Additions
reposted from 361326
25.02.2007 10:41
Good god, save us from paranoids and computer illiterates and computer-illiterate paranoids.
Until this goober with firewall can actually learn enough about his own software to compile a list of what ports were scanned (you'd think that would be an essential part of any portscan allegation, yes?) then these allegations are still utterly worthless, and the most likely explanation is still the most benign, that this guy's firewall is dropping entirely innocent packets.
Now when there's a firewall log that actually shows indymedia probing ports that indymedia has no business probing then there might be some questions to answer, but until then, get a grip on yourselves, and read a book on basic networking, guys.
To get things in perspective, my router log currently shows 208 blocked TCP connections, 54 of which are probably automated windows viruses poking my ports for windows vulnerabilities without the knowledge or consent of the user at the other end, 1 probe to see whether I was running a SOCKS proxy server (there are both good and bad reasons for checking that, but from the source, I'd guess this one was malicious), and the remaining 143 are just dropped connection packets and the like, attempting to connect to ports which would almost never be running vulnerable services that a hacker would want to exploit. Some of those show the same level of 'persistence' that the second screenshot complains about. 78 of the innocent packets come from one single source, and I'm fully aware of the reasons for him being in my logs.
I'm all for people keeping a wadder eye on their computer security, but lay off the hysteria until you know enough about your firewall and about networking to actually make a well formed accusation. I'm still at a loss as to WHY indymedia, even if it was run entirely by spooks, would go out of it's way to probe you. If the spooks really felt the urge to do such a thing, then surely they'd put your IP addresses into the MI5 computer and then nmap you from some random spot on the net rather than hax0r your netz0rz from their precioussss honeypot and discredit their own operation. Sounds stupid to me.
Until this goober with firewall can actually learn enough about his own software to compile a list of what ports were scanned (you'd think that would be an essential part of any portscan allegation, yes?) then these allegations are still utterly worthless, and the most likely explanation is still the most benign, that this guy's firewall is dropping entirely innocent packets.
Now when there's a firewall log that actually shows indymedia probing ports that indymedia has no business probing then there might be some questions to answer, but until then, get a grip on yourselves, and read a book on basic networking, guys.
To get things in perspective, my router log currently shows 208 blocked TCP connections, 54 of which are probably automated windows viruses poking my ports for windows vulnerabilities without the knowledge or consent of the user at the other end, 1 probe to see whether I was running a SOCKS proxy server (there are both good and bad reasons for checking that, but from the source, I'd guess this one was malicious), and the remaining 143 are just dropped connection packets and the like, attempting to connect to ports which would almost never be running vulnerable services that a hacker would want to exploit. Some of those show the same level of 'persistence' that the second screenshot complains about. 78 of the innocent packets come from one single source, and I'm fully aware of the reasons for him being in my logs.
I'm all for people keeping a wadder eye on their computer security, but lay off the hysteria until you know enough about your firewall and about networking to actually make a well formed accusation. I'm still at a loss as to WHY indymedia, even if it was run entirely by spooks, would go out of it's way to probe you. If the spooks really felt the urge to do such a thing, then surely they'd put your IP addresses into the MI5 computer and then nmap you from some random spot on the net rather than hax0r your netz0rz from their precioussss honeypot and discredit their own operation. Sounds stupid to me.
imcista
reposted from 361326
25.02.2007 10:45
This is not news, please raise this issue on the tech list: 
http://lists.indymedia.org/imc-uk-tech
http://lists.indymedia.org/imc-uk-tech
imcista
Have you done any of the things suggested?
25.02.2007 10:49
You've been asked to provide details of the ports that are allegedly being scanned.
You've been asked to wireshark and capture a packet.
You've been asked to contact the tech list.
Till you do those things, nobody can help you, and your posts on the subject will keep being hidden.
You've been asked to wireshark and capture a packet.
You've been asked to contact the tech list.
Till you do those things, nobody can help you, and your posts on the subject will keep being hidden.
imcista