US Government Checking Up On Vista Users?

Paris The Pirate writes "This article at Whitedust displays some very interesting logs from Vista showing connections to the DoD Information Networking Center, United Nations Development program and the Halliburton Company; for no reason other than the machine was running Vista. From the article 'After running Vista for only a few days — with a complete love for the new platform the first sign of trouble erupted. I began noticing latency on my home network connection — so I booted my port sniffing software and networking tools to see what was happening. What I found was foundation shaking. The two images below show graphical depictions of what has and IS trying to connect to my computer even in an idle state'."

I call bullshit.

[XorNand]

I swear this place is becoming more and more like Digg everyday. I'm no longer renewing my Slashdot subscription while I can get this same quality news for free elsewhere. Where do I start?

1.The screenshots clearly show WinXP, not Vista. In fact, this guy's ultra-leet "port sniffing software and networking tools" is PeerGuardian 2. Straight from the product's home page: Note: PeerGuardian 2 does not support Windows Vista at the moment. This is a top priority, and we hope to have a Vista download soon.

2. Lame screen shots from some Windows app isn't enough to validate a conspiracy theory. Where's the complete traffic dump? And not from some random guy and his "fanboy" friend; how about a creditable network security organization? Hell, I'd even settle for an intern with his CCNA.

3. Hard to tell because all we have are screen shots, but it looks like nothing more than port scans. ::yawn::

(Guess is this is what I get for spending a beautiful Sunday afternoon indoors, on my computer).

Re:I call bullshit.

[igotmybfg]

1.The screenshots clearly show WinXP, not Vista. In fact, this guy's ultra-leet "port sniffing software and networking tools" is PeerGuardian 2. Straight from the product's home page: Note: PeerGuardian 2 does not support Windows Vista at the moment. This is a top priority, and we hope to have a Vista download soon.

The screenshots also clearly show another computer is involved, since he is remoting from his Vista PC to his Windows PC. Perhaps they are both on the same network, and he has reason to believe that these connections are being caused by having Vista on the network.

Re:I call bullshit.

[avaric3]

The machine running the peer guardian is an XP machine. It is sniffing traffic on the local network and filtering out all the results that don't originate from the vista machine. He is running remote desktop from the Vista machine to the XP machine (the one running Peer Guardian). He probably did this because of the issues that software has with Vista, or possible because he feels that Vista would hide this information from programs running locally.

Re:I call bullshit.

I agree, but .. you missed the best part.
PeerGuardian is for blocking *incoming* connections, this has nothing to do with Vista *AT ALL*.
The names that show up against the IP are taken from user submitted rule files(In case you didn't know this is so that IP's from RIAA/MPAA employed companies can be blocked-who log all ip's connected to any torrent as seeds/leeches). There is no validation on the name corresponding to the IP. Complete and utter FUD.
Even the IPs DID correspond to DoD etc.. there is a completely plausible reason for that.
Bit torrent clients cache IP addresses so that they can connect to all the seeds/leeches in case the torrent managing host goes down. All this has proven is that the US Government uses Bit torrent.

Re:I call bullshit.

[ptbarnett]

Hard to tell because all we have are screen shots, but it looks like nothing more than port scans.

Or P2P. But, the important part is that he is showing nothing more than incoming frames, and conveniently obscures the destination port(s).

And to even get to the point where PeerGuardian (or whatever) can see the frame, it has to pass through his firewall -- presuming that he has one. And that means he either is explicitly allowing that port through or he made the connection himself.

I wonder what Task Manager would show running?

Re:I call bullshit.

[guardiangod]

For the first time in many years, I agree that /. ain't what it used to be.

Blah how does this make the front page? There are million of reasons for these connections.

Maybe he is using a dynamic ip based isp and he just got a new ip? Maybe the last person who used that ip was using bittorrent? Botnets trying to reconnect to this ip?

Aside from those "Remote Desktop" xp screenshots, I noticed there are Hei Long Jiang education committee, UN Development program, China Edu and Research Network, and whatever.

I guess the DoD and the "Chinese intelligence agency" are both attacking his computer.

UN probably sent some people to infiltrate his computer as well.

Wait, Hei Long Jiang is right next to Russia? Maybe the KGB is using China's network to go after him as well!*roll eyes*

Even if they are not bt, they might just as well be port scans.

News for nerds, indeed.

Re:I call bullshit.

[gujo-odori]

Yeah, I looked at the wide-ranging place he's getting connections from and asked myself, "Now, what do IPs in all those places - especially China - tend to have in common?" I've been working in email security for four years and was a postmaster before that, so I had a ready answer to that question; zombies.

P2P and fast-flux networks is the current cutting edge of botnets, and that fits with all the inbound connections he's seeing.

The explanation that fits best with his experience is that his Vista box has already been owned and has become part of a botnet.

While his conspiracy theory that Microsoft is in bed with DoD, DOHS, and Haliburton (gimme a break!) is clearly anti-MS FUD, there is good reason to draw a bad conclusion about Vista from this. One of Vista's big selling points was better security, yet here we have somebody stepping up front and center with an apparently freshly installed and freshly owned Vista box.

The article doesn't speak well of Vista, but not for the tinfoil hat theory advanced by its author.

The other leading theory, which has been advanced by a number of others, is that he's running bit torrent or another P2P app. This is also plausible, and if the zombie theory is wrong, then the P2P app theory still holds. Bhy far the least likely explanation is the conspiracy theory advanced by the author.

PeerGurdian is not a legitimate investigative tool

The DOD NIC runs one of the DNS root servers. Yes, that's right... his DNS requests are sometimes going to the Department of Defense! Burn the government down.

Highly Suspicious to me...

[tgatliff]

Either M$ is the dumbest company on earth, or this is a scam article. I would assume that if M$ was in fact monitoring users, which I think is quite possible, then all of the information would go back to Redmond and then distributed to the appropriate groups. At least this way they have plausible deniability....

Also, "Halliburton"? Give me a break.... First, what type of tool is going to return a text output so blunt... Not is not "HA-39214", but instead is just "Haliburton" the evil company.... Also, I am certainly not a fan of the company and its former involvement with the vice president which just smells bad to begin with, but what in the world would a military contracting company that fufills soft drinks, food, oil, and other supplies to military groups want to monitor computers... This is just unrealistic...

Re:Simple solution

[MillionthMonkey]

Great plan genius- now we have to find someone who bought Vista! :)

Re:I can confirm this

Posting anonymously for obvious reasons...

I work in one of the extraterrestial government agencies not in question, and I can confirm that we have been doing this. To be fair to United States government, they had no choice to let us in. It's been going on for years now. Right here, directly out of our own network, so that any retard with a freeware tcpdump/traceroute frontend can see exactly what they're up to.

PS: this isn't real.

Just Vista?

[orkysoft]

So he installed Vista, plus his warez, and now he's seeing suspicious network connections? Get a grip.

I'd like to see a bare install of Vista (legit), with no other programs running, and connection monitoring being done on a router in between the Vista box and the internet, before I will believe this. And I say this as a die-hard Linux user who has barely touched XP.

No Destination Ports

[tiny69]

The screenshots conveniently leave out the destination ports. With out that information and without knowing what programs the user had installed or running, the entire article is a waste of time. We have no idea if the traffic is associated with a program he's running or if it's something else. He's concerned about connections that appear to originate from the U.S. Government, but isn't phased by the connections appearing to come from China. Oh noes!?! China has a backdoor in Vista!!

My guess is that he's running some P2P software. Guess what? The U.S. Government does get 0w3nD and does have problems with viruses, trojans, and P2P software.

Nothing to see here. Move along....

I doubt it's due to Vista...

With PeerGuardian, you see all kinds of crap. I doubt anyone is checking up on him due to Vista. It's more likely his IP is confused for one running P2P.

I mean, hell, 38.100.26.190 (SafeNet / MediaSentry) has been DoSing me with 10 connections/second bursts for ages now because I once clicked the wrong torrent but you don't see me writing Slashdot stories over it.

Re:No, sir, it is you who is full of shit of a bul

[bensode]

Actually, Windows Server 2003 SP0 has no firewall -- you get that with SP1 or R2 versions. So tone down your pwnt rant it's obvious you have not installed all flavors thereof and the ink on your MS cert must still be wet. To be perfectly clear here, let's go to the source, Microsoft. I've pasted the important bits after the link. No need to believe me, just google "introduction of firewall Windows server 2003".

http://www.microsoft.com/technet/community/columns /cableguy/cg1204.mspx

Differences in Default Behavior for Windows Firewall
Windows Server 2003 SP1 includes Windows Firewall, which works the same way as Windows Firewall in Windows XP SP2. However, because the purpose of a server computer is to accept incoming unsolicited traffic, Windows Firewall for Windows Server 2003 SP1 is disabled by default.

The exception to this behavior is the following: for a new installation of Windows Server 2003 that already includes SP1 (known as a slipstream installation), Windows Firewall is enabled by default for the duration of the Post-Setup Security Updates, a portion of the initial setup of the server computer in which the latest security fixes are downloaded and installed from Windows Update and Automatic Updates are configured. After the Post-Setup Security Updates is complete, Windows Firewall is disabled. If you do not want the Post-Setup Security Updates, you can use the Unattend.txt file or Group Policy to configure Windows Firewall settings. The Post-Setup Security Updates does not occur if there are configured Windows Firewall settings.

You can enable Windows Firewall on a computer running Windows Server 2003 with SP1 manually using the Windows Firewall component of Control Panel, through Group Policy settings as described in Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2, or you can use the new Security Configuration Wizard in Windows Server 2003 SP1. The Security Configuration Wizard is the recommended method to enable and configure Windows Firewall and other security settings on computers running Windows Server 2003 with SP1.