Kevin Poulsen, SecurityFocus 2000-07-07
A mysterious California company is sweeping the net for live hosts, and touching off alarms around the world.
Colapse all |
Post comment
Quova
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
Quova
2000-07-07
Anonymous (3 replies)
Anonymous (3 replies)
Maybe they are researching new scanning technologies? I don't have much knowledge regarding network scanning programs, but I want people's opinions on this. Suppose that this scanning is a control setup. And the experiment is scanning using some new method and seeing if it will be detected, IOW wi...
[ more ] [ reply ]
[ more ] [ reply ]
Anyone care to share the source IP?
2000-07-07
Anonymous (3 replies)
Anonymous (3 replies)
Sounds like a good one to block ICMP from! Map my network? No thanks, block it all at the firewall. Will they resort to NMAP's advanced scanning if everyone blocks them?...
[ more ] [ reply ]
[ more ] [ reply ]
Anyone care to share the source IP?
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
According to one guy on Slashdot, their IP ranges are:
63.109.88.104 - 63.109.88.111
and
63.102.181.0 - 63.102.181.255
I would take this with a grain of salt (and try doing some more nslookups -- I got DNS timeouts on the ones I tried)....
[ more ] [ reply ]
63.109.88.104 - 63.109.88.111
and
63.102.181.0 - 63.102.181.255
I would take this with a grain of salt (and try doing some more nslookups -- I got DNS timeouts on the ones I tried)....
[ more ] [ reply ]
Anyone care to share the source IP?
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
People, if all they are using is pings, why should I care what they are doing? It would take an awful lot of pings to kill my firewall, certainly they don't have the pipe to do it....
[ more ] [ reply ]
[ more ] [ reply ]
IP address range?
2000-07-07
Anonymous (3 replies)
Anonymous (3 replies)
Anyone know the IP address range of Quova's scanners?
Simon Hill (simon (at) metasystema (dot) org [email concealed])
Systems Administrator
www.metasystema.org
...
[ more ] [ reply ]
Simon Hill (simon (at) metasystema (dot) org [email concealed])
Systems Administrator
www.metasystema.org
...
[ more ] [ reply ]
IP address range?
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
ARIN.net reports:
Quova Inc. (NETBLK-UU-63-109-88-104) UU-63-109-88-104
63.109.88.104 - 63.109.88.111
Quova, Inc (NETBLK-UU-63-102-181) UU-63-102-181 63.102.181.0 - 63.102.181.255
My firewall logs don't show any traffic from t...
[ more ] [ reply ]
Quova Inc. (NETBLK-UU-63-109-88-104) UU-63-109-88-104
63.109.88.104 - 63.109.88.111
Quova, Inc (NETBLK-UU-63-102-181) UU-63-102-181 63.102.181.0 - 63.102.181.255
My firewall logs don't show any traffic from t...
[ more ] [ reply ]
IP address range?
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
May 28 22:42:32 ICMP: echo from dcexat100.quova.net (216.35.166.230) (8 bytes)
May 28 22:42:32 ICMP: echo from dcexat100.quova.net (216.35.166.230) (18 bytes)
May 31 08:31:45 ICMP: echo from dcexnj200.quova.net (64.14.60.198) (8 bytes)
Jun 2 13:35:40 ICMP: echo from dcexdc200.quova.net (64.58.86...
[ more ] [ reply ]
May 28 22:42:32 ICMP: echo from dcexat100.quova.net (216.35.166.230) (18 bytes)
May 31 08:31:45 ICMP: echo from dcexnj200.quova.net (64.14.60.198) (8 bytes)
Jun 2 13:35:40 ICMP: echo from dcexdc200.quova.net (64.58.86...
[ more ] [ reply ]
IP address range?
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
I think I see a pattern here....look at the end of names of the systems....it might be geographic locations (nj=new jersey, au=austin, at=atlanta)?...
[ more ] [ reply ]
[ more ] [ reply ]
IP address range?
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
I found this over @ slashdot.org who covered this story. Some guy had checked with http://www.arin.net/whois (Arin whois search) and found this:
Netname: CNCX-BLK-5
Netblock: 208.36.0.0 - 208.37.255.255
Maintainer: CNCX
Hope that answers your question
woodstok (at) pornindustry (dot) com [email concealed] ...
[ more ] [ reply ]
Netname: CNCX-BLK-5
Netblock: 208.36.0.0 - 208.37.255.255
Maintainer: CNCX
Hope that answers your question
woodstok (at) pornindustry (dot) com [email concealed] ...
[ more ] [ reply ]
Why not .gov ?!?
2000-07-07
Anonymous (6 replies)
Anonymous (6 replies)
I have to wonder why they are not scanning .gov? Their explanation for scans offers no hint as to why they avoid .gov. The truth always lies in shades of gray, and its pretty grey as to why they are only scanning commercial ips. ...
[ more ] [ reply ]
[ more ] [ reply ]
Why not .gov ?!?
2000-07-07
Anonymous (2 replies)
Anonymous (2 replies)
For the same reasons they aren't scanning .mil I'm sure! I'm guessing they didn't want to run the risk of being (discretely) shut down. Either that or they had been scanning .gov in the beginning and they've already been (discretely) -TOLD- to cease and desist scanning just .gov.
That's just sup...
[ more ] [ reply ]
That's just sup...
[ more ] [ reply ]
Why not .gov ?!?
2000-07-07
Anonymous
Anonymous
Because the .gov and .mil sites would sue and quickly ends thier hopes for an IPO. The governement has "free" lawyers, paid for br your taxes, rich multinational corps (coincidentally the only ones able to be excluded, surprise surprise) also have "free" lawyers on retainer.
Business good, corpora...
[ more ] [ reply ]
Business good, corpora...
[ more ] [ reply ]
Why not .gov ?!?
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
It looks like they're looking to get information on corporate users and home users only. And hence, not Goverment users.
Also, people behind .gov and .mil can actually do something if you piss them off =)...
[ more ] [ reply ]
Also, people behind .gov and .mil can actually do something if you piss them off =)...
[ more ] [ reply ]
Why not .gov ?!?
2000-07-07
Anonymous
Anonymous
Would not their actions suggest they were in fact hired by a gov agency? If they(gov) did it themselves would not there be a public outcry? What better way to hide their actions than contract Quova to do the dirty work using Internet Commerce as a cover. No I'm not paranoid ..not me....
[ more ] [ reply ]
[ more ] [ reply ]
Why not .gov ?!?
2000-07-07
Anonymous
Anonymous
Well obviously, in spite of what they say, they realize that there activity is intrusive and possibly actionable, and they think that they can bully the private sector, where-as .gov might take action to stop them. FWIW, I think they are spammers, or supporting UCE-type spam. Thier patter is the ...
[ more ] [ reply ]
[ more ] [ reply ]
Why not .gov ?!?
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
Actually, they're excluding more than .gov if they're avoiding governmental addresses-- remember there's also .mil, and I don't think state/local governments get .gov addresses (example: my high school's domain name had a k12.va.us on the end of it-- not .edu, that's just for colleges). And don't be...
[ more ] [ reply ]
[ more ] [ reply ]
Why not .gov ?!?
2000-07-07
Anonymous
I think they are setting up a spamming company. At the moment, they are exploring the whole internet, and locating the geographic position of every computer linked up to the net. They could easily use some other technique to match these names with email addresses. (Using data from a sister compa...
[ more ] [ reply ]
Anonymous
I think they are setting up a spamming company. At the moment, they are exploring the whole internet, and locating the geographic position of every computer linked up to the net. They could easily use some other technique to match these names with email addresses. (Using data from a sister compa...
[ more ] [ reply ]
IP
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
The only thing I could get on quova is www.quova.com and an IP address of 208.37.145.34...
[ more ] [ reply ]
[ more ] [ reply ]
IP
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
Oh Please... It's not hard to get more info than that about them:
host -l quova.com
whois -h whois.networksolutions.com quova.com
...
[ more ] [ reply ]
host -l quova.com
whois -h whois.networksolutions.com quova.com
...
[ more ] [ reply ]
scanned by 64.41.164.56
2000-07-10
Anonymous
Anonymous
Our network was scanned on June 12 similar to "Scanned in Seattle's" description. Source address was 64.41.164.56. I sent a complaint to concerns (at) quova (dot) net [email concealed] and security (at) exodus (dot) net [email concealed] and didn't get any response back, despite what it said in the article....
[ more ] [ reply ]
[ more ] [ reply ]
Quova
2000-07-07
Anonymous
Anonymous
Snip....
"Obviously, I want to decrease that number," says Muniz. To that end, the company is working to refine its technique, so as to fly stealthily beneath the radar of firewalls and intrusion detection systems. "It's a goal we have," says Muniz. "Someday I'd like to get the system to the point ...
[ more ] [ reply ]
"Obviously, I want to decrease that number," says Muniz. To that end, the company is working to refine its technique, so as to fly stealthily beneath the radar of firewalls and intrusion detection systems. "It's a goal we have," says Muniz. "Someday I'd like to get the system to the point ...
[ more ] [ reply ]
Quova Website
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
Just a note,
I've been in contact with Digiweb (an Interliant company).
Just FYI, the scans are not coming from them. Their website is simply hosted there. But in response and to avoid security "problems", the site has been taken down. Gotta love security precautions
So for now, at least...
[ more ] [ reply ]
I've been in contact with Digiweb (an Interliant company).
Just FYI, the scans are not coming from them. Their website is simply hosted there. But in response and to avoid security "problems", the site has been taken down. Gotta love security precautions
So for now, at least...
[ more ] [ reply ]
Quova Website
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
Now what good will that do them?
If they change IP, I can change the one dropped in hosts.deny much more easily.
Wonder if they're suprised at the negative reaction . . .
And as for flying under the radar- all that means is more stealthy scans. Reason for more concern- not less....
[ more ] [ reply ]
If they change IP, I can change the one dropped in hosts.deny much more easily.
Wonder if they're suprised at the negative reaction . . .
And as for flying under the radar- all that means is more stealthy scans. Reason for more concern- not less....
[ more ] [ reply ]
They ARE scanning .GOV
2000-07-07
Anonymous (2 replies)
Anonymous (2 replies)
I just looked at my logs and I see a lot of portscan activity the last three days from the netblock controlled by Exodous Communications Inc (64.41.207.50).
...
[ more ] [ reply ]
...
[ more ] [ reply ]
They ARE scanning .GOV
2000-07-07
Anonymous
|I just looked at my logs and I see a lot of portscan |activity the last three days from the netblock controlled |by Exodous Communications Inc (64.41.207.50).
Interesting to note, that now that this one source for pings and tracerouts from inside the Exodous adderss space, they will be the fir...
[ more ] [ reply ]
Anonymous
|I just looked at my logs and I see a lot of portscan |activity the last three days from the netblock controlled |by Exodous Communications Inc (64.41.207.50).
Interesting to note, that now that this one source for pings and tracerouts from inside the Exodous adderss space, they will be the fir...
[ more ] [ reply ]
Re: scanning activity from within Exodus net blocks
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
If you are logging questionable activity which is originating from within an Exodus netblock -- odds are some Exodus customer has system which is now owned by a script kiddie.
If you happen to be an Exodus Customer, then the best thing to do is to e-mail your customer service contact report the o...
[ more ] [ reply ]
If you happen to be an Exodus Customer, then the best thing to do is to e-mail your customer service contact report the o...
[ more ] [ reply ]
If Exodus is allowing/supporting this, why not block them as well?
2000-07-07
Anonymous (2 replies)
Anonymous (2 replies)
I don't know, when people's mail relays are intentionally or unintentionally
allowing others to abuse them to spam or otherwise send out objectionable material, in this case, it is the triggering of security systems on sites being scanned, why can't Quova and/or Exodus's network be
rejected by oth...
[ more ] [ reply ]
allowing others to abuse them to spam or otherwise send out objectionable material, in this case, it is the triggering of security systems on sites being scanned, why can't Quova and/or Exodus's network be
rejected by oth...
[ more ] [ reply ]
If Exodus is allowing/supporting this, why not block them as well?
2000-07-08
Anonymous
Anonymous
Well, I'd support a blacklist/blocking type effort. But, you are really rather paranoid if you think that every ping/traceroute/portscan is coming from someone who is trying to break into your system. Not to say that some aren't, but to state that "port scanner = criminal" isn't doing anyone any fav...
[ more ] [ reply ]
[ more ] [ reply ]
If Exodus is allowing/supporting this, why not block them as well?
2000-07-08
Anonymous (1 replies)
Anonymous (1 replies)
First off, if your network is so precious that one isn't allowed to send ICMP echo requests, or traceroute to it, let me be the first to say get it off the fsckin' Internet.
Secondly, your analogies totally suck as you blow things out of proportion, a knock on your front door shouldn't set off a...
[ more ] [ reply ]
Secondly, your analogies totally suck as you blow things out of proportion, a knock on your front door shouldn't set off a...
[ more ] [ reply ]
Acceptable network scanning?
2000-07-07
Anonymous (3 replies)
Anonymous (3 replies)
What's the consensus on what constitutes acceptable network scanning? Is it OK to ping
and traceroute publicly available stuff, like web servers? Should you just try not to go
behind a firewall?...
[ more ] [ reply ]
and traceroute publicly available stuff, like web servers? Should you just try not to go
behind a firewall?...
[ more ] [ reply ]
Acceptable network scanning?
2000-07-08
Anonymous
Anonymous
I could care less if someone pings/traceroutes my systems. Repeated queries and/or portscans would make me curious though... Anything beyond that and I'd have to take some sort of action... from blocking/blacklisting to placing some sort of official complaint.
So, pinging a handful of systems is ...
[ more ] [ reply ]
So, pinging a handful of systems is ...
[ more ] [ reply ]
Acceptable network scanning?
2000-07-15
Anonymous
Anonymous
Is there any significant difference between the available telephone directories sorted by name and by address and using the available internet tools to obtain the same (or equivalent) information. Can be for business purposes, even though we may find them annoying. No one loves telemarketers but t...
[ more ] [ reply ]
[ more ] [ reply ]
What can they really learn?
2000-07-07
Anonymous (4 replies)
Anonymous (4 replies)
I'm not really sure what sort of psychographic information they can get by pinging my DSL line.
Certainly they can relate it to my domain name (i.e. me as administrative contact.) But not everyone will have their own domainname.
What else is there?...
[ more ] [ reply ]
Certainly they can relate it to my domain name (i.e. me as administrative contact.) But not everyone will have their own domainname.
What else is there?...
[ more ] [ reply ]
What can they really learn?
2000-07-08
Anonymous (1 replies)
Anonymous (1 replies)
Gather some logs from retail web sites, and I'm sure you could end up profiling an IP address, and if you ever filled out a form on those sites, and the company is willing to sell that information? Well, they might just be compiling an extensive database with all the information their patent says t...
[ more ] [ reply ]
[ more ] [ reply ]
What can they really learn?
2000-07-08
Anonymous
Anonymous
Would it be possible to actually get a network map through the traceroutes? If they could create an accurate map of the hardware, and it's location geographically, it could be possible to identify possible points to target to maximize disruptive effect globally. By targeting key routers, or by setin...
[ more ] [ reply ]
[ more ] [ reply ]
They can learn a LOT if they want to probe
2000-07-08
Anonymous (3 replies)
Anonymous (3 replies)
Please visit this Steve Gibson's Shields Up site (he wrote SpinRite disk low level formatter software). That is:
https://grc.com/x/ne.dll?bh0bkyd2
That site will help you test for vulnerabilities and see the things that hackers can collect, especially if you are not behind a GOOD firewall.
...
[ more ] [ reply ]
https://grc.com/x/ne.dll?bh0bkyd2
That site will help you test for vulnerabilities and see the things that hackers can collect, especially if you are not behind a GOOD firewall.
...
[ more ] [ reply ]
Permission for everything? :)
2000-07-07
Anonymous
Anonymous
Hey, they do nothing harmful.
It is similar to probing different domain names in browser,
but no one will complain in case of web site access, so why
they complain on ping?
Internet is _public_, at least it means that every host that
is connected to Internet mist accept the fact that other
...
[ more ] [ reply ]
It is similar to probing different domain names in browser,
but no one will complain in case of web site access, so why
they complain on ping?
Internet is _public_, at least it means that every host that
is connected to Internet mist accept the fact that other
...
[ more ] [ reply ]
It won't do them any good anyway
2000-07-08
Anonymous (1 replies)
Anonymous (1 replies)
They are finding hosts with PING and then doing a TRACEROUTE to find the Internet path from their headquarters to the host.
Well, this information could ONLY be useful to them, as their results are dependent upon how their BGP peering to Exodus is set-up and how Exodus peers upstream to Mae East ...
[ more ] [ reply ]
Well, this information could ONLY be useful to them, as their results are dependent upon how their BGP peering to Exodus is set-up and how Exodus peers upstream to Mae East ...
[ more ] [ reply ]
It won't do them any good anyway
2000-07-09
Anonymous
Anonymous
Actually, they can develop a relational database that can be valuable for many uses and users. Using the techniques they are evidently using, they can walk through the data with an intelligent algorithm and map out a "who is talking to who and under what circumstances" database.
With this kind of...
[ more ] [ reply ]
With this kind of...
[ more ] [ reply ]
Simple
2000-07-08
Anonymous
Anonymous
If you are that concerned about this, then just set up your packet filters and access-lists to deny ICMP echo requests (type 8) coming from any source external to your network That way you can still use ping to debug your own network, while blocking attempts from script-kiddies or "stealth" compani...
[ more ] [ reply ]
[ more ] [ reply ]
QUOVA
2000-07-08
Anonymous (1 replies)
Anonymous (1 replies)
Ignorance is bliss, no?
2000-07-10
Anonymous (1 replies)
Anonymous (1 replies)
CIA's charter is such that it's not allowed to "spy" on US citizens. NSA maybe, FBI possibly, but not CIA. You've been watching too many movies....
[ more ] [ reply ]
[ more ] [ reply ]
Scanned In Seattle
2000-07-08
Anonymous (1 replies)
Anonymous (1 replies)
On June 26th, in Seattle, the firewall on my home computer began ?jumping? when over three dozen scans were made in less than 30 minutes from the same address: 64.14.129.105. Fearing a hack attempt, I did a trace and it produced the results below. The scans were coming from downtown Seattle. I first...
[ more ] [ reply ]
[ more ] [ reply ]
What possible explanation...
2000-07-10
Anonymous (1 replies)
Anonymous (1 replies)
What could they possibly have said to make you believe that it was "okay" for this mail server to be scanning you?! I've have been looking for wire cutters!...
[ more ] [ reply ]
[ more ] [ reply ]
What possible explanation...
2000-07-13
Anonymous
Anonymous
From ?Scanned In Seattle: If you really want to know the reason I accepted Mr. Scattergood?s story, as such, it was because I took him at his word as far as his explanation went and because of ignorance on my part, not stupidity. I am just beginning to learn about computers at 47 years of age. Up un...
[ more ] [ reply ]
[ more ] [ reply ]
here is what they can find out
2000-07-09
Anonymous (2 replies)
Anonymous (2 replies)
Readers of this site should recall that the net started as a military service network. Issues of security and surveillance were fundamental to its construction. Since the net went public the ability to trace the source of traffic has been compromised. So has the ability to crack such traffic with t...
[ more ] [ reply ]
[ more ] [ reply ]
here is what they can find out
2000-07-11
Anonymous
Anonymous
Ping and traceroute information can be used to make maps that might not make sense for most here now, but little by little a lot of seemingly useless data could become a mayor data base used for traffic analysis.
Patter recognition could help identify and/or suppress data traffic for military a...
[ more ] [ reply ]
Patter recognition could help identify and/or suppress data traffic for military a...
[ more ] [ reply ]
Slashdot Reported Range.....BS?
2000-07-09
Anonymous
Anonymous
208.36.0.1 -- and others, show a trace going to flycast.com, which to my knowledge is a ad-banner serving network that doesn't (hopefully or Quova are just spammers) have any relation to Quova.com ... WTF?
The other IP range in all cases show Quova at the end, but of course, all are "unreachable"...
[ more ] [ reply ]
The other IP range in all cases show Quova at the end, but of course, all are "unreachable"...
[ more ] [ reply ]
Quote the range of IPs
2000-07-09
Anonymous (1 replies)
Anonymous (1 replies)
NS1.QUOVA.COM does respond to axfr requests but the UU.NET NS does, here it is:
; <<>> DiG 8.2 <<>> @AUTH50.NS.UU.NET quova.com axfr
; (1 server found)
$ORIGIN quova.com.
@ 1D IN SOA ns1 hostmaster (
2000062901 ; seri...
[ more ] [ reply ]
; <<>> DiG 8.2 <<>> @AUTH50.NS.UU.NET quova.com axfr
; (1 server found)
$ORIGIN quova.com.
@ 1D IN SOA ns1 hostmaster (
2000062901 ; seri...
[ more ] [ reply ]
Stop it!
2000-07-10
Anonymous (1 replies)
Anonymous (1 replies)
Oh come on guys. a couple of pings will do no harm. And if your IDS pages you at 3:00 AM because of pings and traceroutes... BAD BAD sys admin!...
[ more ] [ reply ]
[ more ] [ reply ]
Stop it!
2000-07-10
Anonymous
Anonymous
I would be very dissappointed if my IDS didn't page me at 3 AM because someone just pinged a client's entire address range. Individually, they pose not threat (save ping floods), but COLLECTIVELY they paint an interesting picture. I think that is one of the big misunderstanding here.
Now I don'...
[ more ] [ reply ]
Now I don'...
[ more ] [ reply ]
With stealth like this, who needs cannons?
2000-07-10
Anonymous
Anonymous
The big question nobody's asked yet is: If they're operating in "stealth" mode, why is so much of the Internet up in arms at their network scans? And if this is stealth, how noisy is the alternative?
Just as disturbing is that this company keeps its product hush-hush. It seems to me that if you'r...
[ more ] [ reply ]
Just as disturbing is that this company keeps its product hush-hush. It seems to me that if you'r...
[ more ] [ reply ]
DNS scans as well?
2000-07-10
Anonymous
Anonymous
Since a month or so I have scans on 53/TCP at least 6 times a day.
They look like coming from the IPs discussed. Originating
from 12 (!) different IPs, they all are inside exodus´ netblock, some
are inside the ranges mentioned above.
Whats up there?
I´d really like to see these guys watching ...
[ more ] [ reply ]
They look like coming from the IPs discussed. Originating
from 12 (!) different IPs, they all are inside exodus´ netblock, some
are inside the ranges mentioned above.
Whats up there?
I´d really like to see these guys watching ...
[ more ] [ reply ]
Why Does It Matter.....
2000-07-10
Anonymous
Anonymous
I am not sure what the big deal is. If they are trying to develop a tool that would allow them to do ping and traceroutes (among other things) they are doing a very poor job. I am sure if this was the case it would have been tested throughly on an internal network before they tried it on "the net"...
[ more ] [ reply ]
[ more ] [ reply ]
who cares ?
2000-07-10
Anonymous (1 replies)
Anonymous (1 replies)
as long as it doesn't use a lot of bandwidth... a ping is harmless. if they can earn some money why not ?...
[ more ] [ reply ]
[ more ] [ reply ]
This is the same as a person knocking at your front door, Nothing illegal here.
2000-07-11
Jeff Deitz <jeffd (at) vsp (dot) com [email concealed]> (3 replies)
Jeff Deitz <jeffd (at) vsp (dot) com [email concealed]> (3 replies)
Welcome to the world of the Internet. There is nothing illegal about someone knocking at your front door, which is what they are doing....
[ more ] [ reply ]
[ more ] [ reply ]
This is the same as a person knocking at your front door, Nothing illegal here.
2000-07-11
Anonymous
Anonymous
Yes, while it may be annoying, it's not illegal. It's the part about "we want to take it to a point where we can do this and nobody'll even notice" that bothers me and makes me want to applaud at the same time. It's just like all the other network security tools out there, BO, for example: a grea...
[ more ] [ reply ]
[ more ] [ reply ]
>knocking at your front door
2000-07-11
Anonymous (1 replies)
Anonymous (1 replies)
Yeah -- but if someone keeps knocking at my door, I'm either calling the cops or taking matters into my own hands.
Illegal, no.
Irritating, absolutely!
...
[ more ] [ reply ]
Illegal, no.
Irritating, absolutely!
...
[ more ] [ reply ]
>knocking at your front door
2000-07-11
Anonymous
Anonymous
If you have a New York City company, you may even have drunks urinating on your external walls. It's a dirty world on the Internet. If your door is locked, and someone finds that it exists, that's part of the real world. If you are going to do business in the real world, pay for good locks. If someo...
[ more ] [ reply ]
[ more ] [ reply ]
This is the same as a person knocking at your front door, Nothing illegal here.
2000-07-11
Anonymous (2 replies)
Anonymous (2 replies)
Well, unfortunately most people are not knocking on your door - they are jiggling your door handle. Now tell me there is no difference. And tell me a way to determine one from the other. And by all means, tell me that there is some legitimate reason why someone should be jiggling all the door kno...
[ more ] [ reply ]
[ more ] [ reply ]
Jiggling the handle
2000-07-12
Anonymous
Anonymous
I agree completely!
The point is not that a person is knocking on your door, but doing it to the entire neighborhood; and there's no really good way to tell a knock from a guy with a lock pick. The knock may not be enough (and probably shouldn't be) to set off an IDS, but doing so to every system o...
[ more ] [ reply ]
The point is not that a person is knocking on your door, but doing it to the entire neighborhood; and there's no really good way to tell a knock from a guy with a lock pick. The knock may not be enough (and probably shouldn't be) to set off an IDS, but doing so to every system o...
[ more ] [ reply ]
This is the same as a person knocking at your front door, Nothing illegal here.
2000-07-13
Anonymous
Anonymous
and if you're not home when they knock they can come back and steal whatever they want? No thanks! It would be in everyone's best interest to put a stop to this now by blocking the ip scanning, and if it continues, blocking the whole subnet... that's what we'll do, and if someone asks why they can't...
[ more ] [ reply ]
[ more ] [ reply ]
time domain reflectometer
2000-07-11
Anonymous (2 replies)
Anonymous (2 replies)
a tdr is used to measure cable length electronically, by using ping and traceroute they know the time and the route taken to your box. using several different locations to do this they can locate your box geographically. since each nic has it's own unique mac address they can prove it was that box...
[ more ] [ reply ]
[ more ] [ reply ]
time domain reflectometer
2000-07-11
Anonymous (1 replies)
Anonymous (1 replies)
So, how exactly do you suppose they are getting somone's MAC address? Od did you pull that one right out of the old arse?
I thought we were talking about echo request and traceroute... last I checked there wasn't an ICMP MAC request packet in the RFCs -- someone clue me in if I am wrong!!!...
[ more ] [ reply ]
I thought we were talking about echo request and traceroute... last I checked there wasn't an ICMP MAC request packet in the RFCs -- someone clue me in if I am wrong!!!...
[ more ] [ reply ]
Quova/Exodus.net/Conducent/Timesink
2000-07-12
Anonymous
Anonymous
It's interesting that Exodus.net also has Conducent as a customer. On cable and dsl connections Conducent's software strips data from pc's and sends it to conducent before your desktop is even loaded. And contrary to verbal and emailed statements by Conducent and Exodus that a detailed explanation o...
[ more ] [ reply ]
[ more ] [ reply ]
The nefarious plot...
2000-07-12
Anonymous
Anonymous
Has it occured to anyone that this may all be a ruse?
As has been pointed out, there is only a limited utility in using the stock traceroute and ping utilities to gather information. Ping will let you know whether something's 'up' and traceroute will show you the route through the void from the ...
[ more ] [ reply ]
As has been pointed out, there is only a limited utility in using the stock traceroute and ping utilities to gather information. Ping will let you know whether something's 'up' and traceroute will show you the route through the void from the ...
[ more ] [ reply ]
Exodus Port Probes/DoD too???
2000-07-15
Anonymous
Anonymous
Seems like every time I visit Fox News, my firewall (ZoneAlarm) starts reporting repeated attempts to access my system from Exodus. Just a few minutes ago, I logged 52 attempts to various ports from Exodus. What I wonder about, though, is one attempt from 216.33.41.172, which appears to be the DoD...
[ more ] [ reply ]
[ more ] [ reply ]
Whatever. The annoying thing was the lack of identification when the probes come in - no whois contact info, just buried in a large Exodus net block.
...
[ more ] [ reply ]