Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Government Checking Up On Vista Users?

Posted by ryuzaki0 on from the security-theatre-in-your-home dept.

Paris The Pirate writes "This article at Whitedust displays some very interesting logs from Vista showing connections to the DoD Information Networking Center, United Nations Development program and the Halliburton Company; for no reason other than the machine was running Vista. From the article 'After running Vista for only a few days — with a complete love for the new platform the first sign of trouble erupted. I began noticing latency on my home network connection — so I booted my port sniffing software and networking tools to see what was happening. What I found was foundation shaking. The two images below show graphical depictions of what has and IS trying to connect to my computer even in an idle state'."

7 of 291 comments (clear)

  1. PeerGurdian is not a legitimate investigative tool by Anonymous Coward · · Score: 5, Informative

    The DOD NIC runs one of the DNS root servers. Yes, that's right... his DNS requests are sometimes going to the Department of Defense! Burn the government down.

  2. Re:I call bullshit. by avaric3 · · Score: 5, Informative

    The machine running the peer guardian is an XP machine. It is sniffing traffic on the local network and filtering out all the results that don't originate from the vista machine. He is running remote desktop from the Vista machine to the XP machine (the one running Peer Guardian). He probably did this because of the issues that software has with Vista, or possible because he feels that Vista would hide this information from programs running locally.

  3. Re:I call bullshit. by ptbarnett · · Score: 5, Informative
    Hard to tell because all we have are screen shots, but it looks like nothing more than port scans.

    Or P2P. But, the important part is that he is showing nothing more than incoming frames, and conveniently obscures the destination port(s).

    And to even get to the point where PeerGuardian (or whatever) can see the frame, it has to pass through his firewall -- presuming that he has one. And that means he either is explicitly allowing that port through or he made the connection himself.

    I wonder what Task Manager would show running?

  4. I'm confused by raftpeople · · Score: 3, Informative

    Isn't this inbound stuff? Isn't this the same crap that ZoneAlarm blocks for me constantly?

  5. Re:PeerGurdian is not a legitimate investigative t by nEoN+nOoDlE · · Score: 4, Informative

    indeed. When I was running Peer Gaurdian, I got DOD requests all the time in XP. This is a non-story

    --
    Don't trust a bull's horn, a doberman's tooth, a runaway horse or me.
  6. No, sir, it is you who is full of shit of a bull. by SyncNine · · Score: 4, Informative

    No, sir, I call BS on your post. If you'd ever installed Windows Server 2003, you'd know the following:

    1) Firewall defaults to ON out of the box on a default install UNLESS you're installing it into an existing domain with a DC GPO that forces it to off. (read: if so, you set it up that way, stfu)
    2) Machine does not allow incoming connections until you close the Manage Your Server dialog. It brings this fact to your attention no less than 3 times during the initial setup. (read: after first boot, OS configuration, server type setup, domain creation, role assignment, windows update -- unless you close the dialog without doing that, in which case, again, your fault, stfu)
    3) Machine really does not want to allow incoming connections until you complete a Windows Update and does make you click OK about 3 times to enable incoming connections.
    4) Did I yet mention that you have to explicitly close a dialog that says 'No Incoming Connections are allowed until you close this dialog.' before it will allow incoming connections? I wanted to make sure I mentioned that.

    So, no. I've never, ever installed Windows 2003 Server and 'accidentally' had a network cable installed, only to find that within 45 seconds it was crippled, and neither have you, because it's not possible unless you personally clicked 'yes, allow incoming connections to my unpatched, non-updated machine, and hey, while you're at it, let me open firewall.cpl (or the firewall control panel applet for you non command-line users) and disable the firewall'. See, because that's what you would have had to have done to create a situation that could exhibit those results, in case you weren't aware. I am, because I've installed Windows Server 2003, and all flavors thereof, no less than 100 times.

    Thanks for playing, game over.

    --
    To the darkened skies once more, and ever onward.
  7. Re:No, sir, it is you who is full of shit of a bul by bensode · · Score: 5, Informative
    Actually, Windows Server 2003 SP0 has no firewall -- you get that with SP1 or R2 versions. So tone down your pwnt rant it's obvious you have not installed all flavors thereof and the ink on your MS cert must still be wet. To be perfectly clear here, let's go to the source, Microsoft. I've pasted the important bits after the link. No need to believe me, just google "introduction of firewall Windows server 2003".

    http://www.microsoft.com/technet/community/columns /cableguy/cg1204.mspx

    Differences in Default Behavior for Windows Firewall
    Windows Server 2003 SP1 includes Windows Firewall, which works the same way as Windows Firewall in Windows XP SP2. However, because the purpose of a server computer is to accept incoming unsolicited traffic, Windows Firewall for Windows Server 2003 SP1 is disabled by default.

    The exception to this behavior is the following: for a new installation of Windows Server 2003 that already includes SP1 (known as a slipstream installation), Windows Firewall is enabled by default for the duration of the Post-Setup Security Updates, a portion of the initial setup of the server computer in which the latest security fixes are downloaded and installed from Windows Update and Automatic Updates are configured. After the Post-Setup Security Updates is complete, Windows Firewall is disabled. If you do not want the Post-Setup Security Updates, you can use the Unattend.txt file or Group Policy to configure Windows Firewall settings. The Post-Setup Security Updates does not occur if there are configured Windows Firewall settings.

    You can enable Windows Firewall on a computer running Windows Server 2003 with SP1 manually using the Windows Firewall component of Control Panel, through Group Policy settings as described in Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2, or you can use the new Security Configuration Wizard in Windows Server 2003 SP1. The Security Configuration Wizard is the recommended method to enable and configure Windows Firewall and other security settings on computers running Windows Server 2003 with SP1.
    --
    "Keep at least 3-6 full bottles of hard alcohol on hand, a 2 week resignation notice,..." - Poetmatt