Toronto Girlfriends
Toronto Escorts

firewall notice

basketcase

Well-known member
Dec 29, 2005
59,732
6,289
113
I'm using Kaspersky anti-hacker and have gotten a bunch of notices while on terb (and to my recolection only on terb about my computer/netscape trying to connect with a rogers site

CPE00062505248b-CM00109512984e.cpe.net.cable.rogers.com (IP 24.42.171.91) on remote port 1020 through various local ports

Any idea what up with this?
 

Fred Zed

Administrator
Dec 31, 1969
15,360
714
113
UP ABOVE SMILING
www.terb.cc
I am not sure what that means

But we don't have anyone with that IP here on TERB:
----------------------------

Search for IP Address: "24.42.171.91"
24.42.171.91 : CPE00062505248b-CM00109512984e.cpe.net.cable.rogers.com
Post IP Addresses:

No Matches Found

Registration IP Addresses :

No Matches Found
 

thewheelman

New member
Feb 3, 2004
576
0
0
I know exactly what you are talking about...

One of the ads that appears at the top of the page is initiating an outgoing connection to that IP (24.42.171.91 port 1020) every time it loads.

I blocked it. I don't like the idea of sending infomation from my PC to a Rogers cable modem subscriber. I could un-block it and capture the outgoing packets to that address, to assess the content, but isn't that the web managers job. In any case that address is recording every visitor using TERB. :(
 

thewheelman

New member
Feb 3, 2004
576
0
0
The ad in question is the Lida2005 ad that appears on the top of the page.

It appears to simply be opening a connection to port 1020 at 24.42.171.91 to retrieve a .gif , BUT after it finishes with port 1020 it opens up a connection on port 1060 and retrieves your name from your PC.:mad:
 

dreamer

New member
Sep 10, 2001
1,164
0
0
Maple
Goes to show you, you can't trust B&S operations like Lady Goodiva
 

seymore

New member
Apr 21, 2003
466
0
0
Okay, I'd like to know 3 things.
1. Does this affect mac users?
2.How do I block it on my pc?, and
3. Can't it be stopped by terb?
 

thewheelman

New member
Feb 3, 2004
576
0
0
seymore said:
Okay, I'd like to know 3 things.
1. Does this affect mac users?
2.How do I block it on my pc?, and
3. Can't it be stopped by terb?
1. Not Sure . The server is using some WebDAV extensions that returned my full name in an "<owner>" field.
2. Use a firewall that monitors outgoing connections like Zone Alarm or my preference, Outpost.
3. I sent terbadmin a PM about the ad.
 

canucklehead

Active member
Oct 16, 2003
2,422
12
38
seymore said:
Okay, I'd like to know 3 things.
1. Does this affect mac users?
2.How do I block it on my pc?, and
3. Can't it be stopped by terb?
I run in stealth mode with my firewall enabled and having logging turned on. I have nothing out going from my home network as it just bounces off. U can't even ping me.
 

Fred Zed

Administrator
Dec 31, 1969
15,360
714
113
UP ABOVE SMILING
www.terb.cc
thewheelman said:
The ad in question is the Lida2005 ad that appears on the top of the page.

It appears to simply be opening a connection to port 1020 at 24.42.171.91 to retrieve a .gif , BUT after it finishes with port 1020 it opens up a connection on port 1060 and retrieves your name from your PC.:mad:
Most probably the stats counter at the advertiser's site would capture your IP ( if you click on the banner ). Many stats counters do that. No way would the owner of site be able to retrieve your name that way. I don't think you know what you are talking about.
 

thewheelman

New member
Feb 3, 2004
576
0
0
Fred Zed said:
Most probably the stats counter at the advertiser's site would capture your IP ( if you click on the banner ). Many stats counters do that. No way would the owner of site be able to retrieve your name that way. I don't think you know what you are talking about.

Ok... if that's your attitude ...
but...

1.) I have been in the networking field since running batch jobs with punch cards in the early eighties at Ryerson
2.) For seven years one of my responsibilities is to provide Level 6 support at one of the largest ISP's in Canada.
3.) I have a packet capture of the entire session. First packet came from 24.42.171.91:1060, it was acked, and then the second packet is the one sent back from my PC. That packet contained my login name.


0000 00 40 96 a2 e1 d3 00 0d 88 c2 fd 41 08 00 45 00 .@.........A..E.
0010 01 be 16 f5 00 00 7c 06 a1 b2 18 2a ab 5b c0 a8 ......|....*.[..
0020 00 65 04 24 0f 5a a8 ca c9 78 c9 dd b0 fe 50 18 .e.$.Z...x....P.
0030 43 b5 28 d1 00 00 48 54 54 50 2f 31 2e 31 20 32 C.(...HTTP/1.1 2
0040 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 4d 00 OK..Server: M
0050 69 63 72 6f 73 6f 66 74 2d 49 49 53 2f 35 2e 30 icrosoft-IIS/5.0
0060 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 ..Date: Mon, 27
0070 46 65 62 20 32 30 30 36 20 32 32 3a 34 39 3a 35 Feb 2006 22:49:5
0080 30 20 47 4d 54 0d 0a 58 2d 50 6f 77 65 72 65 64 0 GMT..X-Powered
0090 2d 42 79 3a 20 41 53 50 2e 4e 45 54 0d 0a 4d 53 -By: ASP.NET..MS
00a0 2d 41 75 74 68 6f 72 2d 56 69 61 3a 20 44 41 56 -Author-Via: DAV
00b0 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 ..Content-Length
00c0 3a 20 30 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 : 0..Accept-Rang
00d0 65 73 3a 20 6e 6f 6e 65 0d 0a 44 41 53 4c 3a 20 es: none..DASL:
00e0 3c 44 41 56 3a 73 71 6c 3e 0d 0a 44 41 56 3a 20 <DAV:sql>..DAV:
00f0 31 2c 20 32 0d 0a 50 75 62 6c 69 63 3a 20 4f 50 1, 2..Public: OP
0100 54 49 4f 4e 53 2c 20 54 52 41 43 45 2c 20 47 45 TIONS, TRACE, GE
0110 54 2c 20 48 45 41 44 2c 20 44 45 4c 45 54 45 2c T, HEAD, DELETE,
0120 20 50 55 54 2c 20 50 4f 53 54 2c 20 43 4f 50 59 PUT, POST, COPY
0130 2c 20 4d 4f 56 45 2c 20 4d 4b 43 4f 4c 2c 20 50 , MOVE, MKCOL, P
0140 52 4f 50 46 49 4e 44 2c 20 50 52 4f 50 50 41 54 ROPFIND, PROPPAT
0150 43 48 2c 20 4c 4f 43 4b 2c 20 55 4e 4c 4f 43 4b CH, LOCK, UNLOCK
0160 2c 20 53 45 41 52 43 48 0d 0a 41 6c 6c 6f 77 3a , SEARCH..Allow:
0170 20 4f 50 54 49 4f 4e 53 2c 20 54 52 41 43 45 2c OPTIONS, TRACE,
0180 20 47 45 54 2c 20 48 45 41 44 2c 20 43 4f 50 59 GET, HEAD, COPY
0190 2c 20 50 52 4f 50 46 49 4e 44 2c 20 53 45 41 52 , PROPFIND, SEAR
01a0 43 48 2c 20 4c 4f 43 4b 2c 20 55 4e 4c 4f 43 4b CH, LOCK, UNLOCK
01b0 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a ..Cache-Control:
01c0 20 70 72 69 76 61 74 65 0d 0a 0d 0a private....


0000 00 0d 88 c2 fd 41 00 40 96 a2 e1 d3 08 00 45 00 .....A.@......E.
0010 02 06 d5 15 40 00 80 06 9f 49 c0 a8 00 65 18 2a ....@....I...e.*
0020 ab 5b 0f 5a 04 24 c9 dd b0 fe a8 ca cb 0e 50 18 .[.Z.$........P.
0030 42 da e8 f5 00 00 4c 4f 43 4b 20 2f 20 48 54 54 B.....LOCK / HTT
0040 50 2f 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 4c P/1.1..Content-L
0050 61 6e 67 75 61 67 65 3a 20 65 6e 2d 75 73 0d 0a anguage: en-us..
0060 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 65 3a Accept-Language:
0070 20 65 6e 2d 75 73 2c 20 65 6e 2d 63 61 3b 71 3d en-us, en-ca;q=
0080 30 2e 35 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 0.5..Content-Len
0090 67 74 68 3a 20 31 39 30 0d 0a 54 69 6d 65 6f 75 gth: 190..Timeou
00a0 74 3a 20 53 65 63 6f 6e 64 2d 31 38 30 0d 0a 54 t: Second-180..T
00b0 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e ranslate: f..Con
00c0 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f tent-Type: text/
00d0 78 6d 6c 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 55 xml..Depth: 0..U
00e0 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f ser-Agent: Micro
00f0 73 6f 66 74 20 44 61 74 61 20 41 63 63 65 73 73 soft Data Access
0100 20 49 6e 74 65 72 6e 65 74 20 50 75 62 6c 69 73 Internet Publis
0110 68 69 6e 67 20 50 72 6f 76 69 64 65 72 20 44 41 hing Provider DA
0120 56 0d 0a 48 6f 73 74 3a 20 32 34 2e 34 32 2e 31 V..Host: 24.42.1
0130 37 31 2e 39 31 3a 31 30 36 30 0d 0a 43 6f 6e 6e 71.91:1060..Conn
0140 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 ection: Keep-Ali
0150 76 65 0d 0a 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 ve....<?xml vers
0160 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 ion="1.0" encodi
0170 6e 67 3d 22 55 54 46 2d 38 22 20 3f 3e 0d 0a 3c ng="UTF-8" ?>..<
0180 6c 6f 63 6b 69 6e 66 6f 20 78 6d 6c 6e 73 3d 22 lockinfo xmlns="
0190 44 41 56 3a 22 3e 0d 0a 3c 6c 6f 63 6b 74 79 70 DAV:">..<locktyp
01a0 65 3e 0d 0a 3c 77 72 69 74 65 2f 3e 0d 0a 3c 2f e>..<write/>..</
01b0 6c 6f 63 6b 74 79 70 65 3e 0d 0a 3c 6c 6f 63 6b locktype>..<lock
01c0 73 63 6f 70 65 3e 0d 0a 3c 65 78 63 6c 75 73 69 scope>..<exclusi
01d0 76 65 2f 3e 0d 0a 3c 2f 6c 6f 63 6b 73 63 6f 70 ve/>..</lockscop
01e0 65 3e 0d 0a 3c 6f 77 6e 65 72 3e 52 6f 62 65 72 e>..<owner>Fred.
01f0 74 2e 46 69 74 7a 67 69 62 62 6f 6e 73 3c 2f 6f Flinstone</o
0200 77 6e 65 72 3e 0d 0a 3c 2f 6c 6f 63 6b 69 6e 66 wner>..</lockinf
0210 6f 3e 0d 0a

4.) Anyone can check the properties of the Lida2005 ad and see the GET to 24.42.171.91:1020 for the image.
5.) And you can view the source for the lida2005.htm file and see the reference to 24.42.171.91:1060

As a good TERB citizen I responded to a thread from another concerned member with factual information, and I have brought this issue to the proper TERB authorities. My work is done.
 

islandman4567

Active member
Oct 9, 2002
1,241
15
38
canucklehead said:
I run in stealth mode with my firewall enabled and having logging turned on. I have nothing out going from my home network as it just bounces off. U can't even ping me.

so how would I go about doing this ? I'm assuming I need a router , correct?
anything else?
 

thewheelman

New member
Feb 3, 2004
576
0
0
Actually a typical router (Linksys, D-Link) will only protect you from incoming connections. Stealth mode only means that no incoming packets are returned by you...thereby hiding your presence. It will not monitor your ports and notify you when an outgoing connection is initiated.

For that you need a software firewall like Outpost or Zone Alarm etc. I use Outpost. http://www.agnitum.comOnce installed, if any application opens an outgoing connection, you are notified and given several options, block once, block all, allow once, allow always, create rules based on templates or create custom rules.

You would also be surprised at the number of applications that "call home" during installation or activation.

http://fileforum.betanews.com/browse/Security/Firewalls
 
Toronto Escorts