OK, here's my story. This morning I got up and logged on to my computer as normal. The thing crashed right off the bat, so I ran the anti-spyware utility and dumped the spyware, then rebooted. Still had computer problems. So I started digging around. Went to a DOS box and ran netstat, and found an extra connection not related to the two web pages I was looking at - which happened to be the MSNBC story on Bush's poll numbers and Democratic Underground.

When I ran Netstat, I found a network connection for IP 80.67.81.143. So I did a reverse IP lookup from a handy internet web site, and tracked the IP address back to Akamai. So I did a search on Akamai and discovered they do a lot of web work for companies. So I look at the list of companies they have posted - neither MSNBC or DU is on it. However, the Department of Defense is on thier list of customers. Hmm.

http://www.akamai.com/en/html/about/customers.html

For the more paranoid among us - do you think the government is spying on folks at DU?

We are not dildo heads.

my mail has been coming in sporadically and out of sync. My phone bill and some other stuff I can't mention. I told the PO and they had no clue.

:evilgrin:

Come and get me, big boys! I have an opinion!

On edit to echo post #1:

FUCK YOU,BUSH! AND FUCK OFF ALL YOU UNPATRIOTIC ASSWIPES HELL BENT ON DESTROYING OUR CONSTITUTION AND NATION AS A WHOLE!

Here's my personal salute to you!

... that whoever is flipping the bird in this picture deserves lots of credit. For using the index and ring fingers to add the balls to the bird, as it is properly done.

Folks who just send up a straight middle finger have left off a most important component.

That would be me! :hi:


Guess I'm a natural :rofl:

destroying the planet as well :mad:

but I'm looking foward to others' answers. :popcorn:

Is there a quick way for us all to check for such "network connections?"

or putting your system on a router and going wireless.

As for having them read DU, of course they do. Look at how many casual posters here read Freak Republic. People are always curious about what their enemies are up to, generally with good reason.

attempts to access my computer!

In Windows:

Click on Start, Run, and type in the box "Command" without the quotes. Then click on OK. This will open the DOS box. At the DOS box you'll see C:\ whatever, and a blinking line. The blinking line is where you type.

Type in Netstat and hit return. It should come up with a list of a bunch of junk like:

Prot Local Address Foreign Address State

TCP Desktop:1346 80.67.81.143:80 Close_Wait

The Foreign Address is the IP address of the computer you're connected to, and the number after the colon is the port that's being used to connect - in this case, port 80, which is the standard port for web access. The above example is not what I actually pulled from my system - it's an example I put together to show you how it will look.

When you're done looking at your list of connections, you can close the DOS box by typing exit and pressing enter.

Then, take any suspicious IP addresses and go to a reverse lookup site like:

http://www.arin.net/whois/

Type in the IP address to do the search, and it should show you who the IP address belongs to.

Some of the IP addresses you'll see from your netstat will look weird but will be normal for surfing the web. Some of them might not be. But doing a reverse IP lookup can tell you more about the weird looking ones to help you decide if you should feel paranoid or not.

What is AOL doing there?

Isn't Reston where the NSA headquartes is? I have AOL IM running so that may be that connection.

DC and Baltimore.

AOL HQ is in Reston.

even though I have several browser windows open - is that good? Does it mean that my firewall is working well?

...they use one of the standard ports to do the dirty, like port 80 (used for web surfing). And there are always holes in firewalls that a really savvy computer type can get through...

It depends a lot on the specifics of your setup, but a firewall does offer you a lot more protection than not having one at all - especially if it sits on a router and not on your computer itself.

Am comitting that to paper so I can actually do it! ;)

It presumes that such net connections as described here are not normal activity when a Web browser renders a Web page. These connections are initiated by your browser to retrieve the necessary content and are in no way sinister or unusual.

The procedure you describe is accurate, but is not useful in this case. It's basically a waste of time unless one wants to find out more about the normal way the Internet works.

...you see is going to be from normal operations. What I did was provide the means to track the IP address back to the owner for anything you weren't sure about so you could check it out.

Again, please provide your proof that the Akamai connection (or any other) is proof that the government is NOT spying.

And perhaps you might give folks here a little data on how unauthorized accesses to a system (which is VERY common) are actually tracked back to the source? And how one might determine if the access is legit or not?

I only have specific ports open to my network which is behind a hardware firewall.

Port 80 is open to my Web server.
Port 22 is open to my SSH server.
Port 25 is open to my E-mail server.
and a couple of others.

All the rest of the ports stop at the firewall.

That means that when I do a netstat and see connections on ports other than these, the connection must have been initiated by my machine, and not from outside. For instance, I run NTP to keep my network's Real Time Clocks in sync with the world's time. That service initiates connections to port 123 of other machines on the Net to do this. My end of the connection will be some high numbered port and the other end will be port 123 of a time server out there.

If I wanted to, I could find the source of every single connection, but I don't have to. All I need to do is see that the port numbers are not those I have opened and I know that the connection originated at my end.

Web browsing is not a push protocol, it is a pull protocol. All the connections used by a Web browser are initiated from the client end, not the server end. Therefore, if you have extra network connections on high numbered ports it is because your Web browser has initiated them. Conceivably, if I close down all my client services (which I never do) I should see only see connections to those ports which I allow to pass through my firewall.

...is use existing open ports in your firewall to hack in and do whatever they want. For example, port 80 has been used to propagate viruses and unauthorized network connections. Heck, I forget the name of that horrific email virus that used port 80 to propagate and shut everything down...

Even shutting port 80 in the inbound direction doesn't completely protect you, since web pages can have unauthorized code embedded in them (viruses are a good example) which can come in port 80 in response to your accessing that web server.

And locally opened ports are NOT evidence that no unauthorized access has occurred, since a common hack is to hijack the machine itself to do whatever you want... Use a commonly used open port to download unauthorized code (or send infected email), and the system is theirs.

I might add that adware often works just fine when all ports are blocked except outbound port 80...

And don't even get me started on all the security flaws in Windows itself that let hackers have a field day...

Those open ports will be responded to by server software at my end. That server software logs its activity to my log files. If a hacker tries to get past the protections in the server software, I'll know about it. It'll be flagged in my log files and I'll be alerted to it.

The virus scenerio you portray is rubbish. Port 80 is not used at the client end. Port 80 is only at the server end. The Web browser uses high numbered ports to initiate connection to port 80 of the Web server, not the other way around. Also, the HTTP protocol is stateless; it simply cannot install viral code on its own. Nor can any code which runs on a Web client. In order to get viral code on a machine via the Web it takes a deliberate action on the part of the user.

Hacking into a machine is a very deliberate and damaging action. You are not really suggesting that the Gov't is doing such a thing, are you? First, it takes a lot more effort to do that when all they really have to do is monitor the traffic on my IP which they can do from anywhere in the world via "snoop" or some such thing. Plus, they'd have an awful hard time hacking my network undetected. My firewall is very secure, as are the machines behind it. And I know every piece of software running is as secure as possible because I do *not* run proprietary software on my machines. Plus I have software running on my machine that will detect any such outside interventions.

So, I *know* that all connections suggested in the OP are benign.

First of all, both the client and the server have to use the same port to establish a connection. Otherwise, no communication occurs.

http://grc.com/port_80.htm

Firewall configurations can vary. In many cases, even if you have inbound ports blocked, when the internal client accesses something on the web, the firewall automatically opens necessary outbound ports to allow the connection. People sometimes configure the firewall this way thinking that only inbound traffic causes the risk. There are also some applications, like certain network gaming and various instant messengers, that will only function in that type of configuration. The problem with this thinking is that once a system becomes infected through a variety of means, it gives the hacker open access to the network.

There are also a number of software flaws that create security risks to a network. Including flaws in the firewall itself. IMO, a government agent intent on spying would exploit these flaws in much the same way that a hacker does. They might even introduce the software flaws in order to give themselves a backdoor to systems of interest. Here's an example of the types of software flaws that can allow external users to gain access through a firewall:

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28377

And lest you think this is the only example, I clearly remember a recent problem with security flaws in Cisco IOS that allowed unauthorized access...

Then there are the software apps designed to redirect network traffic through the very limited ports allowed open in a firewall:

http://www.rugila.com/soxgate/

One thing to keep in mind about hackers. If a program can be written for legitimate purposes, one can be written to use that purpose for illegal access.

These are just a few examples of how limited open ports in a firewall might be exploited by the unscrupulous.

Secondly, if the government is spying, YES they are hacking. Do you think they buy off the shelf software to take a peek and only look at systems that are not behind a firewall? That wouldn't help them spy on Russia, China, or Al Qaeda, who I'm sure are smart enough to use firewalls. Folks like the CIA and NSA write their own stuff, and use it to do pretty much whatever they want. And IMO they would conceal what they're doing to make it appear innocent.

> First of all, both the client and the server have to use the same port to establish a
> connection. Otherwise, no communication occurs.

Rubbish!

Here's part of my current netstat:


My machine has a Web connection open on local port 48581 to DU port 80 (http).
So you do not know what you're talking about.

Somehow I wish that the gov't would go to the trouble of determining which hardware and software I run on my network so that they could hack into it. I hope that they would actually have to go to all that trouble. My configuration is unique. No other connected computer or network has my specific configuration. I run specific versions of specific software, all of which is custom compiled for the specific machines within my network. This includes everything I run, from servers to firewalls to Web browsers to... well basically everything I run on my computers is custom compiled for the specific machine on which it runs. If the gov't wants to waste its time trying to hack this network, let them try.

But they don't have to. All they have to do is read the data off my connection. The NSA is already doing this with Echelon. There is *NO* need for them to go to the trouble of finding a way to hack into my network since they can already easily tap my connections with existing tools. These tools do not require open ports, or hacking, or viruses. My network is secure, but the information that goes to and from it is not. That's a fact of life on the Net and it always has been a fact of life.

Those open ports are normal and non-sinister.

I've dealt with servers so much that it's all I think about anymore.

What occurs is this:

"However, as soon as you click a link on the site to go to a different page, your browser will pick a new port number for that next session. And if you are pointing to a web page with frames, or with some number of embedded graphics, or java applets, or whatever - your browser will open a separate network session for each and every one of those pieces. Each HTML file and each graphic is a separate file being downloaded to your PC. Every one of those downloads gets a separate session; each session requires a separate client-side port number.

Important - Every "session" on a TCP/IP network has four pieces of information that define it as a unique conversation:

Source IP address
Destination IP address
Source port number
Destination port number

In order for two packets to be considered part of the same "session" all four of the above items have to match. If any one of those items is different, the two packets are part of different sessions. Once a client application "finishes" using a port number and a particular session is closed, the port number is reserved for a short period of time, and then is returned to the "pool" of available port numbers.
This scheme, while confusing, has some strong advantages. For example, imagine a web page with a single HTML text file and 5 graphics. Downloading that "page" requires 6 TCP/IP sessions, and thus uses 6 client-side port numbers. Assume for a moment that a temporary problem on the Internet causes one of the graphics to fail to come in cleanly. Since these are all separate sessions, the page can still be displayed in the browser using the pieces that arrived safely."

http://www.camden411.com/tcpipfaq/ports.html

The ports selected by the client depend on how the software is written.

"But some of the newer applications available for use on the Internet are blurring the line between client and server. These are sometimes called "peer-to-peer" applications, and effectively operate as both client AND server. Examples include Napster (which allows for peer-to-peer file sharing) and just about any instant-messaging software you can name (AOL Instant Messenger, ICQ, etc.). These programs not only allow you to connect to someone else, but they also "listen" for incoming connections just like a server.

There are also an increasing number of games that can be operated in a "server" mode for multiplayer gaming. You can be a client connecting to someone else's game, or you can run your own game server allowing others to connect to you. For "normal" Internet connections, these distinctions may seem irrelevant, but when you begin looking at sharing an Internet connection they will assume more importance."

http://www.camden411.com/tcpipfaq/ports.html

This doesn't really address security implications. Code Red, for example:

"The "Code Red" worm attempts to connect to TCP port 80 on a randomly chosen host assuming that a web server will be found. Upon a successful connection to port 80, the attacking host sends a crafted HTTP GET request to the victim, attempting to exploit a buffer overflow in the Indexing Service described in CERT advisory CA-2001-13"

and

"If the exploit is successful, the worm begins executing on the victim host. In the earlier variant of the worm, victim hosts with a default language of English experienced the following defacement on all pages requested from the server:
HELLO! Welcome to http://www.worm.com! Hacked By Chinese!"

http://www.cert.org/advisories/CA-2001-19.html

Here's more on client side vulnerabilities:

"Security analysts say that the malicious code that has been infecting some Windows machines since Thursday morning was planted via an IIS (Internet Information Services) vulnerability on the Web servers that host some high-traffic sites.

The attack appears to affect only machines running Internet Explorer, and users do not have to click on any links or images in order for the code to download. The Trojan that's installed on compromised machines is a fairly simple one.

"A large number of web sites, some of them quite popular, were compromised earlier this week to distribute malicious code. The attacker uploaded a small file with javascript to infected web sites, and altered the web server configuration to append the script to all files served by the web server," Johannes Ullrich, a handler at the Internet Storm Center at The SANS Institute in Bethesda, Md., wrote in the ISC's online diary Friday.

Microsoft has issued a security alert on the attack, called Download.Ject. The company says that their MS04-011 update, issued in April, addresses vulnerability to the attack on the server end. The bulletin also says that systems running Release Candidate 2 of Windows XP Service Pack 2 are not vulnerable to the client-side attack, and that other systems can be protected from downloads of malicious code by having all current critical patches installed and running Internet Explorer with its security settings at "High.""

http://www.eweek.com/article2/0,1759,1617295,00.asp

http://ciac.llnl.gov/ciac/bulletins/k-021.shtml

You said:

"But they don't have to. All they have to do is read the data off my connection. The NSA is already doing this with Echelon. There is *NO* need for them to go to the trouble of finding a way to hack into my network since they can already easily tap my connections with existing tools."

Monitoring your internet traffic is not the same as knowing what files you have on your computer. For example, Al Qaeda uses a lot of computers to run their operations. I doubt these files are transmitted across the internet. If one of those computers were identified and is connected to the internet, and the government wanted to find out what else was on them without alerting the owner of the computer, they would have an incentive to hack in and take a peek, no? If they have the software to allow them to take a peek at what's on a terrorist's computer, why would they stop there?

that DU was hacked by a government agency and malicious code uploaded to DU's servers so that they would have the ability to see what is on our computers? Can you tell me what page(s) on DU created this connection so I can check it out for myself?

To be honest, I'm not sure exactly where on DU the connection is originating from. I'm assuming from the Discuss page, which is where the ads are that might be generating a legit connection...

If not there, then probably some testing needs to be done to see which pages generate the Akamai connection. If it's NOT on the Discuss page, then I'm not sure what the connection could be for since ads are the only thing that's been suggested that might explain it...

And no, I don't know that the government has loaded malicious code on DU servers that would in turn infect our computers. I only know that accessing DU is generating a connection to Akamai that shows up as an IP address with no DNS entry...

What it actually means could be benign or... :shrug:

If you're accessing DU, you should be able to check your connections and see if the Akamai IP is there.

...depending on your operating system of course, is the amount of time your OS holds on to "Active Connections".

I use Win XP Pro, and tested out how long my OS "hangs on to" these connections after I close my browser.

I started out with ZERO "active connections".
I then started netstat with 10 second intervals.
Then I opened up Internet Explorer and clicked on Google News.
I then immedietly closed down Internet Explorer, sat back, and watched.

What I found out is that it took about 2 minutes (120-140 sec) for all my connections to disappear.

Here is the copy/past of my session:


The other thing you'll want to make sure isn't happening is that you have any other legitimate processes running that might be accessing the internet.

I found this using what you said. I think this is the one that keeps opening windows, am using Firefox. It is a real problem but now that I found what it is, perhaps I can figure out how to get rid of it. Thanks.

Maybe someone here on the thread has a graphic hosted on their service? I dunno what GA would want with me...

But I wouldn't be so concerned about Akamai, I think the OP refered to. If I remember right, that Akamai sends ads, like pop-ups and stuff like that, plus I think they serve-up high traffic sites.

What would bother me, in the NSA context, would be a 'hidden' thread running rootkit and delivering information via a tunnel that wouldn't be listed in the 'netstat' command. The only thing the DOS Command line can report is programs running under the windoz kernal. Rootkit cannot even be seen, as to windoz it doesn't exist. Well, it can be seen, but not easily.

There was some uproar a ways back about Sony imbedding 'rootkit' with music CD's that had special anti-piracy software included. You can expect to get some junk by downloading free stuff, like bootlegged software and music, but from a company like Sony?

BTW, a hacker/crackers wetdream is to imbed 'rootkit' on a server because with rootkit installed, well they would 'own' the machine. Properly done, a rootkit hacked machine is impossible to detect, even by the adminstrators, except maybe by seeing lost machine time or unaccountable memory/disc usage.

Lucky for you you seem to know your way around a computer. :)

nt

the domestic USofA were spying on MLK more than the FBI was. Speaking truth to power, even for the military's own good, gets you into trouble.

William Pepper's book Orders To Kill documents the military domestic spying on MLK. Please be advised, things have gotten worse.

Total Surveillance
http://www.motherjones.com/interview/2005/12/albrecht.html ...

Couple this insidious technology with purposely erroneous background checks

Who is checking the background checkers?
http://www.csmonitor.com/2005/1128/p13s02-wmgn.html

They've offshored, outsourced, and privatized TIA. Now all they have to do is fire you for being 'of the wrong political party' and put false information in your background data...and voila ! You've just created the most insidious terror project in the US ever.

http://www.army.mil/cmh-pg/lineage/branches/mi/default.htm#Centers

The DSS, Defense Security Service, dss.mil, is the new name of the overall army intelligence operation that ran the MLK surveillance. The name was changed after the '70s investigations that revealed who/what they had done.

Also, see Ch 9 and the heading 'The U.S. Army Intelligence Command and the Home Front' at

http://www.army.mil/cmh-pg/books/Lineage/mi/ch9.htm

showing USAINTC and its domestic operations Garden Plot etc. along with MLK operations

"" To accomplish the tasking, the command had to initiate an extensive collection program against domestic targets. And by now, Army Intelligence elements other than USAINTC were also involved in the domestic intelligence field. In an independent effort, CONARC and several Zone of the interior armies had deployed counterintelligence personnel from their tactical units to engage in domestic collection operations and had compiled computer data bases on suspected potential troublemakers. The Army Security Agency had used its own assets on several occasions in 1967 and 1968 to monitor the demonstrators' citizen-band radios.

Even at the height of this type of activity, the bulk of USAINTC's resources remained committed to the traditional role of conducting background investigations. But the amount of activity devoted to domestic intelligence had a significance beyond its limited size. The perceived domestic crisis, coupled with Johnson administration demands for more and more information, led Army Intelligence into dangerous waters. Its activities crossed the traditional dividing line between the civilian and military in American life and overstepped the law, since neither the collection activities nor the civilian intelligence data bank of USAINTC had been authorized by statute.25 ""

The 'perceived domestic crisis' reminds me of the phony WMD crisis, and now just more pretexts for the kinds of Pentagon operations (say, Operation Northwoods for example) that can and will be foisted upon an unsuspecting public. Most nowadays don't know what their civil rights are or that dissent against usurpers of the Constitution goes against the military's own oaths. They don't give a damn. Remember that.

Like good Germans, they are all 'just following orders'. Oh, the best part of the Army's own history of MI is this little quote

"" What ended the Army's domestic intelligence program, however, was not doubts, but public exposure. In early 1970 the American Civil Liberties Union sued the Army and the U.S. Army Intelligence Command for "spying on civil-

157

ians."27 The subsequent publicity, accompanied by recriminations from politicians and journalists, led not only to the end of this particular program, but ultimately to the end of USAINTC itself. The whole Army Intelligence community had suffered a major setback. ""

History is repeating itself here DUers. Make no mistake, the truth will come out and when it does...

They have agents browsing all those subversives sites.Fuck you agent Mike!

losing support even of the dipshits who voted for you cuz they thought you were the kind of guy they could sit down and have a beer with (I think a line and a shot of Jack would be closer to his preferences), and people are starting to use the word impeachment, then the odds are damn likely that they're surfing the web spying on everyone, especially us. This is a huge website with thousands and thousands of members. I think that this place would be one where they'd spend a lot of time reading posts and tracking down the identities of the authors.

Our government don't have time to track any real terrorists because they spend their time tracking Quakers and democrats and probably even most republicans too! Besides, if the terrorists hit America again, it will be another trifecta for the neocons.

them awake nights. Because we're all wise to the fact that they were warned about terrorists using planes to attack a major American landmark. And the points they are getting at all are from the delusional crowd who thinks that bush** is 'tough on terror, keeping Murica safe'. Another attack and they won't even have that.

I think they will do about anything to keep control of all three branches of the federal government.

http://www.foiarequest.org/

(This is from People For the American Way: http://www.pfaw.org/pfaw/general/default.aspx?oid=113)

You'll be lucky to get anything but you WILL have a piece of paper to show a judge (hopefully not a Republican).

Good idea. :)

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=132&topic_id=2503075

Ptech (now GoAgile). The Republicans don't want ANYBODY discussing this little tidbit.

My ISP blocks inbound on port 80.

several times awhile back. I guess they're more concerned about our anti-Bush slogans than important matters like, oh, protecting the country from terrorists!

Hear that, Agent Mike?

I'm about as much of a threat as a packet of corn flakes with fresh milk poured over the top. With some banana slices and a sprinkle of sugar.

And just like those corn flakes, I remain tasty in milk too! :woohoo:


:hi:

:9

And I frankly have long believed that they watch DU and anyone who either a) donated to the Dem party, Howard Dean & Kerry; b) anyone who belongs to CodePink, Greenpeace,ACLU, etc or any group that dares to challenge or critique this administration; c) liberal/progressive bloggers etc; d) Anyone who writes/authors LTTE in publications criticizing Bush or the war; e) Anyone who has marched on Washington or protested outside the White House or marched/protested publicly against the War on Iraq.

So I know and assume I have been "profiled" in some TIA database because I am in each of those categories...I also plan to continue to speak out and yell from my rooftop if I have to....I'll never be silent speaking the truth and pointing out their lies and corruption...

:hi:

Damn, thought it was me? :hi:

"Death has a tendency to encourage a depressing view of war."--Donald Rumsfeld

Get that optimistic view of death, c'mon now people !

but hey, what can I say?

Legalities don't rate very high these days. We are probably a national security risk by opposing the administrations viewpoint. You're either with them or against them.

Hi, Agent Mike!

We're much more entertaining than the Quakers, don'tcha think? I mean heck, they haven't even got a Lounge to hang out in.

He's our regular CIA/NSA stooge.

But you didn't hear that from me :hide:

My friend has found the DOD in her computer...in tracing emails, she was having trouble. I was "kicked" off AOL for the rest of my life...and I have been feeding a big group in FLA the news since the 04 election.

Election fraud whistleblower Clint Curtis wrote to say he was running for Congress against Tom Feeney, and asked if I would help. I wrote back and said "you bet" and bam.....I was down. They will not give me my files or addresses, nothing. I was on the white list, and "fell off". They did not know why I fell off the bulk email white list. So they put me back on. Only, the request was denied they put in...and the never told me...so I was in violation. But they never sent me a notice of denial,,,I have been told.

I have recovered...and I am communicating on a much better service. But I know they are watching DU....they are watching me. In todays St. Petersburg Times...the DOD was spying on the anti war group. This is what we have. And they are trying to scrub google.

We have studied the bush's here like no other group. The election theft research went all the way back to Iran Contra....and all the way to Johnny Gosch...and all the Bush psyops...Franklin Cover Up....they of course are watching us...and how far our reach will go.

:hi:

FUCK YOU!

so it could have been coming from ads displayed on MSNBC...

edit to add this article: http://www.washingtonpost.com/wp-dyn/articles/A59806-2004Sep29.html

...until you click on an ad. Otherwise, their server is blown from too many connections and the server network gets clogged from retry attempts. If the connection is from ad feeds when you access a page, they better watch that too because it can make the web page go offline if the ad server gets hosed from too many connections. Not a very good ad service if the server goes down every 2 minutes.

Edit to add: After reading the link in your edited post, I actually feel a bit worse. Yes, Akamai might be monitoring traffic to MSNBC looking for hackers. But they're also in a prime position to spy if that's part of their contract with the Department of Homeland Security. The question is - which are they doing in this case?

:scared:

Odd that one of the Akamai guys was killed on flight 11 on 9/11. Government intimidation to play ball?

:scared:

...from their servers without establishing a connection?

You're simply being paranoid. I'm sure the feds read DU and probably consider it a "terrorist organization" just like Greenpeace, but they're not spying on us through open sockets.

take all their little data banks and bamboozles and put them where the sun doesn't shine.

......you go about all this?? What web sites, what parts of the computer is used, etc?? I'd like to learn all this myself but don't know how to go about it.

Thanks for any help you can offer.:loveya:

I gave some step-by-step instructions on how to check your connections for suspicious IP addresses.

I'm sure I'm not important enough to spy on, but I tried your tips anyway. When I checked the IP connections, one came up as RIPE Network Coordination Centre. I had closed any webpage windows before doing this - so it was just my Internet server & this IP address. Then I went to the RIPE web site & saw that you can search to identify a RIPE IP address. So, I entered this IP Address into the database query box - it popped up as Akamai Technologies. What does this mean? Maybe I shouldn't try this - I don't know what I'm doing & could really misinterpret the results.

Perhaps one of the DU ads are persisting to track subsequent web page access, or DU is using Akamai to manage traffic... I don't know at this point. That's why I posted what I found here.

It just disturbs me to find that Akamai also has big government contracts...

That seems more likely to me. Akamai specializes in streamlining web traffic, right? I'll think I'll put my tin-foil hat away on this one. Maybe someone who knows about this technology can tell us how it works.

ETA: Oops, it's gone. Now I've got the Army Information Systems Command-Pentagon. OK, It's time for me to stop messing with this.

(That is, if you consider banner ads to be normal.)

Banner ads on a host page are only links to the banner which then must be loaded through the banner ad supplier's site. When you establish a connection to MSNBC's page, that page draws in the banner from the banner supplier's site which must come through another net connection.

I see nothing sinister about this.

Akamai is a huge supplier of ads on Web pages.

Relax, this has *nothing* to do with gov't spying.

If somebody wanted to spy on you, they wouldn't establish a hard connection, they'd just "snoop" your IP address.

snoop man page

I just double checked - no ads.

:shrug:

You're wrong. I see "United Negro College Fund"

...OS, etc. as to whether or not the ads run... And I don't even want to think about what cookies they're snooping to target their ads to specific demographics.

You have to understand how the WWW and the Internet works. The spying scenerios being portrayed here are rubbish.

Stop worrying about this. Trust me. If the gov't wanted to spy on you it wouldn't do so by establishing a network link to your connection, they would simply "snoop" you and capture everything.

The links like the OP is describing are a normal occurrance on the WWW. There is absolutely nothing sinister about them.

...a network administrator for major corporations. And handled firewalls.

Yes, you would think the government would be smart enough to spy by using undetectable means - probably by inserting code in innocuous software a la the events in Greece where government officials had their cell phones tapped.

However, given the Bush Administration and DHS incompetence... One wonders.

And since you're so convinced that this event was NOT spying, would you care to offer up your proof?

If you want to believe that a completely normal activity is sinister, go ahead and do so.

As a network administrator you must acknowledge that the establishment of multiple Net connections is normal when browsing a Web page with sources from multiple IP addresses. You must also know that such connections have persistence and live past their useful need, until the connection in the link layer times out.

It's called Occam's razor pal. If there is a simple explanation for something, that explanation is preferred to a complex one. Since these extra links are explanable as every day and normal occurences, there is no need to start trotting out ridiculous sinister plots to explain them.

IP connections are a normal occurence on the Internet. Get over it.

Bush has proven that in his Administration Occzam's Razor isn't worth toast. A better rule for him is think the worst, always.

Yes, it could be a perfectly normal occurance. Or, given the government propensity for spying, it could be something sinister. We don't know. But information and sunshine help, either way.

Tell me, if you were a government spy, wouldn't you use normal Internet activity patterns as a screen for your spying?

I know that these extra connections were initiated from my end. How? I have a firewall which only allows outside connections to specific ports. If there are any other connections they must have originated at my end, e.g., the Web browser.

Occam's Razor is a principle of science that has proved essential to the scientific method for hundreds of years. Are you really saying that mankind should reject major tenets of the scientific method simply because some asshole is in the White House? Does an asshole in the White House really nullify the validity of a methodology that has proved to be useful for determining the truth behind the facts for centuries?

If you want to believe that these connections are sinister, go ahead. I won't stop you. But please don't do so without stating that these extraneous connections also have a completely normal and non-sinister explanation.

There was a time when Occzam's Razor said that Bush couldn't have stolen the election, couldn't be spying on Americans, couldn't have falsified data to get us involved in Iraq, couldn't have leaked the name of a WMD CIA agent...

Occzam's Razor is only as good as the data you base it on. That's the whole purpose of disinformation.

You're talking a completely different thing here. I thought the discussion was these extra open ports. Now you've erected a straw man.

Myself, I *know* that I do not have viral code on my machines and I still get these extraneous connections. I get them because they are a normal Web mechanism.

How do I know I have no viruses? Simple, viral code cannot live in my computing environment since 100% of viral code runs only on Windows. Since I do not run Microsoft software on my network, I am 99 and 44/100% sure that I'm safe from viruses. Plus, I do not do stupid things like installing unknown code on my machine.

Plus, Web protocol is stateless; it cannot install code. Any Web activity cannot change the state of the client machine other than in the browser environment (which is just a rendering engine). This precludes the installation of viral code via HTTP without a deliberate action by the user.

It resided on servers, and downloaded to clients when they accessed the server.

Dude, you're completely wrong if you think viruses only infect Windows. There are viruses in Unix and OS X. I read an article the other day that said hackers and viruses could access RFID chips. Any computer can be attacked by viruses and hackers - all it needs is some whack out to exploit a vulnerability.

Web protocol is irrelevant. What's relevant is which ports are open to be utilized for a hack. Adware uses commonly open ports to download their crap, and a firewall isn't 100% protection.

If you think nothing can download to your client when you access a web page, research cgi scripting and java script.

"Browsers that support the <APPLET> tag (Netscape Navigator 2.0, Microsoft Internet Explorer 3.0 and Sun's HotJava), download the compiled Java applications and execute them."

http://www.w3.org/Security/Faq/index.html#contents

An example:

"A bug in the JavaScript implementation in Netscape Communicator 4.5 and 4.04-4.05 allows a Web page to read arbitrary files from the user's machine and transmitted across the Internet. Any file that can be read with the user's permissions is vulnerable, including the system password file. The bug affects both Windows and Unix versions of Communicator. Any HTML page can carry this exploit, including ones that are transmitted as an e-mail enclosure. Internet Explorer has not been reported to be vulnerable."

This particular bug has probably already been fixed, but I have no doubt there are plenty more out there.

http://hoohoo.ncsa.uiuc.edu/cgi/intro.html

http://www.cgisecurity.com/papers/fingerprint-port80.txt

I use CGI all the time. But the CGI code on my Web server is written securely. JavaScript is purposefully stateless. Yes, there are exploits, but administrators try to keep things up-to-date and these are plugged, hopefully quickly. That's why I run only peer-reviewed, open source software on my machines. Exploits are patched quickly.

Plus, there's the issue that the Javascript exploits expose the server end, not the client end. And yes, there are also exploits on the client end. Anybody who uses Microsoft IE is crazy because it has so many unpatched exploits. That's why I use Firefox which at least gets patched in a timely manner.

If somebody wants to hack my port 80, all they will get is my Apache Web server. It is the only thing which answers on port 80. Web browsers do not answer port 80 since that port is reserved for Web *servers*. Web browsers connect *to* port 80, not the other way around.

Exploits happen, but the government that wants to take the trouble to find exploits for all the particular connected machines is foolish when they can just sit on the line and read whatever comes across it.

Have you heard of Echelon? The NSA is this very minute reading a vast proportion of Net traffic including possibly this very post. And they don't need to open any ports, hack any machines, or try to install viral code on my Linux boxes to do it.

Information that goes across the Internet is *not* secure. It has *never* been secure and it never will be secure. Once one knows that, one can relax and not worry about governments making individual connections to individual machines because they already have the tools to read everything we do here without going to that trouble. So sleep soundly and resign yourself to the fact that these extra connections are almost certainly normal Web traffic.

"Exploits happen, but the government that wants to take the trouble to find exploits for all the particular connected machines is foolish when they can just sit on the line and read whatever comes across it."

OK, if I'm Al Qaeda, and I've got Bin Laden's phone book sitting on my computer, how are you going to know that by examining my web traffic? Oh, you might see me visit that web site www.alqaedarus.org where I downloaded free bomb making instructions, but it doesn't give you access to Bin Laden's phone book. For that, you need to take a look at the files on my computer.

Same thing for all the really juicy docs on a Chinese government computer, Putin's computer, etc.

You don't think the government has tried to figure out how to open holes so they can take a look see on a local hard drive and network?

I work hard to make my network as secure as any. You know that NSA has certified hardened Linux as secure. Well, my network might not be hardened, but I do a very good job of keeping up with the CERT advisories and normally take action within a day or two of any major exploit. Don't forget that there is a statefull firewall between my network and the Net. So I mostly have to maintain the software on that machine, plus the services it lets through to the specific servers within my network. The rest, the client software and stuff like that, I don't have to worry as much about because the protocols only allow certain actions.

For instance, HTTP is a stateless protocol, so my Web browsers are safe because they're behind the firewall and no connection from the outside can get to the client unless it was initiated by the client. My e-mail server is secure. OpenSSH is secure. That's about the only way an outside connection can be initiated that will get through the firewall.

The extent to which my firewall is secure is the extent to which my network is secure. But a router/firewall is a very simple thing which only needs to run an IP stack and IPTABLES kernel modules. The rest can be stripped out of the system. There's not much that can go wrong to allow exploits. The only exploits are possible misconfigurations, which in my case are unlikely because I have a fairly simple network. That's why I can trust my firewall and that's why if the government wants to hack my machine, let them try. It would be an incredible waste of resources to gain something totally useless to them.

I would use ECHELON and scoop up everything, and/or break into your house/business and steal the computers.

OK, I'm just paranoid. I saw that lonely IP addy with no home and started wondering....

We should, all of us, learn how to maintain our computer privacy. I just don't worry about the NSA trying to hack my computer because I know they can get anything they want on me without doing that. I do, however, worry about people trying to steal my credit card account numbers, SSN, etc.

Firewalls are necessary. ;)

Personal info is what's important to protect. I don't give a damn about Echelon (in that I really can't do anything about it other than voting progressive). But I do worry about jerks hacking my network. That's why I take such pains to protect it. A hardware firewall is essential. I may even have a honeypot or two floating around, innocuous temptations for hackers to play with. I won't say more about that, though.

I'm not saying my net is impervious. But a hacker had better get on the hump quickly when an exploit is exposed, because it's gonna get patched on my end pretty damned fast.

to avoid getting it on in the first place, for someone really knowledgeable in Windows/net security.

It's already been recently reported that the gov't has, with the cooperation of the telcos, been picking up traffic at the pipes that carry the traffic (which is what many of us had said for years is what they could/would do). There are other methods of course. But you've found precisely nothing extraordinary.

If you're going to promulgate such FUD, and not listen to folks who clearly have a greater grasp of the subject than you, it might be better not to cite your "credentials."

...computer break because I'm too lazy to put my network back together to prevent it. I don't have anything critical on my system, and I know how to fix it if it crashes. So if I get adware and malware, no biggie. Wipe and reinstall in worst case scenario only takes about an hour.

The irony here is that I have a router with a firewall that's currently sitting in a box, as well as a couple of servers - one with a proxy - that I haven't bothered to put on the network. I have software that I could use to upgrade my system and make it more secure. And on and on. I used to have everything set up all pretty, but then I moved a couple of years ago and got lazy...

What you do with your home network isn't necessarily an indicator of what you know about networks. Sometimes it's just an indicator that you'll get around to household tasks when you're feeling ambitious, which might be in a year or two. Or never. LOL!

;)

:kick:

Long Beach. I have kerry stickers on my window, I parked next to my friend, who has Navy Vet stickers and Kerry stickers.

When we came out of the speech (I were one of the last ones because we were recruiting for Kerry volunteers), we found these people taking pictures and video of our cars and the license plates. When we asked what they were doing, they snapped our pics and took video of us. I waved and smiled and said "Hi King George." My friend was in hock. They then took off in an unmarked van with exemption plates.

Mr. kt and I have been photographed and had video taken of us at a number of protests. We always wave and say "Hi King George." We aren't organizers of the protests- we just go. I'm not afraid. All I've done is exercise my first Amendment Rights. I'm not committing a crime or a misdemeanor.

We thought about doing a FOIA, but then realized that our egos wouldn't be able to take it if we found out they weren't watching us. I mean, we work so hard to piss off the radical right. The very least they could do I keep a little measly file on us! :evilgrin:

I know the guy who designed their networking.

What they do is speed up internet access for companies with lots of pages to distribute (such as Microsoft). They are located near MIT in Cambridge, MA.

You may have some undetected virus or something, but don't blame that on Akamai.

...Security and DoD?

http://www.washingtonpost.com/wp-dyn/articles/A59806-2004Sep29_2.html

If they're involved in Internet security - which it appears from the WP article they are - they have a lot more going on with their network then just traffic routing.

Perhaps your pal who designed the network signed a non-disclosure agreement not to talk about the DHS/DoD stuff?

The images and links from banner ads come from other sites separate from the host site. In order to display the image and provide the linking code your browser must establish a separate link.

This is not spying!. It is a completely normal mechanism for display of material on the World Wide Web.

Is anyone else getting a Akamai connection in netstat when they view MSNBC (with the DU window closed)?

what'ya suppose it means?

That's just how the WWW works. Web pages have to establish connections to display the various things from the various sources referenced on a particular page. The more material referenced from diverse sources on a page, the more connections your browser must make in order to render the page.

Again. This is completely normal activity and in no way implies somebody spying on you.

Furthermore, IP connections have persistence. You can close down a Web page and the connection will remain intact for a short period until it times out. Therefore, at any time when you are browsing it is likely that you will have a variety of net connections still active from the rendering of previous pages. That's just the way Web servers work.

as longship about this scenario.

...through a firewall on any given day. And ask him how he tracks them back to their source to find out who they are. And ask him how many times those unauthorized accesses come from corporate computers...

I do, however, see many many attempts to access various ports from lots of sources - corporate and otherwise.

Otherwise hackers wouldn't get into the DoD computers, and Microsoft too... Didn't someone hack into Microsoft a while back and steal their source code and post it online or something? I can't remember the details.

Yes, web pages will have links all over the place. I suppose Skinner, Elad, or one of the other Admins can tell us if their ads are with companies using Akamai. And given the fact that the DU web page I was on was General Discussion, where there are no ads... Well, I'm scratching my head. Somehow I doubt the ad links drill down to sub pages on a web site and persist for unknown lengths of time. Generally banner ad links are of very short duration - they have to be to keep the servers from being overloaded by connection traffic.

But I'm more than willing to listen to your technical proof for your assertion that the Akamai connection was "normal" operation for DU web pages...

You are so willing to believe that there's gov't spying that you now think that completely normal activity is sinister. The thinking in this thread is based on ignorance of the way things work.

I'm trying to educate people here. You people are over-reacting here and turning this into yet another easily falsified conspiracy theory.

Damnit. Web browsers need to make multiple connections to render pages. That's just the way it is.

...Akamai connection, which showed up as an IP address without a name? It was the nameless connection that made me suspicious, since most companies - ISPs, web sites, even banner ad sites - have their name attached to the IP addresses they use. Any reason why Akamai isn't updating DNS with that info?

Heck, I don't know. Maybe DU uses Akamai to manage their traffic so web sites don't get overloaded when something big happens in the political world. But nameless IP addresses look suspicious to me, and anyone who doesn't put their name on what they're doing on the Internet gets the burden of proof in my book. It doesn't make me feel any better to know that Akamai has deep connections with the government.

So you lean toward seeing everything as innocent - you have that right, and I (being paranoid of Bush after watching the destruction of our Constitutional protections) lean toward suspicion - as is my right.

If they're not doing anything funny, they should own up and update the DNS.

Not all IP addresses have entries in the DNS data base. Some are just IP addresses without a named domain. This happens when a large server operation has a single domain name that distributes load to one or more servers.

My network does a similar thing. I do not have a server farm. But my Web server is on one machine. My DNS server is on another machine. My e-mail server is on a third machine. I also have services for NTP, and a variety of other things. Yet I only have one domain name registered.

When a connection comes in on my main IP address, the router automatically directs that activity to the specific IP address of the machine that handles that service. These machines have machine names, but the names are unknown to the outside world because my DNS entry does not contain entries for those machines. However, the router still routes the traffic to the IP. Any traceroute to those IP addresses would never resolve to a named domain but the router which is named knows where and how to direct the traffic to the proper IP without a name.

So intuiting anything sinister by the fact that there is no resolved domain is just plain wrong.

...who accesses my system. If they don't have a name for their IP, I'm going to wonder what they're doing.

And just FYI, in general what will be done on a network with your scenario is that the IP for your news server will have the dns name news.domainname.com, your email server will have the dns name email.domainname.com and your web server will be www.domainname.com, etc. Most major companies register all their web presence servers in DNS. Many of their clients are also registered. The reason why each system tends to be registered in DNS is that most people running clients are lazy and want to use real world names to access stuff instead of IP addresses. It's a lot easier to remember ftp.democraticunderground.com than something like 12.25.236.10. It's also a sign of professionalism for web servers.

In addition, in general IP networking, connecting peer-to-peer or client-server is a lot easier when you can browse for a specific machine name rather than trying to remember what IP address you put xyz file on. In some companies, they run both an internal and external DNS that don't synchronize to allow internal clients to resolve name to IPs that are not propagated to the broader network (including the Internet).

When a security breach does occur, it usually comes from a client IP (which can sometimes be registered in DNS as something like client143.domainname.com). And when I'm watching a network, nameless IP address accesses are a red flag for security breaches.

Your scenerio (news.domain.com, ftp.domain.com, etc.) is correct. But that machine may only be a portal machine which distributes the connection to either a specific machine or a collection of machines which share the load. In fact, the news., ftp., www., machines may be all the same machine. That's how my network is set up.

The reason why this is done this way is because it much, much easier to change the router configuration than the DNS configuration. When one changes DNS it takes sometimes hours for the change to propogate throughout the global DNS system and that means that a substantive change to DNS could render services unreachable until all the local DNS caches are updated. That's just a DNS fact of life. So administrators like me don't like to change DNS. Instead, they provide virtual machines within the DNS which can then be redirected to real machines by the routing process which can be changed locally, easily, and with no lag.

Plus, administrators do not like the global Net world knowing everything about their internal network architectures. I have two DNS regions. One is entirely local. No outside computer has access to that. It is only used to assist routing of traffic within my local network. The machine names and how they are connected are completely unknown outside my local net. The other DNS is connected to the Internet's DNS hosts by way of my Domain Name registration record as the authoritarian source for my domain. But that DNS only knows about specific virtual domains which I choose to set up. Some are names which never appear in my local DNS but are connected "virtually".

These kind of scenerios are common because they make the administration of networks easier. Sorry that you don't like them. But that's the way things work. ;-)

But in the scenario you describe, your DNS server would show up on the client with the proper DNS info, not as a blank IP address with no home.

That's how I got all interested in my connections. I don't like IP connections with no explanation. If I'd looked and seen Akamai, I probably wouldn't have thought another thing about it. It's the mystery that got me thinking - hey, what's up with that? In general, you don't see corporate servers that have no DNS entries. You do see a lot of hackers using nameless IPs, though.

You still refuse to understand how web pages and Akamai work, despite all the amazingly patient explanations that longship provides. Akamai basically acts as a proxy for high-traffic websites. You may think that the web page you are loading is coming directly from x.com, but if the x.com people found their traffic to be quite high and decided to utilize Akamai's service to oofload the demand, then that would explain why your system reports a connection to an Akamai server, not just to x.com. Many companies do this, not just the ones that pass your purity-meter(tm).

I have no idea if DU utlises Akamai and I wish the admins would step in here and clarify this just to shut you up. By the way, if you are reading this, your computer has probably detected a connection to serve.dynasig.net. It's the image in my signature and nothing to do with DU, you ignoramus.

As others have tried to point out to you, if the U.S. Government really found you to be worth their time (and I truly doubt this as you are about to fall below even my threshhold) they have much less intrusive ways of monitoring you. They don't even have to activate the chips implanted in your fillings by ex-soviet dentists.

You are being disturbingly paranoid and alarmist. You are claiming things that are not true. You are getting people that know even less about the internet than you (hard as it may seem to me) unnecessarily upset.

Please stop it.

Some routes just aren't resolvable by traceroute. I'm not entirely sure why.

You might want to try "dig" and see what it will tell you. "dig" is a utility that has replaced "nslookup" to resolve DNS issues. It will enable you to look at the actual DNS entries for any domain. It's kind of cool.

Just google "dig dns" and you'll probably find it.

If you're running Windows you might want to install CygWin, which is a full Linux BASH shell which runs under Windows. It has all the command line tools, compilers and stuff from Linux but runs under the XP environment. This is a very cool way to play around with real Unix without removing Windows. It really works, too.

You people are over-reacting here and turning this into yet another easily falsified conspiracy theory.

Makes you wonder why someone would want to do that, huh?

something about the people they spy for. I'm sure everyone else who thinks we are dangerous liberals are spying too.

DU would be a happy hunting ground for any organization wanting data on Bush-hatin' terrorist-sympathizin' traitors like us, now wouldn't it.
Everybody wave hello to the nice NSA agents! :evilgrin:

what we're discussing!

to find out MORE information, about Project X! Why wouldn't they want to know?

The black roots are intertwined in the golden aspen patch in sektor v, repeat sektor v...it makes the faint hearted rooster crow at dawn in the following 7...repeat 7...sektors...b, f, m, l, r, y and z...this is not a drill...repeat not a drill! * That is all...................

How do I rid them?

...connections rather than selectively stopping specific connections. Plus it avoids the network killer of dropping the wrong connections and dumping you off what you're trying to access.

If you're worried, try a firewall.

Me - let the government spy until we can put the legal kabosh on them. More evidence for prosecution, I say, since I'm doing nothing wrong. But I'll be darned if I'll look the other way if I find anything that looks suspicious - I'll glare the light of day on it all...

companies over the past five years. I currently work at a computer learning center, so I'll get one of the tech instructors to show me how to do this.

I looked up some of the other unknown IPs in whosit and found that most of them seem to be college and universities - so they probably were from ads viewed on news pages or something.

My only concern is that my ex husband is an illegal alien (the government knows this - they're trying to straighten out all the particulars in immigration court right now - work permit, legal standing and stuff), but I don't want it to effect my child in any way.

Anything else I do - the political crap - I don't care if they spy on me.

Thanks for the tip on this. :hi:

In regards to your question-no doubt about IT.

It's the BFEE. They have already lost.

In the global struggle to preserve freedom, there is no enemy more insidious than, um, well, freedom.

But don't you see? We HAVE to destroy freedom to save it from the evil dewars.

We HAVE to! Besides, if you didn't have something to hide, you wouldn't need freedom.

I did the netstat thing, and got the same akamai results

I read the bit where this is just the way the the net works, and is normal and all

I've read the responses to that

And then it hit me.....

If somebody wanted to spy on what was happening at DU, there's no need to go poking around in sinister ways.

They would simply get a screen name, log on and look around. No cloak and dagger required.

...who we are and the other places we're going on the internet. Nor does it potentially download unknown software to our computers to allow a more in depth look see...

OK, some of what I've talked about is really paranoid computer security stuff that probably doesn't apply here. But it could. That's the real point, I think. Keeping an eye on things is always good practice.

A utility called "snoop" can copy any and all Net activity off of any Net connection from anywhere in the world.

If the gov't wants to spy on people, they only need to sit on your connection and read it. The NSA does this anyway with Echelon. So, there's no need to do anything so invasive as viral code, hacking, or opening ports to individual machines.

On top of everything, there is a perfectly normal explanation for these extra connections. Suggesting that they are sinister is stupid.

I acknowledge that ChimpCo is evil. But the chance that this is spying is so close to zero that it doesn't warrant discussion.

...stored on your computer. Which could be bomb plans and lists of Al Qaeda members - who knows. That's why the government likes illegal snooping that goes beyond network sniffing.

WRT the connections - it's the nameless IP I don't like. That starts me wondering what's up...

Fear what we have to fear.

What are you trying to do, kill this thread? :P

First this morning and then again now. Crashed 3 times trying to read this thread. Seems ok now (?) so far. What is "running the spyware utility and dumping the spyware?" Sorry to be so 'puter dumb.

...computer that does stuff like track where you go on the internet and report it back to the source. What makes it REALLY bad is that it's usually not well written and can cause your computer to crash and other nastiness.

The type of spyware removal tool you need depends on what OS you're running. Since I'm a lazy computer geek who neglects my home computer, I have Windows 98 because I've been too lazy to reupgrade after I reinstalled from my cab files because I was too lazy to hunt for my CDs which are still packed away from moving more than two years ago. LOL!

I use an application called Ad-aware. You can do a search on Yahoo or Google on Ad-aware and download a free copy. Then once you've installed it, update it so it gets the most recent data files, then run it to find (most of) the spyware on your computer and get rid of it.

If your computer is crashing every time you go online, chances are you have spyware on your system that needs removal. Or a virus. Or...

:shrug:

a few of years ago I would occasionally have the entirety of DU disappear from the screen. "poof!" 4-7 times a month, for almost two years. While I may be mistaken, I don't recall that happening while visiting any other site. I was on dial-up.

The difference from the "disappearance of DU" was when the connection would be lost normally--and while on a variety of sites--the computer would make a rolling sound and windows would close one at a time, and the provider's sign-on page would still remain.

Well, I was away from home and using another's computer, and after signing on to DU, the same disappearing act happened on THEIR computer. They had wireless.

When I asked them if they ever had such an occurrence while online, the answer was no.

I don't know if that means anything.

We can be fairly certain that we're being monitored. We are a peace group, and we already know that they are into infiltrating and monitoring the horrors that arise from working for peace. :eyes:

I still hold that they actually use taxpayer money to have people sign up to different internet groups and fuck around all day.

To BushCo, AMERICANS are the enemy of all they hope to achieve.

I know because I've seen their traffic at my site, after they've come in through DU links.

SOMEONE from IRS Headquarters in Washington, DC, and

SOMEONE from NSA Headquarters at Ft. Meade, and

SOMEONE from SAC Headquarters at Offutt, Nebraska

There can be no doubt whatsoever that agents of government are coming to DU using government assets and resources, on government time, while on government payroll.

There can be no doubt that the Bush executive branch is using the military, the FBI, and the NSA to spy and monitor Americans who disagree with the president's policies.

As for hacking into individual computers, they don't have to do that. They can access everything you do online without ever getting into your computer. HOWEVER, there is definitely the possibility that Freeper types operating on their own could try to hack a DU computer, but that would likely take the form of (1) feigning friendship, and (2) planting a trojan through such feigned friendship.

There are not enough government spies available, to spy on half of America.

Now if you want to talk about Bush's illegal domestic spying program, that's different. I'll bet dollars to donuts that they've been spying on domestic political enemies... for example the Kerry camp during the 2004 presidential election.

We know they've spied on an average of 500 Americans a day for 4.5 years.

Do the math. That's approaching one million Americans, and certainly would include most of the activists.

If you have a site that is political and opposing the president, someone from the government is going to check it out, and if you're a member of DU and you have traffic come to that site through DU, you will see them visiting your site through DU.

I forget the guy's name who owns/operates the Let's Roll 9/11 site, but I recall over the past few years how he'd post these long lists revealing where "hits" were coming from - an astounding number from gov sources and the pentagon. Sounds as though he's been messed with and intimidated quite a bit, along with numerous people who've been outspoken. It's no coinky-dink that a lot of anti-empire, anti-Bushco folks have "accidentally" found themselves placed on the no-fly list.

Sometimes i run a free utility called GeekTool... it shows me... i don't know, i guess it's not code, maybe processes?. But when i'm on DU, i often get this repeating string:

Anonymous function hack: eating identifier add
Anonymous function hack: eating identifier getData
Anonymous function hack: eating identifier getKeys
Anonymous function hack: eating identifier hvDat
Anonymous function hack: eating identifier nm_pre
Anonymous function hack: eating identifier nm_nex

and it repeats...

I do have a firewall and it is engaged... i often have a few tabbed web windows open (always the solar bus, almost always DU, sometimes another)

i get a similar string of epithets whenever i visit eBay... no apparent effect on my system.

I should mention, i am not wireless and am using a broadband connection.

Any thoughts?

... I did a 'netstat' and found a couple interesting entries. The first was a connection to akamaitechnologies.net on port 1491. I poked around Task Manager for a bit and started killing off applications one at a time, including ZoneAlarm.

That didn't work, so I perused the processes listed in Task Manager and stumbled on a likely cuplrit, the QBDAgent, a "daemon" run by QuickBooks, probably to check for updates and other nefarious deeds. I killed it and the connection dissapeared.

The other was to an IP address - it turned out to be Google. I'm not sure who was talking to Google, since all my browsers were dead by then.

Fact is, if there was a program running on your box collecting and disseminating info about you, you can bet the author of said program would not be stupid enough to leave an IP connection open 24/7 :)

And they have foosball tables in the lounge. But anyway, how do you figure 80.67.whatever is an akamai ip? It seems to be in Amsterdam: http://www.zoneedit.com/lookup.html?ipaddress=80.67.81.143&server=&reverse=Look+it+up

...to Akamai.

Maybe it is all innocent. I hope so. The Bush Administration has gotten me feeling all paranoid, which makes me question things more than I used to.

I thought that sharing a bit of info on how to keep track of who's connecting to your system wouldn't be a bad thing even if it's all innocent...

For years now, I have wanted to know more about internet security and networking in general. I am currently in community college studying computer engineering. I wish I could study networking and computer security more in depth. Reading this discussion has intrigued me in a way that I never could have imagined. It makes me want to learn even more about computer security and do that for a living if possible. This is an amazing thread, amazing topic, and amazing discussion.

I have worried before that Freepers would try to hack DU. I would love nothing more than to be able to keep that from ever happening. I am only learning to become a mere engineer who builds computers and I am only beginning into this curriculum. My background is much more related to electricity, as opposed to electronics.

Thanks for telling us about netstat. Anything I can type into the command line to find out more about my machine is fun for me.

I applaud your interest in learning more about how computers and neworks work. I wish more people would do so before posting ignorant and alarmist threads. Please read the posts by longship in this thread. They give an accurate and neutral explanation of how websites and services like Akamai work.

I have seen that name before in my browser history and figured out it was something to do with ads. I am not worried about Akamai. I am worried about hackers that are up to no good.

Looks to me like RIPE is the registrar for this 80.x.x.x block of internet addresses and this IP in question is actually registered to akamai. You can do a whois lookup at www.ripe.net if you're interested.

That being said, if they have a problem with my being against STUPID, ILL-CONCIEVED and POORLY EXECUTED wars based on LIES, fine.

November isn't but eight months away; I can't WAIT to vote these chumps out of office. Their shredding of the Constitution in the name of defending liberty, their bombing civvies in the name of 'spreading Democracy', their trading on fear for political and economic advantage, are all totally beneath contempt. Trading on fear is what demagogues and terrorists have in common. Bush is no terrorist, but he's as close to a perfect example of a demagogue as I've ever seen.

If there's G'ment lurkers here, they can feel free to quote me on that.

wonder. Morrissey Quizzed by FBI

Contact Music | February 24 2006

Singer MORRISSEY was quizzed by the FBI and British intelligence after speaking out against the American and British governments.

The Brit is a famous critic of the US-led war in Iraq and has dubbed President GEORGE W BUSH a "terrorist" - but he was baffled to be hauled in by authorities.

Morrissey explains, "The FBI and the Special Branch have investigated me and I've been interviewed and taped and so forth.

"They were trying to determine if I was a threat to the government, and similarly in England. But it didn't take them very long to realise that I'm not.

"I don't belong to any political groups, I don't really say anything unless I'm asked directly and I don't even demonstrate in public. I always assume that so-called authoritarian figures just assume that pop/rock music is slightly insane and an untouchable platform for the working classes to stand up and say something noticeable.

"My view is that neither England or America are democratic societies. You can't really speak your mind and if you do you're investigated

They most certainly do it to the freepers as well.

:evilgrin:

I doubt that a connection from akamai is proof of big brother -- they are a common content mirror for websites -- but surely I wouldn't doubt the government monitoring DU. So if you want to get the best understanding of what the connection means, make sure you take into context things like port numbers, what application is facilitating the connection, etc. You might check out X-NetStat which shows this information and also has a live bandwidth meter, so you can see if the connection is actually sending packets. If it is, you can use an Ethereal plugin to view the actual data being sent/received by your computer. Also, it will automatically do domain, ARIN, RIPE, APNIC and LACNIC WHOIS lookups from within the program.

I am biased because I wrote the software, but let me know if you find it interesting and/or useful :)

D

Looks like a nice little toy. I'm going to try it out!

They log on and read it.

Pretty sophisticated eh?

Yep thats right. They'll use the same methods to spy on DU, that you are using to read this very message.

They follow links provided to cause or home pages, and follow those to harvest information about DUers and their causes.

I'm sure they accumulate data in some fashion, having done so.

This thread has barely scratched the surface actually.

99.999% of the surveilance is simply browsing the forum and reading what is public.

Of the handful of message that provoke further interest, most of the posters information is hardly that secret, just reading their profile or journal would either outright identify or narrow down the poster signficantly - No warrant needed (not they seem to think they need one anymore anyway)

Now I suspect that this sites connection to its service provider(s) is fully captured and stored to disk. If a user "needs" to be followed up on, all the relevant info is there.

Now the assertations that agents are trying to break users firewalls and pinging their machines..those are downright laughable actually (and I mean that in a nice way, its just folks who don't understand the technology, but think they do because they've been a network admin for a few years)

heres a tip. google the following terms: lawful intercept cisco

"Diplomats at the U.S. Embassy in Moscow tried to hire a Russian hacker to break into Russia's Federal Security Service's network, according to a report published in the a Russian newspaper Wednesday.

The 20-year-old hacker, identified only as "Vers," said he was asked to hack into the Federal Security Service's network to copy, alter and delete files. Vers claims that four officials at the U.S. Embassy offered him $10,000 for the job.

According to the Moscow Times, a spokesman from the Federal Security Service has officially confirmed the story that was reported in Moskovsky Komsomolets.

The Times is also reporting that the U.S. Embassy in Russia has refused to comment on the case."

http://www.wired.com/news/politics/0,1283,42998,00.html

I read another story that may or may not be true that Clinton wanted hackers to hack into Milosovich's bank accounts and divert $$$ during the Kosovo thing.

Is the US hacking into systems of interest? I don't know, but it bears watching. They're not going to advertise about it if they are.

And a little paranoia is ALWAYS a good thing when watching over network security. It's one of the few areas of life where paranoia is a useful skill.

Perhaps its him?

window left unlocked, which hasn't been opened in months.
a hard to shut door was closed to my bedroom as i slept, and left closed. i haven't closed that door in years.
my puter was on and a virus alert pop up box was showing.
nothing stolen.

i figure it's my patriotic duty to speak out and accept the consequences. hell, dad fought in WWII in the snow. it's not a thing what i'm looking at.

I think "reading" is a sufficient verb, after all, it's not difficult to get to this site, is it?

Incompetent they may be but NOT reading the widely available loud opinions of ones opposition is the death of a politician. It's entirely understandable.

On a related note: You saw the recent thread with all the RW quotes about the perceived success of the Iraq war from 2003? Few of the RW mouths had anything of substance to say about Iraq, 90% of their huffings and puffings were about the left and how it should be ashamed and hang its head and all that guff. The Amercian Right Wing is OBSESSED with the left. They're all over this site every day! Their whole identity is based on being NOT US. They haven't any positive qualities of their own.

Every single RW talking point is a response to a left wing position. There aren't any that appear spontaneously, there is no spontaneously generated RW ideology, it's all reactionary. So they HAVE to read this site or they fall over as a movement.

(This doesn't apply to the fundies, of course, they DO have a policy generating machine).

Just a matter of time before Agent Mike shows up at my door with a ream of print-outs and 2 thugs with hoses in their ears....

I get this all the time too, but has to find myself a proper firewall system as in CISCO with completely my own configurtion, try it that might work, just implying.

regarding MIG history during the MLK assassination. Military Intelligence Groups actively spied on the Peace Prize winner since he was 'bad for business' so to speak.

I guess if they put the info out there for the public to see (DARPA did create the internet, or at least its precursor), you'd think that an informed public would be something the founding fathers would have appreciated, no ?

""On 19 February 1970, all civil disturbance and civilian biographic data stored in the Investigative Records Repository were ordered destroyed. A similar purge was ordered of the independent domestic intelligence data bases maintained by CONARC and several of the field armies in the continental United States. The ambitious Civil Disturbance Information Collection Plan was formally rescinded in June. The U.S. Army Intelligence Command went into a 180-degree reversal, of course. As the command's official historian stated, "instead of collect, process, and store, the order of the day was research, screen, and destroy." 33 The effect of the "spying on civilians" charges was to degrade the whole counterintelligence mission. By the end of February 1971 the Army had suspended all USAINTC countersubversive and offensive counterespionage activities.""

--from that Army history link provided in my prior posting. I personally doubt that the destroy order was fully carried out, for what it's worth.

The MI units now will probably go into harassing domestic political dissenters, viewed as disloyal Americans. The technology has advanced, along with techniques such as 'background checks' becoming ubiquitous.

See Total Surveillance by Katherine Albrecht at motherjones.com along with CSMonitor's article on background checks being abused

Total Surveillance
http://www.motherjones.com/interview/2005/12/albrecht.html ...

Couple this insidious technology with purposely erroneous background checks

Who is checking the background checkers?
http://www.csmonitor.com/2005/1128/p13s02-wmgn.html

They've offshored, outsourced, and privatized TIA. Now all they have to do is fire you for being 'of the wrong political party' and put false information in your background data...and voila ! You've just created the most insidious terror project in the US ever.

Remember MASH and Col. Flagg ? The whole counterintelligence mission being degraded ended up becoming a punchline and laughingstock of the nation by the time that TV show began airing in the '70s. And rightly so. Their most famous victim was Martin Luther King, Jr. Think about that.