General FR Alert.

Free Republic | 10-18-2002 | VANNROX

[vannrox]

I have been monitoring my PC system, and I have noted a pattern that might be of interest to Freepers. When ever I visit FR I generally get hit with an unauthorized Internet attack. These attacks are low-level, and it appears that someone or something is attempting to probe my PC when ever I log into FR.


I strongly urge other Freepers to make sure that they have somekind of FIREWALL to protect themselves.


I have noticed this before, but I haven't raised this issue, because I thought that it was just random attacks that occurred simply because I was on the Internet. But then I started to monitor it and noticed a correlation between my FR visits and various attacks.


Intruder "Y9K0E0" is most active and engages in the most agressive attempts. But others are involved. Has anyone else noticed this activity?

[truth defector]

I get pinged, so to speak, or probed on a regular basis. Could be from anywhere in the world. Zone Alarm keeps a log of them for me. The most unusual locations IMHO is from Fairfax, VA, and Universal Blvd in Denver, CO. I may see those the most often. When NATO was having their meeting in Italy earlier this year, I was probed by Tarranto Shipping in Italy (only time).

Personally, I believe the DNC still looks at my stuff. Also, probably keylogged by our friendly gov't snoops. Deny. Deny. Deny.

[dixiechick2000]

What you described sounds exactly like an experience my husband had yesterday. It turned out to be a GMC pop up ad asking him to vote on his favorite song ("Little Red Corvette" was playing). He emailed them a big "NO" vote on the ad, and let them know that, as a very satisified GMC owner, if the ad continued he would seriously reconsider buying a GMC the next time he's in the market for a vehicle.

[timestax]

A little over a year ago , when I was replying a lot to the TWA-800 SHOOTDOWN Cover-Up posts, (I thought it was terrorism, due to the 25-Knot speedboat that fled the seen, and James Kallstrom morphing the boat into a nebulous helicopter). Well I checked some of my BlackICE pings just for the heck of it throughh ARIN WHOIS at www.arin.net/whois. One number=164.190.200.3 came back as NCC.NCTS.NAVY.MIL
number 138.147.10.10 came back to GATE.NCTS.NAVY.MIL
all came under the umbrella as =DOD Network Information Center (JMCIS-BLOCK) Space and Navy Warfare Systems, Washington DC, 20363-5100.

I printed out a copy of it at the time and will gladly E-mail, or Fax it to any doubting Thomas who asks for a copy!!
I guess they found out I was a harmless poor ole soul from Ohio, and that was the end of them snooping.

[Forgiven_Sinner]

I looked at Zone Alarm and I got this at 12 AM CST:

ZoneAlarm has blocked access to port 1433 on your computer

ZoneAlarm has successfully stopped local network or Internet traffic from reaching your computer. No breach in your security has occurred. Your computer is safe. What happened?

ZoneAlarm blocked traffic to port 1433 on your machine from port 2447 on a remote computer whose IP address is 202.29.21.4. This communication attempt may have been a port scan, or simply one of the millions of unsolicited commercial or network control messages that are routinely sent out over the Internet. Such unsolicited messages are often called Internet background noise.

Should I be concerned?

This alert should not be a cause for concern. ZoneAlarm has protected your machine according to the firewall settings you have selected.

Might be a ping from msn, my ISP, or something FR server is doing--or a probe, as others have suggested.

[goodnesswins]

There is no "authentication certificate" for the Adware I tried downloading - sooooo - I'm hesitating using it...any advice, anyone?

[timestax]

bump

[FormerLurker]

Just reading (or even logging into FR) doesn't reveal your IP address to anyone.

Somebody "sniffing" FR's line can collect IP addresses and anything else they want...

And yes, I've noticed the same correlation between visits to FR and an increase in the frequency of port scans.

[timestax]

Deny,deny deny

[philman_36]

I've got 46 attacks since yesterday morning when I cleared my alerts. I get probed all the time and I usually ignore them, though I do check out who it is every now and then. I do keep my logs though.

[philman_36]

47

[philman_36]

And my...aren't there some very interesting and queer attempts.

[finnman69]

I just had the little red corvette song play, no pop ups. i was looking at FR and Yahoo news...Hmmmm.

[timestax]

bttt

[Ms. AntiFeminazi]

Jim and John,

You may want to take a look at this thread.

[Fiddlstix]

Thanks for posting this.

[Lion's Cub]

bumping to check back later

[bonesmccoy]

Yes, I also had those occurances. The most recent occurred after following a link to Jpost.com. Immediately after hitting the jerusalem post weblink, I was hit with close to 20 attempts to penetrate our desktop system, port scanned multiple times, and then probed.

These scans and probes were clearly linked to my hitting the jpost.com website. Using rDNS lookup based on our firewall log lead to us identifying the origins of the pings, fingers, probing, and scanning... it was jpost.com!

If you can post the IP address of the individual attacking your ports, I can do some rDNS work.

[American Preservative]

Thread indexed - FR Bump List (Scroll down to tech index and click.)

[timestax]

bumpity uppity

[gcraig]

ZoneAlarm has blocked access to port 1433 on your computer...

1433 is the default Microsoft SQL Server port. Someone is trying to probe your machine for the presence of this software package. If your machine were listening on port 1433 then the remote computer would most likely begin a sequence of well known probes to attempt to hijack your database engine.

You can verify that port 1433 is not active on your machine by loading a command line and typing:

On a windows machine
C:\>netstat -an

Look for port 1433. On a linux / UNIX machine:

#netstat -an | grep 1433

Bottom line... I wouldn't worry about it. Get a firewall if you don't already have one. Take care.