINGING YOUR MACHINE FROM INFECTED HOSTS. UNLESS YOU ARE A HIGH RANKING TERRORIST OR A KNOWN CRIMINAL, YOU'RE NOT IMPORTANT TO GOVERNMENT, OR ANYONE FOR THAT MATTER. GET OVER IT.

And for fucking sake, stop using Caps-Lock.

0

Share this post


Link to post
Share on other sites
maybe i'm wrong, but aren't they pings from worms on the Everyones Internet ISP??

That does seem wierd, usually when I get break in attempts by a bot the source ip address is the same but the destination ports change, along with different user names and the attempts are about 3 seconds apart. Yours are about 7 seconds apart and from different ip adresses on the same subnet. But if your ISP is theplanet.net it's possible they randomly check for illegal users by random pinging. Do you block all of your unused ports, I get lots of traffic on port 22 SSH.

0

Share this post


Link to post
Share on other sites
Big brother doesnt really care about n00bs (such as you and myself lol) we are not even blips on the radar as of yet if thats what your worried about. why concern yourself with such small fish?

I cant really be of any help regarding the firewall stuff but i thought id put your mind to ease in case you were freaking out about that. Yes big brother is watching, but we are nothing. We may as well be dirt compared to some people.

Thats not true. Big brother watches everyone. to them, we're all dangerous hackers

0

Share this post


Link to post
Share on other sites
Big brother doesnt really care about n00bs (such as you and myself lol) we are not even blips on the radar as of yet if thats what your worried about. why concern yourself with such small fish?

I cant really be of any help regarding the firewall stuff but i thought id put your mind to ease in case you were freaking out about that. Yes big brother is watching, but we are nothing. We may as well be dirt compared to some people.

Thats not true. Big brother watches everyone. to them, we're all dangerous hackers

It would make sense to catch the up-and-comers before they develop and nip the problem in the bud, but as a matter of scale and resources, it's unlikely that to be the case.

Plus, you tend to watch the more immediate danger and try to defuse that first, right?

0

Share this post


Link to post
Share on other sites

Thats right, because so much information can be gathered from ICMP!!!!1111!! Big Brother is watching youz!

Kid, it's ICMP..... read the RFC and RTFM.

Also, did any body even bother to LOOK at the times in which his machine was pinged??? They are so far apart that it doesn't even effect his firewall that much..... it's not like some prick launched a DoS Attack on his ass (yet). I agree 100% with WhatChout, they're probably just infected machines... zombies.

0

Share this post


Link to post
Share on other sites

Many thanks for all your comments chaps

you have put my mind at ease now.

Of course im only a noob, but not looking to perform any illegal activities.

all that im concerned about is the security risk side of things, and how to become more familiar with some of the tactics to resolve such events

0

Share this post


Link to post
Share on other sites

p.s this is just for WhatChout

AS HE LOVES THE CAPS BUTTON SO MUCH, LOL

0

Share this post


Link to post
Share on other sites

oh yeh!

forgot to ask

whats are just worms pinging?

also

because I get alot of firewall hits from shaw, on ports UDP 1026-1028 in which are RCP ports, correct me wrong, and when I sniffed the packets it contained a Microsoft error message

"your registry is corrupt please open up internet explorer and type www.registrycleanerxp.com"

ok I did let this happen as I was curious, and not long after this most of my services were down.

was that a DOS attack?

0

Share this post


Link to post
Share on other sites

some of those ip's have to do with something with WebTrends or StatsMachine type

tracking

0

Share this post


Link to post
Share on other sites

do you mean for example,

Alexa, the one that take info of the site (recorded cache)

or do you mean the ones that log all visitors

if so should they be blocked via blockpost for example.

or by an ad blocker?

0

Share this post


Link to post
Share on other sites
oh yeh!

forgot to ask

whats are just worms pinging?

also

because I get alot of firewall hits from shaw, on ports UDP 1026-1028 in which are RCP ports, correct me wrong, and when I sniffed the packets it contained a Microsoft error message

"your registry is corrupt please open up internet explorer and type www.registrycleanerxp.com"

ok I did let this happen as I was curious, and not long after this most of my services were down.

was that a DOS attack?

worms pinging just means it's mindless and nothing to worry about if it's being blocked.

the "your registry is corrupt please open up internet explorer and type www.registrycleanerxp.com" is messager stuff aimed at the windows messenger service that will popup on your desktop if you haven't disabled it, so if you're only seeing it when you are packet sniffing you have nothing to worry about. it's sent to huge blocks of IPs and is mindless and nothing to worry about too.

here's some stuff on DDOS attacks

http://en.wikipedia.org/wiki/Ddos

0

Share this post


Link to post
Share on other sites

There is an edit button....

0

Share this post


Link to post
Share on other sites

btw you said you run a firewall but do you also run a couple of anti-spyware scanners?

0

Share this post


Link to post
Share on other sites
p.s this is just for WhatChout

AS HE LOVES THE CAPS BUTTON SO MUCH, LOL

When will you finally get a clue?

0

Share this post


Link to post
Share on other sites

What is the big problem with capitals

its all part of the punctuation

0

Share this post


Link to post
Share on other sites
What is the big problem with capitals

its all part of the punctuation

Writing with Caps-Lock on all the time is not a part of punctuation at all. It's like abusing the exclamation marks (putting more than 3/4 at the end of the sentence) and saying "it's all part of the language".

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now