Slashdot Mirror
US Government Checking Up On Vista Users?
Paris The Pirate writes "This article at Whitedust displays some very interesting logs from Vista showing connections to the DoD Information Networking Center, United Nations Development program and the Halliburton Company; for no reason other than the machine was running Vista. From the article 'After running Vista for only a few days — with a complete love for the new platform the first sign of trouble erupted. I began noticing latency on my home network connection — so I booted my port sniffing software and networking tools to see what was happening. What I found was foundation shaking. The two images below show graphical depictions of what has and IS trying to connect to my computer even in an idle state'."
I swear this place is becoming more and more like Digg everyday. I'm no longer renewing my Slashdot subscription while I can get this same quality news for free elsewhere. Where do I start?
::yawn::
1.The screenshots clearly show WinXP, not Vista. In fact, this guy's ultra-leet "port sniffing software and networking tools" is PeerGuardian 2. Straight from the product's home page: Note: PeerGuardian 2 does not support Windows Vista at the moment. This is a top priority, and we hope to have a Vista download soon.
2. Lame screen shots from some Windows app isn't enough to validate a conspiracy theory. Where's the complete traffic dump? And not from some random guy and his "fanboy" friend; how about a creditable network security organization? Hell, I'd even settle for an intern with his CCNA.
3. Hard to tell because all we have are screen shots, but it looks like nothing more than port scans.
(Guess is this is what I get for spending a beautiful Sunday afternoon indoors, on my computer).
Entrepreneur : (noun), French for "unemployed"
The DOD NIC runs one of the DNS root servers. Yes, that's right... his DNS requests are sometimes going to the Department of Defense! Burn the government down.
This looks like a typical log from a torrent-sharing user. It's not even a Vista screen cap.
PeerGuardian does NOT qualify as port-sniffing software. I was expecting to see Ethereal logs or something. I ran PG for about 10 minutes, decided it was insane and uninstalled it.
Either M$ is the dumbest company on earth, or this is a scam article. I would assume that if M$ was in fact monitoring users, which I think is quite possible, then all of the information would go back to Redmond and then distributed to the appropriate groups. At least this way they have plausible deniability....
Also, "Halliburton"? Give me a break.... First, what type of tool is going to return a text output so blunt... Not is not "HA-39214", but instead is just "Haliburton" the evil company.... Also, I am certainly not a fan of the company and its former involvement with the vice president which just smells bad to begin with, but what in the world would a military contracting company that fufills soft drinks, food, oil, and other supplies to military groups want to monitor computers... This is just unrealistic...
This looks suspect, as it has been noted before. And it may very well be FUD. However, given that the instructions appear to be laid out, why doesn't someone see if they can replicate this to verify or debunk this with some authority?
I'd do it myself, but I don't have Vista.
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
Yawn. 1/10 for FUD. Slashdot FUD: "...showing connections to..." Source: "...trying to connect to..." Nice faulty translation there. Tons of system try to connect to every other system on the Internet; bad guys, good guys and just curious guys. Also from the source: "...my computer even in an idle state..." The processes active on a target system is not indicative of what other systems are trying to do in most cases. Plz may I'z haves moore FUD. K thx.
this is just normal scans that everyone gets all the time. nothing to do with having vista installed.
If that computer has, and I assume it has cause you're running PeerGuardian, it's likely that your IP is in a host cache or tracker somewhere. As for the DoJ it could be some guy on a break using P2P. A connection attempt alone means nothing.
Which when you think of it, makes complete sense, because the Internet was invented for and by the military.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
becoming more and more a Fox Mulder wanna be.... Everything is a conspiracy... The MAN is out to get us... Oooohhh.... Spooky Mulder where are you....
Please... Can we cut back on the Slashdot Conspiracy Theories....
Posting anonymously for obvious reasons...
I work in one of the extraterrestial government agencies not in question, and I can confirm that we have been doing this. To be fair to United States government, they had no choice to let us in. It's been going on for years now. Right here, directly out of our own network, so that any retard with a freeware tcpdump/traceroute frontend can see exactly what they're up to.
PS: this isn't real.
Isn't this inbound stuff? Isn't this the same crap that ZoneAlarm blocks for me constantly?
I wondered why Vista defaulted to that Black Helicopter screensaver. I guess we know why now.
More reason I'm glad I'm running 2003 server that the nice man from the NSA helped me harden.
So he installed Vista, plus his warez, and now he's seeing suspicious network connections? Get a grip.
I'd like to see a bare install of Vista (legit), with no other programs running, and connection monitoring being done on a router in between the Vista box and the internet, before I will believe this. And I say this as a die-hard Linux user who has barely touched XP.
I suffer from attention surplus disorder.
Just as over-rated. But I realized leaving your post modded higher makes more sense anyway (since you obviously weren't ust trying to be a prick and this why the whole conversations is easy to read).
As you'll see in one of the follow-up posts to this parent the software is being run on a second systems (since as you point out Vista isn't supported the listener is XP).
As to the credibility of the rest of the story I suppose that's up for grabs. Or rather reproducibility. Sniffing software is easy enough to install/use. Maybe the poster of the original story is being watched via a government trojan. Maybe there is a backdoor for the government to use to monitor potential criminal. I imagine if ALL Vista systems phoned home like this they'd be drown in data so it's either addition software, activated existing feature or hoax/fluke.
Quack, quack.
Looks like the guy had to boot into XP to use that software he wanted to use. Ever hear of dual boot, sparky? Maybe YOU are too quick to be "leet" and showoff your complete lack of reasoning skills. +5, what a joke, anyone who modded your post up is a 'tard and can't think past ONE step.
indeed. When I was running Peer Gaurdian, I got DOD requests all the time in XP. This is a non-story
Don't trust a bull's horn, a doberman's tooth, a runaway horse or me.
Like that ScuttMoney was taking bribes from that * * Beatles guy for posting stories (and notice how that stopped not that he doesn't get a PR boost for those links...).
Anyway, I think Zonk is just auditioning for Coast to Coast AM since Art Bell decided to retire again.
Just sayin'.
I guess all those computers are botnets (check out the other connections, DoD is only one among a whole bunch of seemingly random international sites including a couple universities from Brazil and China) trying to get more bots using security holes and trying if they have yet been patched on random IPs.
/. pick up its editors?
Because those are trying to connect TO his computer from the outside, not the other way around.
What a load of bullcrap. Where does
Burn the government down.
Got a match?
What?
Getting worse every day!
They're certainly enough to get you sued, and thereafter spending upwards of $100K in legal defense against the RIAA.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Basically no one I know uses Vista (after they tried it).
Microsoft is so upset by this that their market department invented this FUD so all geeks around the world try this to prove it! Nice scam!!!
Thank god my home computers are all Macs! No Microsoft-related issues or problems to worry about.
Those are some very strong allegations. I can't understand why /. soiled its pages with this. The guy didn't even try other machines and other operating systems. No statistics at all. This is the worst 'article' I've seen so far on /., and I have seen some really bad stuff here already. Indeed, as one poster said, /. is becoming more and more like Digg. And that is NOT a compliment, Taco at al.!
-- Cheers!
It's goddamn Windows. Even if this was something to get excited about, Windows users get what they deserve, especially if they're p2p'ing warez like the source of this dodgy "article" was doing.
Set up a pristine Vista machine. Put a box inline with it and run Snort. Post the logs in some sort of reasonable format. Then we might have something to talk about. But this? What can I say, besides "bullshit"? The origin of this may as well be ranting about Ceiling Cat.
--
BMO
Halliburton?
He's really grasping, isn't he.
Until I saw the bit about the "Halliburton Company" in the summary. Are these nutjubs now required to mention it in every one of their hackneyed theories?
The worst part about stories like these is that it obscures what the government is really doing to invade our privacy.
How about some editorial control, Slashdot?
Article buried for lack of journalistic standards.
Okay, so maybe the US government and Halliburton are checking up on Vista users, but that's benign compared to the folks after us FreeBSD users. I whois'ed some of my port scan logs and found McGraw Hill, The Washington Post, the BBC, and Ikea. Now that is one terrifying conspiracy. Eisenhower was right when he warned us of the dangers of the media-Swedish furniture complex.
Seriously, though. Worms and botnets are endemic and every organization has boxes probing the internet without their knowledge. Doesn't mean they're out to get you.
I always hated people who would whine about Slashdot story selection, but come on, editors, use a little discretion. You're just helping spread paranoid stupidity.
Don't be sillly. The RIAA will sue you with much less evidence than a screenshot.
With the fairly recent uproar that occurred with the numerous accounts of illegal wire tapping by part of the Bush administration, why, oh why, would anyone discard this as some sort of sham?
Now, I'm not agreeing that the proof is 100% credible, and I'm not completely disregarding the fact that this might really be a sham, but the previous experiences the US has had with any sort of monitoring on the peoples should be enough to regard this with high suspicion.
Monitoring through the internet isn't difficult. You don't need to be a Government agency with vast resources at your disposal. All you need is a terminal, and knowledge. I think the Government has plenty of both. Most people with internet connections don't know how to check the connections going into their computer. They don't know how to "port sniff". This makes for millions upon millions of victims to such an invasion of privacy.
I strongly believe this should be taken more seriously than it is at the moment. If wire tapping is illegal, and is treated with such priority, then I think this should be handled the same way. We have nothing to lose by assuming this is legitimate, and we have so much more to gain by going directly to the facts, by means of thorough investigation. This shouldn't be taken lightly.
PG2 blocks both incoming and outgoing connections to blacklisted IP addresses.
Granted, we don't know which particular software is requesting the connections, although from a quick glance at the screenshots, it appears that the connections are indeed incoming requests.
Color me skeptical.
That's as may be, but a default OS installation should have no reason to talk to any of the root servers. Only a machine RUNNING a DNS server should have any reason to communicate with root servers.
Jherico
What can the average user can do to ensure his security? "Nothing, you're screwed"
I suggest a separate machine.
The only thing new in this world is the history that you don't know.[Harry Truman]
That's as may be, but a default OS installation should have no reason to talk to any of the root servers. He may run a non-standard install or even a DNS server... BIND will run on anything.
Is it possible that this box was taken over by a hacker and is trying to attack DoD addresses? As opposed to some alleged "phone home" behavior that Vista is showing?
Not since Superman died.
Ba-dump!
"Flyin' in just a sweet place,
Never been known to fail..."
fta "We're talking about a Microsoft upgrade that almost rivals the audio development quality seen on Mac DAW's for years - but with none of the proprietary hardware BS that is forged into the Mac world."
I'd like to see a list of these so called "proprietary" mac parts.
I don't see any connections on the new vista machine. I'm watching the packets go through the router. Read that headline and was about to go uninstall. Glad I checked to confirm first.
Life is Grand!
We'rE In uR Ip'S, SteaLiN' Ur GovAminTS!
"Flyin' in just a sweet place,
Never been known to fail..."
This article isn't any more or less plausible than any other article on slashdot, however there are many angry and negative reactions towards it. It's entirely possible, probable infact that the people trying to "Digg it down" are plants by the government or the type who easily chime in with government plants.
Think about it, the person is just asking a question and is showing what they did, screenshots and all. It requires more investigation and it's important for someone to do it, but it's not the writer's responsibility. They are simply sharing some very disturbing news.
Our government does use undercover people to sway public opinion and paranoia bashing is one of their effective methods. They know that the target audience fears looking like some sort of off-the-rocker loonies and would rather not voice or investigate their suspicions in order to save face. It works.
Don't give into conformity people, think! THINK!!
Great plan genius- now we have to find someone who bought Vista! :)
.edu's. Many of the people being watched are on educational visa's. Having ties to some of these schools may be a red flag. It's not Vista, but the remote software that may be to blame. Having active connections to schools in several contries may have raised intrest. See the logs in the screenshots.
Never trust a compromised box to tell the truth. Wake me when he has router logs instead of Vista logs or worse XP logs of a Vista monitor. Many routers will send connection logs to a 3rd machine. This way you don't have to trust the machine under test. Simply log it's traffic as it passes an external router. Now you have evidence of real traffic.
I was skeptical of the original setup. Was it Vista. The author claimed "idle" while running remote desktop software. That's hardly idle to me. What if it isn't Vista, but something like a back door into some communications package such as remote desktop?
The Department of Homeland Security may have in intrest in remote connections, especialy if they cross into hostile territories. Someting could have flagged this connection as something they wanted to watch for some reason. Maybe it's the connections to all the overseas
The truth shall set you free!
Especially if the machine is resolving to 192.168.0.1 on his internal network. Looks like the XP box is set up as a router (ICS maybe?) and probably a DNS server as well for his internal network (Smoothwall or a similar flavor of firewall software would be a lot cheaper alternative than WinXP..imo)
You're messin' with my Zen Thing, man.....
The screenshots conveniently leave out the destination ports. With out that information and without knowing what programs the user had installed or running, the entire article is a waste of time. We have no idea if the traffic is associated with a program he's running or if it's something else. He's concerned about connections that appear to originate from the U.S. Government, but isn't phased by the connections appearing to come from China. Oh noes!?! China has a backdoor in Vista!!
My guess is that he's running some P2P software. Guess what? The U.S. Government does get 0w3nD and does have problems with viruses, trojans, and P2P software.
Nothing to see here. Move along....
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
Okay, this has got to one of the most pointless slashdot stories ever.
One, he is sniffing with a crappy piece of software that is barely a sniffer. Secondly, unless he has that XP system he claims is a Vista system, monitoring a HUB, not a switch, that the Vista machine's traffic has to go thru, he isn't sniffing anything relevant. Last, this is pointless paranoia.
You want to see more of your "government conspiracy traffic?" Find someone at an ISP to help you, as you will need a piece of public IP address space. Route it to someplace where you can monitor all the traffic destined to it, and plug nothing into that segment of your network. It just has to exist, and be publicly accessible. It goes nowhere, has no devices in it, it just exists. Then turn your sniffer on, and watch the botnet traffic fly by. Yeah, you will see attacks coming from everywhere, nowhere to go, and still they scan like crazy. And yes, you will see it come from DoD address space too, heaven for-fucking-bid.
Oh, and when do your sniffing, use a real sniffing tool. Then you can tell us what kind attacks the scary US government is mounting against its most paranoid citizens.
--Nuintari
slashdot : where an opinion can be wrong.
Indeed. That's why one of the other DNS TLD root servers sits in Al Gore's basement...
http://zapatopi.net/mindguard/
Why does Zonk continually post such uninformed articles?
It's pretty trivial to spoof a source ip. Just ask the folks at DenyHosts. If the attacker could care less about return packets and simply wants to create a lot of traffic (DoS) count on it. You really have to be careful with the data that's returned from tools like this. A lot of times it's useless. He should have scrubbed his IP from the screenshots too, poor bastard. This article would be perfect Diggchow except he never mentioned Apple in the article. Oh well.
boycott slashdot February 10th - 17th check out: altSlashdot.org
His machine has been compromised and is being used to more on to other locations on the network. Wipe, reinstall, patch and hope to avoid zero-days. Nothing to see here.
Bark less. Wag more.
Who modded this dweeb insightful.
Metamoderators please spank these mods.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Indeed. That's why one of the other DNS TLD root servers sits in Al Gore's basement...
Fully secure from the depradations of ManBearPig. Do you have any idea of the potential ramifications if ManBearPig got ahold of a DNS TLD root server? It'd be really, really bad. I'm cereal.
... computers keep YOU in an idle state.
Have gnu, will travel.
..."Hrm, sure seems like the whole Prodigy STAGE.DAT dust-up".
As it turns out, I was wrong - it's even more innocuous than that.
Yes, NSA has a way to break into Windows Vista (and probably any other version of Windows) since they were allowed by Microsoft to try (and supposedly report their results to Microsoft - which of course they didn't entirely.)
However, this story makes little sense as it stands. Until somebody sets up a proper test, there's nothing to see here.
And if people like the NSA, Halliburton and DOHS were scanning everybody's PC, they damn sure wouldn't be allowing a traceback to their own IP addresses assigned to them. Unless, of course, they wanted you to know Big Brother was watching. And Halliburton, despite being in bed with Big Brother, obviously wouldn't want that - they'd get sued blind by somebody.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Since Windows XP, info from your XP computer is sent out to Microsoft.com - I don't have it, so I can't report much about it, but with a decent firewall installed, many software packages "call home", repeatedly and totally without justification. One does not need to check daily for updates! Adobe on my top list.
And - with the recent court approved installing of a sniffer on a potential suspect's computer - doing non-approved sniffer installs is probably more frequent, not even considering botnets.
It furthers an atmosphere of fear, is not empowering and in short - sucks!
Sure, they may be out to get us, but this is just plain garbage.
---- Booth was a patriot ----
It must be Skynet. It's unleashing The Virus on all unsecured systems on the Internet.
If VISTA were connecting to the DoD and uploading data, I would be concerned, however these connections are from infected Zombie PCs running malware and trying to infect/control other PCs. It has NOTHING to do with VISTA, but EVERYTHING to do with Microsoft and their pathetic security in Windows. A large percentage of Internet traffic after bittorrent, streaming content, and spam is zombie PCs looking for more PCs.
With PeerGuardian, you see all kinds of crap. I doubt anyone is checking up on him due to Vista. It's more likely his IP is confused for one running P2P.
I mean, hell, 38.100.26.190 (SafeNet / MediaSentry) has been DoSing me with 10 connections/second bursts for ages now because I once clicked the wrong torrent but you don't see me writing Slashdot stories over it.
I noticed this in one of the comments on his site:
"So the gov't and Haliburton have bot infected computers just like everyone else. What else is new?"
Hah! Awesome.
You ever hear of echelon? It started under FDR or Truman depending on who you believe.
The only difference is that Bush thought he could get away with admitting to doing what the last 10 or so presidents have been up to (tapping overseas calls without warrant).
The fact that this whole story has been shown to be the hyperbole up thread didn't stop you from posting a 'Blame Bush' screed. Which the moderators, being on crack, called insightful. Dweeb!
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
I actually did contract test work at Microsoft, testing a Vista component that used the network.
So I ran its networking through a seperate machine that ran ethereal, and studied the logs in great detail. I also watched for any 'privacy issues'. Basically, anytime Vista 'phones home' it's required to be by the user Opt-In, and never as a default. If you didn't read the EULA/Privacy Policy, etc. and just kept hitting 'I Agree', 'Accept' and 'Next' every dialog... you might get some things you didn't expect
say you visit a HTTPS url... aside from what actually appears on the page (content + ads) you may need: the digital certificates for the signing authority, revocation lists, accurate time, to check for expiration, DNS, Sytle Sheets, DTDs... a lot of that can be cached, but at some point they may be automatically downloaded.
Playing a (non-DRM) song?, you may get the album information automatically.
Plus all the non-MS software 'phoning home', Adobe Acrobat reader, Quicktime Updater, HP printer drivers, anti-virus updates, *Peer Guardian blocklist updates*
As for the incoming connections mentioned in the article, it seems well within Homeland Securities domain to scan for botnet and such infected machines, in order to defend against DOS attacks on critical infrastructure (like root DNS servers).
I once did a Google search for 'attrs' using Firefox on a Linux box. What popped up was a box asking me to accept a Department of Defense digital signature, served from a DOD server.
why? Google had suggested I was looking for 'atrrs' which was a DOD term, and Firefox tried to pre-load the first result, which was a DOD run website, which popped up the certificate from a site I did not intend to visit! If there is a conspiracy, then Google, Mozilla, and Slackware are in on it.
Are there hidden things which the US government or others can use in Vista? Not impossible.
Should you trust Vista crypto totally, if you really have something to hide? Probably not.
Would they be as stupid as to let every computer send traffic to DOD computers? Obviously not. Even if most don't know how to monitor traffic, enough do that there would be an immediate uproar.
Possible "hidden features" would either need the system in question (secret keys....) or would be dormant. If turned on by some events, I'm sure their effects would be non-obvious too. Sending network packages to a DOD address isn't.
This story is BS.
Does anyone have the entire article? Please leave a link in this forum.
and for the person posting this news article, I think you should at least
check and see if the article is available in it's completed form.
That link to see the rest of the article is dead, or goes to something
totally different.
Sorry, but some things are worth investigating and some aren't. Here's a quick rundown:
- "Windows DRM is deleting my home movies, and here are 500 other people who've had the same problem": plausible, worth investigating
- "This suspicious Windows file is an NSA backdoor - here is the decrypted source code that makes me believe this": implausible, but still worth investigating
- "Halliburton is spying on me, and I know this because one Halliburton-related IP address appeared when I ran this tool (which was written for thieves to use to stop copyright owners seeing what they are stealing - boy do I sound honest!)": totally implausible, not worth investigating
Look, if I wanted publicity, I could post photographs of aliens probing my anus in Area 51 - would you still say that I was sharing disturbing news that it was important to investigate? Because this is the tech equivalent of that. Someone who doesn't know what he's doing misinterpreting a few irrelevant results from a tool that he doesn't know how to use, and building a huge and implausible conspiracy theory on top of that? Give me a break. Come back when at least it's the NSA spying on you, Mr Tinfoil.And, no, for the record I'm not a government plant, and nobody is paying me to write this. I'm not even American. I don't care what Halliburton does, as long as you don't invade my country and make them do it here too. I'm just a guy with a brain who knows a bullshit story when he reads it, and I don't like seeing other sensible people being accused of being government shills just because they are also capable of spotting bullshit.
I'd like to applaud the commitment and bravery of the researchers in bringing this information into the public domain.
I'm from a similar underground organization, and have been monitoring Vista for some time. Notable connections we have so far made are:
Dinosauroid-like Alien Reptiles using Vista UMPCs are dominating the World
Apollo 11 Moon Landings were faked by Vista
September 11 was orchestrated by the U. S. government using Vista and Workflow Foundation
etc.
It's pretty conclusive stuff, people.
(Conspiracies kindly provided by http://www.2spare.com/item_43133.aspx - note it's on an IIS server - don't trust it. The truth is out there!)
Not only (from what I hear) is this lame BS, the link is apparently slashdotted...
Its in a network which also has a Linux box (my regular 1.2Ghz AMD box) and my Cyrix Solaris 10 server (VIA chipset, even the CPU. Very nice PC, doesn't even use fans while its still a whooping 850Mhz which is enough for fileserver, proxyserver and webserver usage).
Now let me share with you the results of running "pfexec snoop host 10.0.0.167" (for you linux fans: this is like tcpdump, it sniffs the network) for the duration of one evening:
magi:/home/peter $ pfexec snoop host 10.0.0.167 /dev/rtls0 (promiscuous mode)
Using device
10.0.0.167 -> magi.intranet.lan TCP D=3128 S=49248 Syn Seq=2626883403 Len=0 Win=8192 Options=
magi.intranet.lan -> 10.0.0.167 TCP D=49248 S=3128 Syn Ack=2626883404 Seq=123510362 Len=0 Win=49640 Options=
10.0.0.167 -> magi.intranet.lan TCP D=3128 S=49248 Ack=123510363 Seq=2626883404 Len=0 Win=16425
10.0.0.167 -> magi.intranet.lan TCP D=3128 S=49248 Push Ack=123510363 Seq=2626883404 Len=409 Win=16425
magi.intranet.lan -> 10.0.0.167 TCP D=49248 S=3128 Ack=2626883813 Seq=123510363 Len=0 Win=49640
magi.intranet.lan -> 10.0.0.167 TCP D=49248 S=3128 Push Ack=2626883813 Seq=123510363 Len=843 Win=49640
10.0.0.167 -> magi.intranet.lan TCP D=3128 S=49248 Ack=123511206 Seq=2626883813 Len=0 Win=16214
magi.intranet.lan -> 10.0.0.167 TCP D=49248 S=3128 Fin Ack=2626883813 Seq=123511206 Len=0 Win=49640
10.0.0.167 -> magi.intranet.lan TCP D=3128 S=49248 Ack=123511207 Seq=2626883813 Len=0 Win=16214
10.0.0.167 -> magi.intranet.lan TCP D=3128 S=49248 Rst Ack=123511207 Seq=2626883813 Len=0 Win=0
The 'magi' is my main Solaris server, port 3128 is the port used by the Java webproxy. These logs were created while I was simply checking the control panel and device properties on the Vista box. The proxy server logs show this:
10.0.0.167 - - [22/Jul/2007:23:34:25 +0200] "POST http://sqm.microsoft.com/sqm/windows/sqmserver.dll HTTP/1.1" 403 0 403 0 472 472 162 353 206 261 0
10.0.0.167 - - [22/Jul/2007:23:34:25 +0200] "POST http://sqm.microsoft.com/sqm/windows/sqmserver.dll HTTP/1.1" 403 0 403 0 472 472 162 353 206 286 0
10.0.0.167 - - [22/Jul/2007:23:34:26 +0200] "POST http://sqm.microsoft.com/sqm/windows/sqmserver.dll HTTP/1.1" 403 0 403 0 472 472 162 353 206 261 0
10.0.0.167 - - [22/Jul/2007:23:34:26 +0200] "POST http://sqm.microsoft.com/sqm/windows/sqmserver.dll HTTP/1.1" 403 0 403 0 472 472 162 353 206 261 0
10.0.0.167 - - [22/Jul/2007:23:40:18 +0200] "GET http://money.service.msn.com/StockQuotes.aspx?v=1& symbols=$NL:AEX,NL:GTN,NL:JETIX,NL:KPN HTTP/1.1" 200 465 200 465 - - 409 378 449 304 0
OH NOES! Vista is trading on the stock market without me knowing, MS is stealing my money!!!
And now for the people who don't believe in fairytales: the only thing it did was polling from time to time to get recent information. My Vista's sidebar is keeping track of a few stock funds. Next to that it seems to be downloading "sqmserver.dl
Doesn't matter anyway, the NSA is already able to look at almost anything through your commercial ISP.
They probably are collecting personal data and passing it on to the government, but this sure as hell isn't how they do it...
'click stream' info is monitored to est. online behaviours as routine>= building up profiles. US gov blocked strong encryption progs, classifying them as 'munitions' to enable transparency (on their side of mirror) when they set the whole 'thing' up. This 'conspiracy' is a 'ring-fence' for the real conspiracy. The whole forest not one tree.
My farts and your breath.
"Eve of Destruction", it's not just for old hippies anymore...
Wow! Minty fresh farts. A unique individual you must be.
What?
Move along. Nothing to see here.
PS: this isn't real.
Uh huh. That's just what you want us to believe...
This guy's the limit!
Exactly. What oversight is there in the peerguardian lists and why should anyone trust them? Seems like they can call any IP range whatever they like and paranoid people will start sending stories to slashdot about how the "gubmnt is in their 'puters."
Its nice that the methlabs people keep putting out this software, but its no a drop-in replacement for real security sluething. Hell, its not even a replacement for etherreal.
Specifically, they run G. Because of the development of the Internet as on originally military project, and then subsequently adding US research institutions, it turns out there's a reasonable chance your query will go to some entity that's a part of, or beholden to, the US government. H is run by the Army Research Lab, and E is run by NASA (which is a government agency). The only roots not run by a US company, university of the US government are I, K, and M.
e fault.mspx) but stupid enough that the address it talks to is tagged as DoD. You know because the DoD couldn't quietly get a block of addresses from Cox that would show up to the world as just any other cable modem IPs.
If this guy wants to actually prove anything ro see what is going on, he needs to first find out what the address is for, and then toss a software firewall or other sniffer on the Vista box to see what process is interacting with it.
I do love the conspiracy theorists that think that someone like MS is smart and sneaky enough to build monitoring like this in, and assume it won't be found (please remember there are a lot of places with the Windows source code http://www.microsoft.com/resources/sharedsource/d
You did show up saying this was 'highly plausible' without even scanning the comments to see that is was not remotely plausible and in fact had a reasonable explanation.
But you got modded up because in no small part you were ready to blame Bush. (No surprise there, this is /.)
Having had some hours to scan up thread you still defend your stupid position. Please get a clue. As to the name calling we call 'em as we see 'em, idiot.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
That probably explains Al Gore's gargantuan electricity bill then.
The more you regulate a company, the worse its products become.
Believe it or not the USA, Germany, Japan, and France are not the leaders in this activity
a reness
... It is the new SOP for CoOp spycraft and cyberwar.
..../ wikipedia_block.html
.cn/203+202..., .mil/199+207..., .gov/216+206+69+209+82+66... ....
Old News, Two of the better know:
China Titan Rain: http://en.wikipedia.org/wiki/Titan_Rain
US DARPA TIA: http://en.wikipedia.org/wiki/Total_information_aw
EU, Russia, Arabs, Israel, UN
US ain't the only one on the block, globally they are all on pot calling the kettle black.
As I always say, "Reality is self induced hallucination." If you're a politician/idiot it ain't that FUBAR.
Wikipedia blocked the USA Congress IP address block, as to why
http://majikthise.typepad.com/majikthise_/2006/01
Maybe some folks need to be blocking some top-level domains
IOW, consider the following:
US DOD NIC: 6.0.0.0 - 7.255.255.255
US DOD NIC: 11.0.0.0 - 11.255.255.255
US DOD NIC: 21.0.0.0 - 22.255.255.255
US DOD NIC: 26.0.0.0 - 26.255.255.255
US DOD NIC: 28.0.0.0 - 30.255.255.255
US DOD NIC: 33.0.0.0 - 33.255.255.255
US DOD NIC: 55.0.0.0 - 55.255.255.255
Halliburton Company 34.0.0.0 - 34.255.255.255
Computer Sciences Corporation 20.0.0.0 - 20.255.255.255
USPS: 56.0.0.0 - 56.255.255.255
You can do your own homework:
IANA: http://www.iana.org/
ARIN: http://www.arin.net/index.shtml
!HAVEFUN!
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Instant meme, just add milk.
C|N>K
- The PG trace window shows INCOMING frames...
- Apparently the author's firewall is not blocking incoming requests...
-or-
- The trace does not show the outgoing requests...
- No evidence from the screenshot that anything is reporting back to anywhere from the author's machine...
- Further discussion without more information is a waste of time
deleting the extra space after periods so i can stay relevant, yeah.
not while everyone "knows" how much BS big brother and all that is :)
and id say its pretty safe to agree with you the NSA/ANYONE IN THE WORLD can break into windows, hell, kids using google can track down a usable exploit with shellscript in a few minutes. imagine what a well trained research team could track down over a few years, especially if they could examine the original source code :)
(Score:5, Funny Ha-ha-ha... ha... damn, that's the truth... *Insightful*)
"...they damn sure wouldn't be allowing a traceback to their own IP addresses assigned to them. "
they may have made a mistake, Seriously. Maybe some developer did in on the side?
On the internet, everything is trace-able.
The Kruger Dunning explains most post on
Comment removed based on user account deletion
And just for the record 'traceroute' has absolutely no bearing on 'tracing' someone and isnt really relevnt to findout out who or what exists at a particular address. 'whois' with an appropriate RIR would be appropriate
'traceroute' is a network troubleshooting tool, and its similarity to the word 'trace' as used in 'tracing a call' is an unfortunate accident.
Either the article, or the submitter is an idiot. Those seem to be connections TO THE computer, not as the submission implies as connections FROM THE computer to those networks.
Also, the writer of the article is a moron, since he seems to think there is a big MS Vista/US Government conspiracy going on, but appears totally unconcerned with the large number of Chinese attacks on his system.
This person needs to get a firewall so he doesn't get pwnd. If it's not already too late (which is all too likely).
The only thing missing to make this look like some hysterical Digg-esque behavior is a Ron Paul reference. Damn, now I've gone and done it!
> I swear this place is becoming more and more like Digg everyday.
Like Digg, Slashdotters vote which stories to run http://slashdot.org/firehose.pl so its a popularity thing. I've submitted some stories I thought were relevant and interesting to Slashdot's mission, but it's hard to get them run. If you don't get a lot of people voting for you quickly, you drop off. Ok: The R2D2 was borderline, but the academic study on narcissistic YouTube/MySpace isn't the sort of thing people want to hear: They'd rather hear the Tech-equivalent of Paris Hilton stories.
Takes maybe 20 minutes to submit a story to Slashdot: you need to write something postable, gather and cross-check background links, preview until it reads right and submit. Most of the time, your story won't run. That's just the way it is on a democratic news site. When you see ill-researched stuff like this get voted to the head of the queue, hmmmm....
As for this particular story, you're right: His claims are a flimsy. Doesn't tell us what he was doing, and he hasn't even resized the peer guardian window so we can see what the port numbers were. If he was running BitTorrent, that'd explain it. Haliburton is a vast corporation, and I bet there, even on ECT (Evil Company Time) some employees run BitTorrent. Does the guy really think the United Nation Development Program cares what he's running on his PC? More so some UN worker is experiencing the joys of capitalist bittorrent. The Hei Long Education network means China isn't as closed off from the world as you'd think. Maybe that would be a better story?
To claim that Vista is sending encrypted information to UNDP because UNDP is parent branch of the U.N. Informatics Division is beyond bogus. They saw the word "development" in the name and assumed it was in charge of "developing" the UN. Heck, UNDP doesn't even run most of its own servers! They are hosted with local ISPs.
I must call a New World Order Nuclear Shenanigan on the original article.
Quit! This NOT funny and should not be modded funny! It is the absolute truth!
Dude, you don't need a Slashdot subscription to get the exactly "same quality news" as a subscriber.
Sheesh!
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
Geez. The article starts by listing all the 'great' qualities of Vista; it sticks it to Mac users, and expresses how important it is to not be left behind in the evolutionary game of change, and the bullshit about how all software is 99% backwards compatibile, (which isn't even true).
Then it makes a frightening claim which even the lowest level geek would recognize as being false.
The end result? Everybody who has read this article has now blithely absorbed a first rate sales-pitch which 1)Lists 'hot' features, and 2)Hits multiple social pressure buttons known to create sales, and 3)Trades on the bullshit "Only Losers Believe in Conspiricies" saw, because a bogus Straw Man threat has been set up and knocked down. --And everybody knows that the most powerful way to get people to believe in a lie is to lead the mark by the nose to the point where they connect the dots themselves and think that it was their idea all along.
And heaven knows that NEVER could happen with the Slashdot crowd. (sic)
Slashdotters and the like are so ego-impaired that when they knock down a Straw Man, they'll congratulate themselves for weeks afterwards and would actually prefer to believe that somebody really is that dumb and that MS isn't manipulating them for all their worth. --Simply so that they can feel smart.
The sad part is that this stuff works. I bet a number of you are going to actually upgrade based on this crap. Doesn't anybody do meta-analysis at all anymore? For goodness sake, I learned the power of the word, 'Meta' , by reading Slashdot!
-FL
The chances that this is peergaurdian forging exotic sources of port scans in order to scare users into relying on their software VS. The chances that said sources would waste effort scanning a simpleton's home use windows box for vulnerable ports without masking their identity. Now taking bets! Together with the previous submission "Re: Kids think E-Mail is dead" gives me a distinct impression that Zonk is one of the simpletons himself. Who in this world cares what a child's opinion is re: email ? It is a time tested and infinitely usable communication path, regardless of a silly child's opinion. Might as well submit that most mature, rational thinkers hold that SMS is a fad, which is just as obvious an opinion as the former. Give me some news that matters! Tell me someone is forging a new SMTP implementation that will stop email and it's spam from becoming any more of a network burden. Please tell me it's happening!
I started up my peerguardian after reading this article. Within 1 minute, I had peerguardian block requests from china, mexico, and a few random companies. I am running windows xp also.
Why assume that the owners of the domains are behind this? Isn't it more likely that their computers are pwned by bot-herders and these are probes coming from botnets seeking to spread?
Paul.
You are lost in a twisty maze of little standards, all different.
In the interest of checking, a simple whois request on 34.60.236.180 does in fact come up with the Halliburton Company of Houston, TX. Similarly, a whois for 55.2.86.54 shows the US Army.
I don't know if MS is actually selling out to the US military or to Halliburton, but if the screenshots are doctored, they are, at least well researched.
Check out the whois records for 34.60.236.180 and 55.2.86.54 yourself.
If I could score you higher than 5, I would.
XML is like violence. If it doesn't solve the problem, use more.
Internet-facing applications written in an ASP.net language are called as .dlls on occasion.
l means it's sending some data to a web application on that port, and it's getting a 403 back. Pretend that it's called sqmserver.php or sqmserver.cgi if that'd help clarify it a bit.
POSTing to http://sqm.microsoft.com/sqm/windows/sqmserver.dl
I swear i had to look at the date to make sure i hadn't slept until the next april fools day.
But, to everyone who's sitting there going "oh thats crap! what is slashdot doing?" remember you have a bit of a say in that too! So dont just sit there blaming slashdot, help fix the problem...
Imagine that he disconnects his LAN from the internet. . . . and keeps getting the DoD traffic!! OMFG!! The DoD is hiding somewhere in his house! Probably with a big butcher knife or a a hook or one of those chain saws with a silencer that government assassins are now using.
Now what's he doing? No, you FOOL! Don't go into the server closet!!!
It's not offtopic, dumbass. It's orthogonal.
# nmap -sS -D 64.233.167.99,66.35.250.150,63.161.169.137 localhost
...
...
Oh crap, I'm being hacked by the whitehouse, google, AND slashdot?!
06:16:48.365581 IP www.whitehouse.gov.63143 > localhost.http: tcp 0
06:16:48.365676 IP py-in-f99.google.com.63143 > localhost.129: tcp 0
06:16:48.365708 IP slashdot.org.63143 > localhost.129: tcp 0
Snarf This.
as other posters have pointed out, Slashdot is sliding down a slippery slope here, and i'm afraid it will get even worse...
editorial quality demands quality editorial control, and Slashdot doesn't have it for a number of reasons:
1. unwillingness to spend money on professional, qualified editors
2. inability to hire qualified editors (not Slashdot's fault, but due to a bigger problem in the educational system, more specifically communications and journalism departments at the collegiate level)
3. skewed weltanschauung due to the age, reliqious, political beliefs of the editors
4. lack of journalistic integrity, objectivity, and ability on part of the current editors
5. burn-out of founding editorial contributors and controllers
- and most likely many others... but the fact remains:
SOMEONE IS ASLEEP AT THE WHEEL! WAKE THE _ _ _ _ UP!
Windows Vista: $199
Website: $10/mo
Posting half-arsed FUD and including your IP at the same time: Priceless
Screenshot -> Destination -> D'oh!
What do you expect? You KNOW why it's been posted despite being complete BS.
It makes Vista look bad so it's ok to post it without any sort of reality check.
Sorta sounds like Dan Rather...
And I agree..SlashDot is becoming more and more worthless - between 95% of the posts being comedian wannabes and the just silly ass 'news' articles, it's time to find somewhere else to read.
No, sir, I call BS on your post. If you'd ever installed Windows Server 2003, you'd know the following:
1) Firewall defaults to ON out of the box on a default install UNLESS you're installing it into an existing domain with a DC GPO that forces it to off. (read: if so, you set it up that way, stfu)
2) Machine does not allow incoming connections until you close the Manage Your Server dialog. It brings this fact to your attention no less than 3 times during the initial setup. (read: after first boot, OS configuration, server type setup, domain creation, role assignment, windows update -- unless you close the dialog without doing that, in which case, again, your fault, stfu)
3) Machine really does not want to allow incoming connections until you complete a Windows Update and does make you click OK about 3 times to enable incoming connections.
4) Did I yet mention that you have to explicitly close a dialog that says 'No Incoming Connections are allowed until you close this dialog.' before it will allow incoming connections? I wanted to make sure I mentioned that.
So, no. I've never, ever installed Windows 2003 Server and 'accidentally' had a network cable installed, only to find that within 45 seconds it was crippled, and neither have you, because it's not possible unless you personally clicked 'yes, allow incoming connections to my unpatched, non-updated machine, and hey, while you're at it, let me open firewall.cpl (or the firewall control panel applet for you non command-line users) and disable the firewall'. See, because that's what you would have had to have done to create a situation that could exhibit those results, in case you weren't aware. I am, because I've installed Windows Server 2003, and all flavors thereof, no less than 100 times.
Thanks for playing, game over.
To the darkened skies once more, and ever onward.
Anyone running vista, it's true! After a few hours of playing some games (mostly America's Army) and some brief web browsing (FAFSA information mostly), I found that there were TONS of connections going in and out of government IPs...OMGWTF!?!?!
Someone on another forum was complaining about this same thing, so I ran good ol' traceroute on the IPs.
Result: unroutable past the first or second hop.
These are obviously forgeries generated by a portscanning program using info from ARIN; the addresses don't even have to be connected to anything, they just have to belong to a scary-looking government organisation (and if they were real, they'd route over the Internet at least as far as that agency's firewall).
-lee
The reason he is getting packets from these networks could be because these networks are under attack, not the other way around. Surely someone, somewhere is dossing Haliburton and DoD servers and they are probably using phony return addresses. Maybe they list their targets and spoofed addresses and generate an attack for each or maybe they're running mulitple scripts and their random IP generator isn't the first part.
There were some studies done about the amount of collateral traffic generated by dos attacks and it turns out to be quite a bit.
The interwebs were built on a foundation of trust, which is a goodness for everyone.
Easy there fan boy.
You know, if it werent for the slashdot community, this place would be a desolate wasteland of information. I have seen so many attention grabbing headlines on here lately, with commentors giving 1k times more facts (with sources) than anything the originial content served up. Bigs ups to the community....
He's probably just using an older version of the software. Such complaints were common around here a few years ago...and if that's when your CDs date from, the problem will still exist on them.
My MS CDs date from 1995-98, and *I* sure wouldn't install them while attached to a network! (Where Debian potato, of a somewhat later vintage, would give me no qualms. But there was a time when Linux installs were also wide-open not only during installation, but until fixed by a knowledgeable user.)
I think we've pushed this "anyone can grow up to be president" thing too far.
The PX hacks you!
Your Windows Server 2003 CDs date from '95 to '98?
Man, you are 1337!
http://www.microsoft.com/technet/community/column
"Keep at least 3-6 full bottles of hard alcohol on hand, a 2 week resignation notice,..." - Poetmatt
I run torrent clients on a few OS', but it wasn't until someone recommended "peer guardian" that i checked it out, or even cared about incoming traffic related to it. I kinda freaked out at first when i started seeing gov't agencies, but since then don't care!
:P
For those who don't run windows, torrents and or peer guardian, peer guardian basically blocks incoming connections from undesired sources. It is not only for P2P purposes, but for all network connections.
With 4 main options, something like government blocks, spyware, edu's and blacklisted P2P hosts, you can block out those who would likely trace you and find out your downloading the latest movie! You can also allow or deny new hosts on a needed basis.
It's pretty good for what it does, but is a hassle to use continually. My experience with it on an XP machine is that there are a lot of sites i want that are blocked. I can't really think of any off the top of my head but, there are a lot. I think hotmail might have been one that refused to come up, while gmail had no problems
I too also get boat loads of random "blocks" of hosts trying to connect, which i know is because of torrents. When i have no torrent activity, my connection is nice and idle with nothing out of the normal. Fire up a torrent and a client and BAM, so much traffic that i don't bother logging because it is mostly unimportant and i just don't care.
Finally, in this case, it doesn't matter what OS you run, if you run certain torrents then you will get this barrage of blocked hosts with PG. So vista, xp or even BSD/Linux, will get the same traffic with the same types of torrents.
Like i told people in some forums who say "you won't get caught with this stuff," i haven't been caught without it
My abilities are only limited by my imagination
While I think there should be a lot more independent testing before making too much hay of this,
the kind of logic that states; "the evidence is too obvious to be considered evidence" is really troubling me. What happens if most of the public has this mentality? I think we can look at recent US events to figure that out.
"Why would they have an identifiable URL?" That is not a critique. There are a lot of people in prison right now, because they did some very bone-headed things. If you do a LOT of crime, you are more and more likely to be tripped up by a bone-headed move.
"How can you have a conspiracy with people involved?"
"Why does everyone talk about this, with something this big, everyone would know."
>> There is a kind of dangerous acceptance of the status quo -- as bad as the "everything is a conspiracy" big foot crowd (apologies if we do one day find Big Foot), that is unable to accept the obvious -- because the conclusion is unacceptable. Why would Haliburton be linked to by a P2P by the way? Evil company that has been found guilty of defrauding the American taxpayer of $20 Billion and moved to Dubai, involved in an effort to spy on everyone's computers? Preposterous! The mere fact that there are so many accusations of wrong-doing makes it impossible that they are guilty.
>>"ad space available -- low rates!!!"
I wish I had a mod point today, you deserve it.
The cesspool just got a check and balance.
Windows 2003 with no service pack, and the instance where I was receiving the viruses was when I was at college on Internet2 with a completely open connection.
I kept getting the sasser virus, most specifically, and had to constantly run the "shutdown -a" command in start > run or it would restart in a minute.
I promise I wasn't trolling, I was really just saying "I understand!"
...so yeah, chill man!
Computers were much more fun when you actually had to know something about computers to use them.
...why don't we set up a honey pot? I don't have the technical know-how but I'd be more than happy to help out in any way I can.
holy shit did it bring out the MS astroturfers. Educational if for no other reason than to see who's who.
o 1 Sig beneath your current threshold