My firewall just blocked the DoD from looking into my computer

what should I do?

Here's the result from the search:

OrgName: DoD Network Information Center
OrgID: DNIC
Address: 7990 Science Applications Ct
Address: M/S CV 50
City: Vienna
StateProv: VA
PostalCode: 22183-7000
Country: US

NetRange: 206.36.0.0 - 206.39.255.255
CIDR: 206.36.0.0/14
NetName: DDN-BLK-36
NetHandle: NET-206-36-0-0-1
Parent: NET-206-0-0-0-0
NetType: Direct Allocation
NameServer: AAA-VIENNA.NIPR.MIL
NameServer: AAA-KELLY.NIPR.MIL
NameServer: AAA-VAIHINGEN.NIPR.MIL
NameServer: AAA-WHEELER.NIPR.MIL
Comment: DOD Network Information Center
Comment: 14200 Park Meadow Dr., Suite 200
Comment: Chantilly, VA 20151 US
RegDate: 1995-05-30
Updated: 2004-09-14

:shrug:

YIKES!

I have sygate free personal on and I never get scanned, or at least I don't think I do.

and that's what I came up with,

version so far. Not sure if that's sufficient?

Here's the link if anyone is interested.

http://www.download.com/3000-2092-10039884.html?part=zonealarm&subj=dlpage&tag=button

Hope it's safe ;)

Windows firewall only blocks inbound traffic, not outbound. So, in the event that you do get infected with a piece of phone-home malware, WF will cheerily let it do its dirty work without letting you know about it.

:hi:

But a second level of protection (ZoneAlarm) is recommended for 'outbound' traffic. I JUST installed Zone's Anonymizer this morning, works great ($30) but slows down bandwidth by a third.

Small price to pay. They can't see my ip (which they can without it) and they don't know where I am coming from. Had them ping me also last year. The hardwall blocked it.

it has blocked an awful lot daily...

It's great! It blocks everything that shouldn't be coming in or going out and it's really easy to set up. :-)

http://visualize.phenominet.com/visualzone/visualzone.htm

Not sure how it compares to Geektools but it works right from the ZA logs and has a number of tools to get info on intruders even does backtraces which might get data on a specific machine.

I won't pretend to know about all that technical stuff, but that is DAMN scary.

Have you been doing anything different online?

My norton firewall does the same.

:kick:

i figure if they really wanted me, they wouldn't bother fuckin' with me online, they'd just come get me.

What have you been Googling lately?

Raise a stink!

Don't worry about it. If they thought you were doing anything effective, you wouldn't be posting on DU right now.

:wow:

It's a non-obtrusive way to see who is visiting your site and when. (Take a look at the bottom of my page, the green box belongs to sitemeter.)

www.sitemeter.com

The military uses spiders like any other large organization, I wouldn't worry about it. (It creeped me out the first time I saw it.)

The people you need to worry about are the Freepers who live in your neighborhood. If a fascist state does take root here, the Freepers will be the ones who'll turn you in to the spooks.

That's how it always works in dictatorships: Neighbors turning in neighbors.

Not sure if I need all this stuff? But, I do know that spyware has been installed on my PC and I remove it periodically. :shrug:

Has DU been experiencing not seeing some posters around that usually post a lot lately?

intrusion attempt blocked, and it gives me the IP address..then I go to www.geektools.com and click on (whois) and type in the IP and it tells me who they are.

this time, it was the DoD

security was erased this week and I couldn't access the internet. I had to put my computer in the shop and they had to reformat. I now have Zerosypware installed and I hope it catches this crap next time this happens. What a pain in the ass!

Scarey too!

scanning for insecure computers that they can hijack and send spam with. They spoof the IP address so as not to get caught.

:hi:

DoD civilian employees do exist and I bet plenty of them are even members of the DU. Having an affiliation with the DoD doesn't mean that it is something to be worried about ... likely just traffic I'd suggest it it perhaps someone with a fake ID as mentioned above.

DNIC services everything from gov't cube rats to underway Navy ships. Don't worry about it.

this is the second time this happened.

Perhaps someone could provide a primer on how to install and maintain? Would be a great service.

figure that out!

computer literate as the rest of you, so Ièm not sure what to do

done anything wrong. I'm like you though, I do not understand a lot about the files and stuff. I know enough to get by so far. I pay a yearly fee for McAfee to keep me updated all year round. I'll be online and then my computer will start downloading an update from McAfee. So far, so good. (knock wood)

Firewalls prevent, for the most part, somebody from hacking into your computer and watching what you're doing. They also can prevent viruses from being transmitted if they can't get connected to your computer. It's not that complicated, really, a firewall is just what it sounds like. It's a defensive mechanism for your computer, to keep out unwanted visitors.

To tell you the truth, though, I doubt that the government could NOT get into your computer if they really wanted to. I'm sure they have their ways, but I'm not sure of that.

I can't imagine what the department of DEFENSE would want to know here. I can imagine maybe Homeland Security maybe, but seriously, anybody planning harm to the country is not on this site. We're just bitchers and folks looking to improve the government.

Here's a little blurb from McAfee's site, explains about firewalls.


McAfee® Personal Firewall Plus

Safeguards your online financial transactions
Protects your personal data from online intruders
Enhances anti-virus defenses such as McAfee® VirusScan®
Updates automatically to protect against new threats
Are you vulnerable to identity theft? Internet hackers know thousands of ways to break into vulnerable PC systems. In seconds, they can steal private files, credit card information, tax records, passwords and Social Security Numbers. Remote thieves can even hijack your system to send spam messages. Or plant destructive viruses.

On broadband or dial-up, McAfee Personal Firewall Plus provides a secure, always-on barrier between your computer's hard drive and hostile Internet threats. It combines perfectly with your McAfee VirusScan anti-virus protection for multi-layered PC defense against sophisticated viruses like Mydoom, which can open up communication backdoors on computers.

Do you have anymore information, was this a scan, a connection attempt what?

If we don't hear from you the next coupla days I will freak out.

hidden inside, along with a passport, some money, a change of clothes (that orange jumpsuit is just too "Gitmo") and the keys to a rental car that'll be parked down on the corner for you to make your getaway in.

You'll know which cake; it'll be quite large. :D

surrounded by water.

Just leave the keys in the car; someone will pick it up later.

:D

So you get the sub instead.

:D

and rub it while you browse. You'll be amazed at who tries to contact your computer.

http://methlabs.org

edit- then RUN it while you browse.

then go ahead and rub it...if you must.

I tried peerguardian but I can't get it to run because it's missing a file, I'm running win98 2nd ed. I think it might be a VB file or something like that. Is there a fix in the new version?

I had to go into the forum and find an older version.

does your have that? You can report the intruding ip addresses.

cancelled...but I don't think it'll work with the DoD

Freaked me out when it started happening. Now I'm almost used to it.


DoD Network Information Center JMCIS-BLOCK (NET-205-0-0-0-1)
205.0.0.0 - 205.117.255.255
DOD Network Information CenterSPAWARDEPARTMENT OF THE NAVY JMCIS-BLOCK3 (NET-205-96-0-0-1)
205.96.0.0 - 205.103.255.255

OrgName: DoD Network Information Center
OrgID: DNIC
Address: 7990 Science Applications Ct
Address: M/S CV 50
City: Vienna
StateProv: VA
PostalCode: 22183-7000
Country: US

NetRange: 205.0.0.0 - 205.117.255.255
CIDR: 205.0.0.0/10, 205.64.0.0/11, 205.96.0.0/12, 205.112.0.0/14, 205.116.0.0/15
NetName: JMCIS-BLOCK
NetHandle: NET-205-0-0-0-1
Parent: NET-205-0-0-0-0
NetType: Direct Allocation
NameServer: NCC.NCTS.NAVY.MIL
NameServer: GATE.NCTS.NAVY.MIL
NameServer: NS1.NOSC.MIL
Comment: DOD Network Information Center
Comment: Space and Naval Warfare Systems
Comment: Washington, DC 20363-5100 US
RegDate:
Updated: 2004-09-20

TechHandle: LS529-ARIN
TechName: Slade, Lawana
TechPhone: +1-850-452-7562
TechEmail: LSLADE@nnic.navy.mil

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-703-676-1051
OrgTechEmail: HOSTMASTER@nic.mil

This is reeeeal common. Everyone's who ever peeks into their firewall logs eventually sees queries from the DNIC :)

folders and then I noticed in my FTP accounts one for the Government. Is this normal in Windows XP? I never created it???

Then there are three main folders:

1. Electronic. (opened and full of thousands of zip files)
2. Matching 04 (lists all of the Democrats who were running for the Democratic nomination to run against Bush)
3. Presidential FTP and it has tons of zip folders with names like buchanan, nadar, larouche, quayle.

Then when I try to open any zip file, it asks me for a cd????

This is the name of the folder(ftp://ftp.fec.gov/). Is this just a normal Windows XP folder since it is for the FEC?

ftp://ftp.fec.gov/FEC/
ftp://ftp.fec.gov/FEC/electronic
ftp://ftp.fec.gov/FEC/matching_04
ftp://ftp.fec.gov/FEC/presidential

Would that be illegal to have???? Reason I ask is because I have tons of zip files and sub-files.

Do you think the files have complaints regarding the names I mentioned or something???

Only asking because you seem to have a clue.

The site is public, free for the taking.

No, I don't think the files have any specifity to your complaints or concerns. You've just downloaded the whole kaboodle from the top down.

Have you ever used a site leecher, download manager, or FTP client?

Frontpage. A "site leecher" I have never heard of. Download manager is an FTP program, right?

So I can delete all that and it won't affect any of my other programs?

Thanks for your help and anymore information is greatly appreciated.

But, you might want to burn it to a CD first. It's a lot of good information, worth keeping. Check out the README file at the root to see a description of what you've got.

Saw a posting about it a few days ago. You should check for the post and see if they got the same info.

See if you can determine what service (port) they are trying to connect to. If I had to guess, I would say that they probably have a honeypot setup that is getting infected then scanning blocks of computers to infect others. If that's the case, they really need to block outgoing traffic to prevent further damage to other systems. Another possibility is that a system was flat out comprimised by a hacker or worm and is continuing to scan for vulnerable machines. That would be anexample of the sorry state of information security in the US.

the last guy assigned your IP had a P2P session going with someone. The P2P server (or client) is just pinging you to see if he's still there.

is fogging up my flatscreen.

Here is my post at the time:

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=104&topic_id=2559469

Evidently, this was NOT an isolated incident.

--manages the top-level .mil root domain.

This could be ordinary Domain Name service traffic. Who is your Internet Service Provider?

Some dope at the "Department of Defense" (HA!) probably got his workstation infected with all kinds of viruses, trojans and spyware that has taken over his computer and is probing around the internet. Happens alot. I get wierd e-mails and probes from all kinds of different networks.

I spent 2 days off and on trying to get some stuff off another computer in the house. My teenage daughter got a worm, a two or three viruses and a couple hundred different kind of spy-bots all wound up on it. That thing was living a life of it's own, it was just terrible

For a fright watch the AMY GOODMAN interview with ROBERT O’HARROW, author of "No Place To Hide."

http://www.democracynow.org/article.pl?sid=05/02/10/1545230

http://www.archive.org/download/dn2005-0210/dn2005-0210-1_64kb.mp3

http://play.rbn.com/?url=demnow/demnow/demand/2005/feb/video/dnB20050210a.rm&proto=rtsp&start=10:08

http://search.barnesandnoble.com/booksearch/isbnInquiry.asp?userid=mb72VNvAr8&sourceid=M000000269&isbn=0743254805&itm=1

there is nothing sinister going on here. The DoD and DNIC are responsible for maintaining communication on MILNET. As part of normal operations, their servers perform constant name service and communcations scans (among about a 100 other things). The DoD wasn't trying to LOOK INTO your computer...they have ZERO interest in you. This sort of thing happens all day every day all over the US and most of the world to literally millions and millions of systems.

So, do nothing...that would include not worrying yourself about something that means nothing...just sending this message was overreacting...

theProdigal

These threads always make me laugh. And they just keep coming.

Especially with dialup.... our IPs are changing all the time. It might be that someone in your area works for DoD and had a connection and lost it... and you picked up that IP when you dialed in.