Is this normal?

L

Linkes

Guest
I sobered up a few months ago and started asking questions, some weeks ago Norton threw a warning at me regarding a port scan somebody was attempting, it was quickly blocked and i forgot all about it.
Yesterday i installed Whois, i found out today a log was created by norton for all attacks to my pc.
Whois returns this result for the last port probe.

Active Whois 2.6.4145
Sun, 7 May 2006 18:57:07 +0000 (GMT Standard Time)
Looking for '7.12.12.16'

7.12.12.16 - host unavailable
No DNS record found

---
No domain given

---
IP address:
Looking for '7.12.12.16'

Server 'whois.arin.net' reply [645 bytes in raw data]:

OrgName: DoD Network Information Center
OrgID: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US

NetRange: 7.0.0.0 - 7.255.255.255
CIDR: 7.0.0.0/8
NetName: DISANET7
NetHandle: NET-7-0-0-0-1
Parent:
NetType: Direct Allocation
Comment:
RegDate: 1997-11-24
Updated: 2006-04-28

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-800-365-3642
OrgTechEmail: HOSTMASTER@nic.mil

# ARIN WHOIS database, last updated 2006-05-06 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


Is there a simple explanation? Thank you.
 
Only .aero, .arpa, .biz, .cat, .com, .coop, .edu, .info, .int, .jobs, .museum, .name, .net, .org, .pro, or .travel are registered under WHOIS so it's likely the ip address is none of these. It even says it has no DNS entry. You can go to internic.net to check as well. A traceroute says the host is unreachable.
 
Just to state the obvious, since it's the Department of Defense, working through a military hostmaster, can you think of any reason you're being watched by our friends in uniform? That's a silly question, I know, since we're all probably being watched by our friends in uniform and you just happened to stumble upon evidence of it. I imagine that if they want to see what you're doing, there is really on way to stop them, or does someone have software that could stop them? Just curious, since chances are you aren't the only person here who is being monitored.
 
Being a cynic, I'd say it's a compromised "zombie PC". Security at military installations, even after all the hacking incidents in the '90s, is still lax. I'd characterize the military as being even more dumb than your average big corporation, and your average big corporation is pretty dumb. Which means they don't have enough "creative" and intelligent people to keep all their systems secure. They mostly rely on the fear of retribution to keep hackers out. Those old hierarchal systems put all the burden of intelligent thinking at the top, and there never is enough intelligent thinking to cover everything.

I'd say it's your duty and responsibility to maintain your own computer security, from attacks from anyone. I suspect the secret gov't factions do have their own hackers, but that they are used to hit priority targets, and you're not likely to be seen as a priority, unless you gain the sort of media attention and notoriety as say, Sheehan. And those hackers are likely to hit you from some other zombie PC, than one from a military base. Most likely a computer from outside the U.S. Once you cross national borders, it becomes almost impossible to stop a hacking attack, or trace back who did it.

There's an old saying about computer security - the only truly secure computer is one that's been unplugged from the network, powered down, and buried in a hole in the ground someplace that only you know. And even then it's not really secure.
 
The information i posted, questions i asked on /TS have all been deleted. I was banned around 2 weeks ago even though they say i am not banned. This probe from DOD came around 5 weeks ago.

My intention when i visited the above site was not to find out about 911 but to ask an unrelated question. I was sidetracked for around 5 months when i found and viewed lo0se change. I never did ask that question but i did make a comment.

It was something along the lines of "there is more to the USG/ than meets the eye".

I think it was around that time the DOD gave me 5 knocks over 3 days. If the post had not been deleted i would know the date for sure , i am fairly certain it was around those dates.


I am trying to tread light for one reason, the information i would like to speak about could easily be removed. http://www.cassiopaea.org/forum/index.php?topic=1411

I have saved a fair amount so far.
 
a friend got a tracking (by the same folk) right after we were looking up some info on the USG/\ regarding land usage and mining stuff in Oregon's Cascade Mtns, it was about a year ago I think. I thought it was weird but it freaked her out.
 
One other little factoid is to know what a port scan is.

It is comparable to having someone come up to your house and trying to open each door and window to see if they can "easily" enter your house. If all the doors and windows are locked and your front door requires a key, you are "safe".

Regardless of exactly where the computer is and why it is scanning your ports, the important thing is that you have installed a firewall [Norton].

Of course if you work for the NSA and want to make sure you can access computers that you need to access, you would have someone in the agency get a job at Microsoft, Norton and McAfee and create back doors that nobody knows about. (Or you would bribe/blackmail a few people in those respective companies.) With the size of these software programs anymore, who really knows what they are doing behind the scenes...
 
rs said:
Regardless of exactly where the computer is and why it is scanning your ports, the important thing is that you have installed a firewall [Norton].
Click to expand...
It's odd, I don't know anything much about computers but one thing has puzzled me: every so often I get a pop up message from my security software ('ZoneAlarm') telling me 'the firewall has blocked access to your computer', or something like that. So far I have just ignored it, to be honest I don't even know what a firewall is!
 
A firewall is a thingy (it can be a "layer" of software or it can be a function of a router) that inserts itself between the internet and your computer applications.

It does two things, prevent access and enable access. Whether or not it prevents or enables depends on "rules". You can put a rule in the firewall that will prevent any outsider from attempting to connect to port 80, which if you do not intend to be a web server prevents a bug in IE or Windoze from being exploited. The port request just gets ignored. You can put a rule in the firewall that will prevent any (outbound) access to "www.pornosite.com" and prevent your kids (as well as yourself) from getting at any information from that domain.

Some firewalls allow complex rules that would only allow access to "www.pornosite.com" after 10PM, so you can get your kicks after the kids are asleep.

A firewall can be compromised by having bad rules, because all it does is look at the request and look at the rules and see if there is a rule for this request.

Usually it is not the kind of thing you need to be an expert about, but if you were to become a computer expert on just one thing I would recommend that you know everything there is to know about your firewall.

Also there are many vendors of firewalls. (ZoneAlarm is a fine one, Norton and McAfee are probably the market share leaders only because they offer total packages.) Everyone should have one on their computer. Even microcrush has jumped on the bandwaggon. Windoze XP (or any XP version with SP2) now comes with a firewall as a standard.

When you get these popup messages from ZoneAlarm it is not something to be concerned about unless it is a lot. All it tells you is that the software is working.

Which is good.
 
Personally, I somehow don't trust the big guys like Norton or Zonealarm, although one of my first firewall that I installed was Zonealarm. I now used Kerio Firewall which I find to be very user friendly and gives enough information for most users. Have a look here before you make up your mind.

Regards.
 
A firewall is only one leg of the tripod - there's the virus scanner, and then there's you, or as some people like to say, the component that connects the chair to the keyboard.

If something gets past your firewall, you want to be able to stop whatever it is from running. That's the virus scanner's job. If it makes it past your firewall and virus scanner, well, you're probably dealing with a pro, and he bills by the hour. So someone must think you're worth a lot of money to bother with.

The duty of the chair-to-keyboard connector is not to click on those stupid emails that get passed around. You know the emails I'm talking about. That, and those fake pop-under dialog boxes. Just say no.

While we're on the subject, wi-fi is inherently insecure. Not to mention toxic, due to microwave radiation. Even if you use the encryption, given enough snooped data (2Gb), the key to the cipher can be cracked. 100ft (~30m) of UTP ethernet cable runs about $60, which is cheaper than wifi anyway.

I won't get into the more esoteric details of computer security. If you're a high security installation, you'll also need to put RF sheilding over all your computer equipment. There's a lot of info someone can get just from the RF emissions of your computer and monitor. But that requires someone sit outside your house in a van. And those people also cost quite a bit of money, so if you've rated that level of snooping, well, you're dealing with pros again.

Some people don't like ZoneAlarm, because they're Isreali-based, and suspect that there may be back doors hidden in the software. If you're really concerned about code auditing, your only real choice is to configure linux or BSD as a firewall. That's where you compile all the code from source, after having looked at every single line, or hiring someone to do that for you, and trusting what that person is telling you.

See what I mean about the only truly secure computer being unplugged and buried underground with the only treasure map to it inside your head? :)
 
Thank you for that advice John.

Regarding the RF emissions, would sitting inside a copper enclosure be of use to somebody requiring that kind of protection?
 
Linkes said:
Thank you for that advice John.

Regarding the RF emissions, would sitting inside a copper enclosure be of use to somebody requiring that kind of protection?
Click to expand...
YES. That's RF shielding. Well, actually, what you just described is called a Faraday Cage, but it stops any RF emissions, in or out. Sure, if what you're doing, you think is that sensitive, by all means. What most of those kind of installations do though, is cover all the computer equipment with copper mesh. Takes less copper that way.

Make sure the copper mesh is well-grounded. Consult an electrician, if you need to.
 
hi.

i'm not an expert but i wonder if it's wise to use security software like Kerio product. i mean software which is free and "seeming the best", and thus popular and widely used. note that Kerio Firewall is not an open source piece and one can't say what the program is really doing, aside from performing firewall tasks. it may well contain some hidden features designed in order to gain some sort of control over many personal computers all over the world. the Kerio's main partner is McAfee Inc. which works in strategic cooperation with such companies as Microsoft and AOL. as to choosing dependable firewall software, i think the best solution would be to use a commercial, "alternative" product made by some small firm.
 
You must log in or register to reply here.
Back
Top Bottom