Archive for October, 2007

VMP’s or Vile Machine Probes!

October 10, 2007

Over the past several blogs, I’ve been reporting on netstat as a tool to find out who is connecting to my machine. I assumed up until yesterday that all of the Microsoft connections were beneficial updates and not data mining excursions. Now I know different. I was using both netstat and X-netstat 5.1 and in addition to (198.65.147.194) which I reported on in three different posts (1, 2, 3), I decided to check the rest of the connections from some sites.

First, I went to fatsavage.wordpress.com and found the ever present carnivore which you really can’t do much about. In addition there was the wordpress-Akamai services, the Snap tool, Google statistics and ltdomains.com which is also related to WordPress. In addition, there were connections from unknown.level3.net and Panther Express which is a direct competitor of Akamai and certainly wasn’t invited by ether them or I

When I went to this site (Tigerstail.wordpress.com), there were two connections from unknown.level 3 and Panther Express was gone. I went to a fairly non confrontational site and nobody bothered to monitor me except Google stats which is everywhere. I than went to fatsavage.com, home of the Fatsavage Shitlist of Law Enforcement Honeypots, and netstat lit up like a meteorite self destructing over Tunguska.

There were the normal connections by my blog host and Amazon and most of them used multiple connections to speed up the content feed but nothing like Carnivore from my local ISP. It tapped into my machine on 63 different ports at the same time. This is like the previously described hitbot on speed and I’m sure it was looking for hashed kiddie porn pictures which would identify the visitor as a pedophile instead of a libertarian protesting domestic spying.

This is not the first time I’ve witnessed VMP. I caught one site connecting on over 100 ports but was so stunned that I wasn’t quick enough to catch it on a hard copy.

VMP stands for Vile Machine Probes but is a direct tribute to Dr. Spock and the technical capabilities of the Vulcan Mind Probe. Of course the original VMP’s were dangerous because there was always a sharing of information and also a chance of physical damage to the weaker species. The same is true today.

By the way, I use a Firefox Browser on a Windows XP machine with updated PCcillin anti-virus and firewall. Once your using a Windows operating system, it’s splitting hairs to argue about who has the best antivirus.

Advertisements

Vistasucks Is Worth The Link!

October 9, 2007

A couple of months ago I linked to Vista Sucks and visit it from time to time. This person does incredible research on every aspect of Vista and links to articles from everywhere. My principle concern is not whether Vista sucks or not but whether its secure.

One recent link is to an article about information harvesting that Microsoft does for themselves for business and security reasons and that you have already given your permission for them to give your information to law enforcement agencies to protect the general public. Apparently this is old news that everybody else knew except for you and I.

Both links are worth a visit if you care about either personal privacy or Vista.

Netstat – My New Best Friend!

October 7, 2007

If your gonna be a hacker, you have to use netstat to figure out who’s hacking you and if you can’t defend yourself, you better not start an attack.

I have grow accostomed to having netstat open and sometimes even running in background. I never much thought about the fact that it is operating on a totally different operating system than Windows. One day while surfing, my whole Windows system froze (Firefox on Windows XP)and for no particlular reason I clicked on the DOS window and found netstat up and running and monotoring my system. There were connections to cnn.com and a content delivery system called Limelite which could be explained by being from the last site I visited.

There was also 66.228.208.169 which turned out to be registered to adtaq.com which was not an invited guest.

The next morning, I turned on my machine and immediately started a DOS window running “netstat -ano 7” which means it refreshes every 7 seconds. Before anything could even update, I had two intruders, the FBI and adtaq.com

Since I couldn’t find very much on adtaq.com and didn’t feel like wasting time I blocked them at my firewall.

Oh well, shit happens.

Just Plane Stupid!

October 6, 2007

As reported, the trial of Jammie Thomas for file sharing music was just plain stupid. The ability of Organizations to probe your machine is incredible and your computer is a treasure island of hidden information. The script kiddies in forums have been discussing firewalls, evidence eliminators and a lot of other information but what they pretty much ignore is that Jammie’s privacy was invaded and the music companies found the evidence they wanted by invading her privacy. They then sent her a letter notifying her of what she had done. She destroyed her hard drive but it was too late the evidence they had gathered without her knowledge or permission was enough to convict her.

Now I’m very paranoid about my own computer privacy and over the course of this blog, I have been using the DOS command netstat to find out who is connected and what processes they our running on my computer. I call these external information gathering connections Vulcan Mind Probes and I don’t particularly care whether its Google or Quantcast gathering cookie information to find out my tastes and the other sites I visit. As a matter of fact, I’m addicted to quantcast.com and love the information they gather on your machine so I guess I have to live with them invading my privacy with a Vulcan mind probe.

Now the FBI’s activity was the first I discovered and it’s sort of like having a constant companion. When they disappeared for a few days, I got even more paranoid because I was worried about them having a super stealth probe that I could not monitor. (They Do.) However, today is not the day I catch that. While typing this I set up the following at the DOS command prompt:

C:\WINDOWS>netstat -ano 7

The response showed one connection
TCP 192.168.0.101:2203 72.247.8.199:80 ESTABLISHED 548
The process id was for my antivirus program which was monitoring the connection.

As soon as I used the “Save and Continue Editing” function in WordPress, I got the following response

TCP 192.168.0.101:2203 72.247.8.199:80 ESTABLISHED 548
TCP 192.168.0.101:2205 66.185.33.184:80 TIME_WAIT 0
TCP 192.168.0.101:2207 66.185.33.184:80 TIME_WAIT 0
TCP 192.168.0.101:2210 72.247.8.199:80 ESTABLISHED 548

The new connection was not WordPress but a direct connection to my local ISP where the FBI’s Carnivore exist. I’m so used to this connection that I barely notice and assume that it’s a stealth key stroke logger reporting in with my reient activity.

This morning, I’m continuing my test with a trial version of “X-NetStat 5.1”. First I opened up two DOS Windows. In the first, I ran the above command and let it go continuously after restarting the machine from a cold start. In the second, I ran “netstat -bv 10” which is an extremely slow process so you always miss connections. Then I started “X-NetStat 5.1”.

Early reports showed no active external connections.

I then opened a blank browser and rechecked the results which still showed no external connections. I then connected to fatsavage.wordpress.com and “netstat -bv” was too slow to catch all the processes and users. Netstat -ano did a much better job of monitoring connections and processes but the hands down winner for monitoring connections was definitely “X-NetStat 5.1” which identified and reported the following connections:

72.14.253.91=po-in-f91.google.com
66.185.33.184=auto-66.185.33.184.wirelessworld.vi
72.247.8.199=a72-247-8-199.deploy.akamaitechnologies.com
72.14.207.104=eh-in-f104.google.com
38.98.19.109=38.98.19.109
66.77.65.78=66.77.65.78
198.65.147.194=198.65.147.194

The first connection is the Google stats connection doing its data mining and the second is my old friends at the FBI. Next is Akamai which is hosting WordPress and distributing it worldwide. Then we have a second Google probe and after that it’s not obvious but if you put the IP starting with 38 in your browser, thats a snap.com connection which I consider a cool tool and is welcome.

After that it gets a little more interesting as 66.77.65.78 belongs to Panther Express which is a direct competitor to Akaimi and is capable of high speed global information transfers and the final one, I found by putting the IP in the URL Locater. You can click the link below or just trust me:

198.65.147.194

Check it out or click the link! – No lie, its for IslamOnLine.net I simply can’t believe that anyone has put a Fatwa on me. I mean I’m not Salman Rushdie and I was not born a Muslim. Besides I thought my writing on Islamic porn was fairly balanced.

It turns out that this probably is not a Vulcan mind probe by Islamic forces but just another bunch of cops rattling there badges. The story will be posted at fatsavage.wordpress.com

So what is Just plain stupid?

Not only does IslamOnLine.net link directly to a porn portal, but it’s a well documented cop-site. With all the IP’s and hosting companies on line, you really want to know why anybody would want to use their own name and a cop-site porn server to attack someone. As we find out don’t blame the Muslims for this one.

In the end this totally irresponsible stupid probe takes out a cop porn site not previously identified and an Islamic site that is an American front.

Good Christ, these fucking idiots should go back to the WWII slogan – “loose lips, sink ships” and stop giving away the farm.