Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

General FR Alert.
Free Republic | 10-18-2002 | VANNROX

Posted on 10/18/2002 8:38:06 PM PDT by vannrox

I have been monitoring my PC system, and I have noted a pattern that might be of interest to Freepers. When ever I visit FR I generally get hit with an unauthorized Internet attack. These attacks are low-level, and it appears that someone or something is attempting to probe my PC when ever I log into FR.


I strongly urge other Freepers to make sure that they have somekind of FIREWALL to protect themselves.


I have noticed this before, but I haven't raised this issue, because I thought that it was just random attacks that occurred simply because I was on the Internet. But then I started to monitor it and noticed a correlation between my FR visits and various attacks.


Intruder "Y9K0E0" is most active and engages in the most agressive attempts. But others are involved. Has anyone else noticed this activity?


TOPICS: Constitution/Conservatism; Free Republic; Miscellaneous
KEYWORDS: alert; caution; fr; port; probe; techindex; warning
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061 next last
To: vannrox
I get pinged, so to speak, or probed on a regular basis. Could be from anywhere in the world. Zone Alarm keeps a log of them for me. The most unusual locations IMHO is from Fairfax, VA, and Universal Blvd in Denver, CO. I may see those the most often. When NATO was having their meeting in Italy earlier this year, I was probed by Tarranto Shipping in Italy (only time).

Personally, I believe the DNC still looks at my stuff. Also, probably keylogged by our friendly gov't snoops. Deny. Deny. Deny.
21 posted on 10/18/2002 9:57:27 PM PDT by truth defector
[ Post Reply | Private Reply | To 1 | View Replies]

To: thatdewd; browardchad
What you described sounds exactly like an experience my husband had yesterday. It turned out to be a GMC pop up ad asking him to vote on his favorite song ("Little Red Corvette" was playing). He emailed them a big "NO" vote on the ad, and let them know that, as a very satisified GMC owner, if the ad continued he would seriously reconsider buying a GMC the next time he's in the market for a vehicle.
22 posted on 10/18/2002 10:13:21 PM PDT by dixiechick2000
[ Post Reply | Private Reply | To 11 | View Replies]

To: vannrox
A little over a year ago , when I was replying a lot to the TWA-800 SHOOTDOWN Cover-Up posts, (I thought it was terrorism, due to the 25-Knot speedboat that fled the seen, and James Kallstrom morphing the boat into a nebulous helicopter). Well I checked some of my BlackICE pings just for the heck of it throughh ARIN WHOIS at www.arin.net/whois. One number=164.190.200.3 came back as NCC.NCTS.NAVY.MIL
number 138.147.10.10 came back to GATE.NCTS.NAVY.MIL
all came under the umbrella as =DOD Network Information Center (JMCIS-BLOCK) Space and Navy Warfare Systems, Washington DC, 20363-5100.

I printed out a copy of it at the time and will gladly E-mail, or Fax it to any doubting Thomas who asks for a copy!!
I guess they found out I was a harmless poor ole soul from Ohio, and that was the end of them snooping.
23 posted on 10/18/2002 10:13:33 PM PDT by timestax
[ Post Reply | Private Reply | To 1 | View Replies]

To: vannrox
I looked at Zone Alarm and I got this at 12 AM CST:

ZoneAlarm has blocked access to port 1433 on your computer

ZoneAlarm has successfully stopped local network or Internet traffic from reaching your computer. No breach in your security has occurred. Your computer is safe. What happened?

ZoneAlarm blocked traffic to port 1433 on your machine from port 2447 on a remote computer whose IP address is 202.29.21.4. This communication attempt may have been a port scan, or simply one of the millions of unsolicited commercial or network control messages that are routinely sent out over the Internet. Such unsolicited messages are often called Internet background noise.

Should I be concerned?

This alert should not be a cause for concern. ZoneAlarm has protected your machine according to the firewall settings you have selected.

Might be a ping from msn, my ISP, or something FR server is doing--or a probe, as others have suggested.

24 posted on 10/18/2002 10:15:50 PM PDT by Forgiven_Sinner
[ Post Reply | Private Reply | To 1 | View Replies]

To: gcruse
There is no "authentication certificate" for the Adware I tried downloading - sooooo - I'm hesitating using it...any advice, anyone?
25 posted on 10/18/2002 10:28:19 PM PDT by goodnesswins
[ Post Reply | Private Reply | To 18 | View Replies]

To: vannrox
bump
26 posted on 10/18/2002 10:49:38 PM PDT by timestax
[ Post Reply | Private Reply | To 1 | View Replies]

To: libertynews
Just reading (or even logging into FR) doesn't reveal your IP address to anyone.

Somebody "sniffing" FR's line can collect IP addresses and anything else they want...

And yes, I've noticed the same correlation between visits to FR and an increase in the frequency of port scans.

27 posted on 10/18/2002 11:02:27 PM PDT by FormerLurker
[ Post Reply | Private Reply | To 4 | View Replies]

To: truth defector
Deny,deny deny
28 posted on 10/18/2002 11:11:37 PM PDT by timestax
[ Post Reply | Private Reply | To 21 | View Replies]

To: vannrox
I've got 46 attacks since yesterday morning when I cleared my alerts. I get probed all the time and I usually ignore them, though I do check out who it is every now and then. I do keep my logs though.
29 posted on 10/19/2002 3:41:48 AM PDT by philman_36
[ Post Reply | Private Reply | To 1 | View Replies]

To: vannrox
47
30 posted on 10/19/2002 3:54:01 AM PDT by philman_36
[ Post Reply | Private Reply | To 29 | View Replies]

To: vannrox
And my...aren't there some very interesting and queer attempts.
31 posted on 10/19/2002 6:08:48 AM PDT by philman_36
[ Post Reply | Private Reply | To 30 | View Replies]

To: thatdewd
I just had the little red corvette song play, no pop ups. i was looking at FR and Yahoo news...Hmmmm.
32 posted on 10/19/2002 6:20:10 AM PDT by finnman69
[ Post Reply | Private Reply | To 11 | View Replies]

To: finnman69
bttt
33 posted on 10/19/2002 8:32:02 AM PDT by timestax
[ Post Reply | Private Reply | To 32 | View Replies]

To: vannrox; Jim Robinson; John Robinson
Jim and John,

You may want to take a look at this thread.
34 posted on 10/19/2002 10:39:45 AM PDT by Ms. AntiFeminazi
[ Post Reply | Private Reply | To 1 | View Replies]

To: vannrox
Thanks for posting this.
35 posted on 10/19/2002 11:59:08 AM PDT by Fiddlstix
[ Post Reply | Private Reply | To 1 | View Replies]

bumping to check back later
36 posted on 10/19/2002 12:11:50 PM PDT by Lion's Cub
[ Post Reply | Private Reply | To 35 | View Replies]

To: vannrox
Yes, I also had those occurances. The most recent occurred after following a link to Jpost.com. Immediately after hitting the jerusalem post weblink, I was hit with close to 20 attempts to penetrate our desktop system, port scanned multiple times, and then probed.

These scans and probes were clearly linked to my hitting the jpost.com website. Using rDNS lookup based on our firewall log lead to us identifying the origins of the pings, fingers, probing, and scanning... it was jpost.com!

If you can post the IP address of the individual attacking your ports, I can do some rDNS work.
37 posted on 10/19/2002 1:50:16 PM PDT by bonesmccoy
[ Post Reply | Private Reply | To 1 | View Replies]

To: vannrox; Ernest_at_the_Beach; *tech_index
Thread indexed - FR Bump List (Scroll down to tech index and click.)
38 posted on 10/19/2002 4:23:44 PM PDT by American Preservative
[ Post Reply | Private Reply | To 1 | View Replies]

To: timestax
bumpity uppity
39 posted on 10/19/2002 4:34:06 PM PDT by timestax
[ Post Reply | Private Reply | To 33 | View Replies]

To: Forgiven_Sinner
ZoneAlarm has blocked access to port 1433 on your computer...

1433 is the default Microsoft SQL Server port. Someone is trying to probe your machine for the presence of this software package. If your machine were listening on port 1433 then the remote computer would most likely begin a sequence of well known probes to attempt to hijack your database engine.

You can verify that port 1433 is not active on your machine by loading a command line and typing:

On a windows machine
C:\>netstat -an

Look for port 1433. On a linux / UNIX machine:

#netstat -an | grep 1433

Bottom line... I wouldn't worry about it. Get a firewall if you don't already have one. Take care.

40 posted on 10/19/2002 4:58:27 PM PDT by gcraig
[ Post Reply | Private Reply | To 24 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson