Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Government Checking Up On Vista Users?

Posted by ryuzaki0 on from the security-theatre-in-your-home dept.

Paris The Pirate writes "This article at Whitedust displays some very interesting logs from Vista showing connections to the DoD Information Networking Center, United Nations Development program and the Halliburton Company; for no reason other than the machine was running Vista. From the article 'After running Vista for only a few days — with a complete love for the new platform the first sign of trouble erupted. I began noticing latency on my home network connection — so I booted my port sniffing software and networking tools to see what was happening. What I found was foundation shaking. The two images below show graphical depictions of what has and IS trying to connect to my computer even in an idle state'."

12 of 291 comments (clear)

  1. Just Vista? by orkysoft · · Score: 5, Interesting

    So he installed Vista, plus his warez, and now he's seeing suspicious network connections? Get a grip.

    I'd like to see a bare install of Vista (legit), with no other programs running, and connection monitoring being done on a router in between the Vista box and the internet, before I will believe this. And I say this as a die-hard Linux user who has barely touched XP.

    --

    I suffer from attention surplus disorder.
  2. you saw the reason, yet you didn't understand it by Anonymous Coward · · Score: 1, Interesting

    Looks like the guy had to boot into XP to use that software he wanted to use. Ever hear of dual boot, sparky? Maybe YOU are too quick to be "leet" and showoff your complete lack of reasoning skills. +5, what a joke, anyone who modded your post up is a 'tard and can't think past ONE step.

  3. You call that a conspiracy? by Nate+Eldredge · · Score: 3, Interesting

    Okay, so maybe the US government and Halliburton are checking up on Vista users, but that's benign compared to the folks after us FreeBSD users. I whois'ed some of my port scan logs and found McGraw Hill, The Washington Post, the BBC, and Ikea. Now that is one terrifying conspiracy. Eisenhower was right when he warned us of the dangers of the media-Swedish furniture complex.

    Seriously, though. Worms and botnets are endemic and every organization has boxes probing the internet without their knowledge. Doesn't mean they're out to get you.

    I always hated people who would whine about Slashdot story selection, but come on, editors, use a little discretion. You're just helping spread paranoid stupidity.

  4. Re:PeerGurdian is not a legitimate investigative t by Jherico · · Score: 2, Interesting

    That's as may be, but a default OS installation should have no reason to talk to any of the root servers. Only a machine RUNNING a DNS server should have any reason to communicate with root servers.

    --

    Jherico

    What can the average user can do to ensure his security? "Nothing, you're screwed"

  5. Re:I call bullshit. by Igmuth · · Score: 4, Interesting

    And to even get to the point where PeerGuardian (or whatever) can see the frame, it has to pass through his firewall -- presuming that he has one. And that means he either is explicitly allowing that port through or he made the connection himself.

    If you look at the screenshots, you can see he's connecting RDP to 192.168.0.1, which is the typical gateway address on most NATs. I think he might actually be running a WinXP box as a firewall. This would explain how he is seeing all of the packets, with the external destination IP. Therefore I wonder if his XP box has just been rooted.
  6. Hacker took over the box perhaps? by Adammil2000 · · Score: 2, Interesting

    Is it possible that this box was taken over by a hacker and is trying to attack DoD addresses? As opposed to some alleged "phone home" behavior that Vista is showing?

  7. Linux and Amiga users can be safe... by 3seas · · Score: 2, Interesting

    http://zapatopi.net/mindguard/

  8. Re:I call bullshit. by JimDaGeek · · Score: 2, Interesting

    The last time I checked, Microsoft has more of a liberal / left-wing / Democrat bent than a conservative / right-wing / Republican leaning direction.
    Nah, MS is a typical corporate whore that gives bribe money where ever they can to maximize profits. If you look at their SOFT MONEY DONATIONS from 1998, 81% went to the Republicans.

    With the current Democrat control, MS will obviously send more bribe money their way.
    --
    General, you are listening to a machine! Do the world a favor and don't act like one.
  9. I doubt it's due to Vista... by Anonymous Coward · · Score: 5, Interesting

    With PeerGuardian, you see all kinds of crap. I doubt anyone is checking up on him due to Vista. It's more likely his IP is confused for one running P2P.

    I mean, hell, 38.100.26.190 (SafeNet / MediaSentry) has been DoSing me with 10 connections/second bursts for ages now because I once clicked the wrong torrent but you don't see me writing Slashdot stories over it.

    1. Re:I doubt it's due to Vista... by Anonymous Coward · · Score: 2, Interesting

      I mean, hell, 38.100.26.190 (SafeNet / MediaSentry) has been DoSing me with 10 connections/second bursts for ages now because I once clicked the wrong torrent but you don't see me writing Slashdot stories over it.

      Maybe you should. In the context of ISPs crying poor because they may have to deliver a significant portion of the bandwidth that they are being paid for, that 2.5 billion+ packets per second is probably signficant (assuming only 250M "suspects").

  10. Re:I call bullshit. by blowdart · · Score: 2, Interesting

    yet here we have somebody stepping up front and center with an apparently freshly installed and freshly owned Vista box.

    Incoming P2P connections are proof of ownage? Really? How exactly is showing Peer Guardian *snicker* as a "packet sniffer" on his gateway, which apparently is XP (err, uber 3l1t3 points there) showing incoming traffic from a range of IPs to a Vista machine running P2P software ownage? Heck you can't even tell if it's Vista making the connections, or if they are inbound as normal P2P traffic is because his "packet sniffer" doesn't log that information, it simply logs inbound connections.

    Funny how the original forum post this "news" came from was deleted.

  11. Re:think again by Fallingcow · · Score: 2, Interesting

    I *think* that what happens is that the Peerguardian folks blacklist whole IP blocks based on their nominal ownership, so three things might cause them to show up:

    1) The attempted connection is actually a P2P monitoring or spyware thing coming from a DoD machine, and is legitimately blocked and correctly labeled
    2) Someone's running P2P software on a DoD machine (or their own machine on a DoD network).
    3) Someone's running P2P software on a NON-government machine that is unlucky enough to be on the same IP block, for whatever reason, so the label's actually wrong.

    I'd imagine that's how a lot of the weirder ones show up, like "CHINANET henan province network" and "Zhuji Municipal People's Government" (those are real entries from my log right now) and crap like that; Peerguardian just blocks chunks of IP space that are owned by any governmental agencies in any country.

    I don't KNOW this to be the case, but it seems to be what's going on.