Extremely odd thing with Giganews DMCA?

Discussion in 'Computer Security' started by roadburner, Sep 19, 2005.

  1. roadburner

    roadburner Guest

    I posted this to alt.privacy this AM. I got an e-mail that I should repost it
    here. Hope nobody minds.



    I was reading APAS a few minutes ago via Giganews.

    A message popped up on the screen asking me about transferring bookmarks. I
    looked at the taskbar and saw it was Firefox. I assumed it was asking me if I
    wanted to transfer my IE bookmarks to it. Neither IE or Firefox were running
    at the time.

    I answered the popup with OK. Next, Firefox opened up the following page:
    http://www.giganews.com/dmca.html

    The only things running at the time were Mercury, OE, and News Agent.

    Grisoft AVG, MS Antispyware, and PGP were running in tray.

    I should add that the PC is behind a cable modem and a Netgear wireless router
    though directly connected to the router.

    Has anyone else had this happen? I am not now or ever have posted or
    downloaded any copyrighted materials. I have had this account with them for
    about 1 1/2 years.

    How in the heck did that happen? I checked my Firefox bookmarks and sure
    enough, it looks like it transferred my IE bookmarks into it. But the page I
    referred to that popped up was not one of the bookmarked pages.

    I should add that this is a new PC. I have only set it up this weekend so
    there are very few bookmarks. It is a Dell with XP Pro and the way it was
    shipped included Dell bookmarks. The Dell bookmarks got transferred to
    Firefox. That is how I know for sure it was Firefox asking to transfer
    bookmarks.

    Anybody have any clues as to what fired things off? Kind of scarey. I would
    hate to think that Giganews can control Firefox on this PC. Should I dump
    Firefox? Is there some exploit in it? I installed Firefox because I thought it
    was secure. How the heck could it be remotely turned on? Remember, it wasn't
    running at the time. It was remotely started by someone else.

    Could it be I got a trojan? Don't know how. Everything on this PC (not much)
    is legit software. Nothing strange.

    Really wondering what the heck is going on? How? Why that page? Makes me
    nervous as all get out.

    AVG has completed a test of everything without finding anything.

    Regards,
    roadburner
     
    roadburner, Sep 19, 2005
    #1
    1. Advertising

  2. From: "roadburner" <roadburner^at^comcast^dot^net>

    | I posted this to alt.privacy this AM. I got an e-mail that I should repost it
    | here. Hope nobody minds.
    |
    | I was reading APAS a few minutes ago via Giganews.
    |
    | A message popped up on the screen asking me about transferring bookmarks. I
    | looked at the taskbar and saw it was Firefox. I assumed it was asking me if I
    | wanted to transfer my IE bookmarks to it. Neither IE or Firefox were running
    | at the time.
    |
    | I answered the popup with OK. Next, Firefox opened up the following page:
    | http://www.giganews.com/dmca.html
    |
    | The only things running at the time were Mercury, OE, and News Agent.
    |
    | Grisoft AVG, MS Antispyware, and PGP were running in tray.
    |
    | I should add that the PC is behind a cable modem and a Netgear wireless router
    | though directly connected to the router.
    |
    | Has anyone else had this happen? I am not now or ever have posted or
    | downloaded any copyrighted materials. I have had this account with them for
    | about 1 1/2 years.
    |
    | How in the heck did that happen? I checked my Firefox bookmarks and sure
    | enough, it looks like it transferred my IE bookmarks into it. But the page I
    | referred to that popped up was not one of the bookmarked pages.
    |
    | I should add that this is a new PC. I have only set it up this weekend so
    | there are very few bookmarks. It is a Dell with XP Pro and the way it was
    | shipped included Dell bookmarks. The Dell bookmarks got transferred to
    | Firefox. That is how I know for sure it was Firefox asking to transfer
    | bookmarks.
    |
    | Anybody have any clues as to what fired things off? Kind of scarey. I would
    | hate to think that Giganews can control Firefox on this PC. Should I dump
    | Firefox? Is there some exploit in it? I installed Firefox because I thought it
    | was secure. How the heck could it be remotely turned on? Remember, it wasn't
    | running at the time. It was remotely started by someone else.
    |
    | Could it be I got a trojan? Don't know how. Everything on this PC (not much)
    | is legit software. Nothing strange.
    |
    | Really wondering what the heck is going on? How? Why that page? Makes me
    | nervous as all get out.
    |
    | AVG has completed a test of everything without finding anything.
    |
    | Regards,
    | roadburner

    For non-viral malware...

    Please download, install and update the following software...

    Ad-aware SE v1.06
    http://www.lavasoft.de/
    http://www.lavasoftusa.com/

    SpyBot Search and Destroy v1.4
    http://security.kolla.de/

    After the software is updated, I suggest scanning the system in Safe Mode.

    For viral malware...

    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    remove viruses, Trojans and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode. This
    way all the components can be downloaded from each AV vendor’s web site.
    The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Sep 19, 2005
    #2
    1. Advertising

  3. roadburner

    roadburner Guest

    On Mon, 19 Sep 2005 17:31:30 GMT, "David H. Lipman"
    <DLipman~nospam~@Verizon.Net> wrote:

    Snipped
    >
    >For non-viral malware...
    >
    >Please download, install and update the following software...
    >
    >Ad-aware SE v1.06
    >http://www.lavasoft.de/
    >http://www.lavasoftusa.com/
    >
    >SpyBot Search and Destroy v1.4
    >http://security.kolla.de/
    >
    >After the software is updated, I suggest scanning the system in Safe Mode.
    >
    >For viral malware...
    >
    >Download MULTI_AV.EXE from the URL --
    >http://www.ik-cs.com/programs/virtools/Multi_AV.exe
    >
    >It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    >http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    >(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    >simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    >remove viruses, Trojans and various other malware.
    >
    >C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    >This will bring up the initial menu of choices and should be executed in Normal Mode. This
    >way all the components can be downloaded from each AV vendor’s web site.
    >The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
    >
    >You can choose to go to each menu item and just download the needed files or you can
    >download the files and perform a scan in Normal Mode. Once you have downloaded the files
    >needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    >during boot] and re-run the menu again and choose which scanner you want to run in Safe
    >Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
    >
    >When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    >file.
    >
    >To use this utility, perform the following...
    >Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    >Choose; Unzip
    >Choose; Close
    >
    >Execute; C:\AV-CLS\StartMenu.BAT
    >{ or Double-click on 'Start Menu' in C:\AV-CLS }
    >
    >NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    >FireWall to allow it to download the needed AV vendor related files.
    >
    >* * * Please report back your results * * *


    I'll do it tonight when I get home and report back. Thanks so much. I hadn't
    thought of that. I use S&D and Adaware on my other PCs, but this was a new PC
    and I didn't think to install those 2 tools.

    MULTI_AV.EXE is one I never heard of. Thanks so very much for bringing it to
    my attention.

    I normally keep my PCs locked down so tight that nothing ever gets through.
    Over 13 years on the Internet and many years before beginning with a TRS80, I
    have never had any experiences like this. Never had a virus or anything else.
    So please excuse me if I seem to have gotten excited. Just something I never
    experienced before. It is very troubling to me.

    Another troubling thing is a discussion I had about it with another engineer.
    I work in real time process control and he works in the networking, Level 2 or
    data collection side of things.

    He has a NAT router on his home PC. He has 2 children. One of the kids did an
    "adoption" of an animal on the net. Not a real animal, just a schooling
    project. So each night his daughter has to take care of her adopted cyberspace
    animal. As a joke, the other sister asked her Dad to block the site for a
    practical joke. He pinged the site, got the IP, and blocked it in his NAT
    router. Then he tested his work with Firefox. It took a while, but the site
    came up in Firefox. (This guy is our networking expert with over 20 years
    experience). The he logged on to her account and was still able to access the
    site though some of it was blocked. We are both starting to think Firefox is
    the root cause.

    Mine is a pretty bare bones system, only a few dedicated and trusted programs
    on it. It is destined to sit and execute certain privacy related software such
    as a Tor node. Switching between it and the main computer is done by a USB KVM
    switch. On the dedicated computer, file and printer sharing is off.

    If I can't find the source or a good explanation, I'll reformat and reinstall
    the OS.

    Once again, may extend my most sincere thanks to you for your suggestions
    which I will follow to the letter.

    My warmest regards,
    roadburner
     
    roadburner, Sep 19, 2005
    #3
  4. roadburner

    roadburner Guest

    On Mon, 19 Sep 2005 15:06:46 -0400, roadburner <roadburner^at^comcast^dot^net>
    wrote:

    Forgot to mention that mcaffee is offered free to comcast subscribers of which
    I am one. I'll install it tonight too.

    Regards,
    roadburner
     
    roadburner, Sep 19, 2005
    #4
  5. From: "roadburner" <roadburner^at^comcast^dot^net>


    |
    | I'll do it tonight when I get home and report back. Thanks so much. I hadn't
    | thought of that. I use S&D and Adaware on my other PCs, but this was a new PC
    | and I didn't think to install those 2 tools.
    |
    | MULTI_AV.EXE is one I never heard of. Thanks so very much for bringing it to
    | my attention.
    |
    | I normally keep my PCs locked down so tight that nothing ever gets through.
    | Over 13 years on the Internet and many years before beginning with a TRS80, I
    | have never had any experiences like this. Never had a virus or anything else.
    | So please excuse me if I seem to have gotten excited. Just something I never
    | experienced before. It is very troubling to me.
    |
    | Another troubling thing is a discussion I had about it with another engineer.
    | I work in real time process control and he works in the networking, Level 2 or
    | data collection side of things.
    |
    | He has a NAT router on his home PC. He has 2 children. One of the kids did an
    | "adoption" of an animal on the net. Not a real animal, just a schooling
    | project. So each night his daughter has to take care of her adopted cyberspace
    | animal. As a joke, the other sister asked her Dad to block the site for a
    | practical joke. He pinged the site, got the IP, and blocked it in his NAT
    | router. Then he tested his work with Firefox. It took a while, but the site
    | came up in Firefox. (This guy is our networking expert with over 20 years
    | experience). The he logged on to her account and was still able to access the
    | site though some of it was blocked. We are both starting to think Firefox is
    | the root cause.
    |
    | Mine is a pretty bare bones system, only a few dedicated and trusted programs
    | on it. It is destined to sit and execute certain privacy related software such
    | as a Tor node. Switching between it and the main computer is done by a USB KVM
    | switch. On the dedicated computer, file and printer sharing is off.
    |
    | If I can't find the source or a good explanation, I'll reformat and reinstall
    | the OS.
    |
    | Once again, may extend my most sincere thanks to you for your suggestions
    | which I will follow to the letter.
    |
    | My warmest regards,
    | roadburner

    I wrote the Multi AV scanning tool. It is a scripted front end to the Trend Micro Sysclean
    utility and for the McAfee and Sophos Command Line Scanner. I saw a need to to help those
    infected so I wrote the tool to be as useful as possible. I am always willing to accept
    feedback for future improvements or enhancements.

    Realize that there *may* be multiple IP addresses associated to the web site you blocked
    (such as via DyDNS -- http://www.dydns.com/ ). So if the IP changes, the blocking is
    ineffectual. The question would what if you blocked the alias (URL) such as
    www.furryanimals.cyberspace.com ?


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Sep 19, 2005
    #5
  6. From: "roadburner" <roadburner^at^comcast^dot^net>

    | On Mon, 19 Sep 2005 15:06:46 -0400, roadburner <roadburner^at^comcast^dot^net>
    | wrote:
    |
    | Forgot to mention that mcaffee is offered free to comcast subscribers of which
    | I am one. I'll install it tonight too.
    |
    | Regards,
    | roadburner

    The FREE version of McAfee is the retail version. It is tied to IE and and does not include
    the McAfee Command Line Scanner that is downloaded and used in my Multi AV Scanning Tool
    which has been programmed to run aggressively.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Sep 19, 2005
    #6
  7. roadburner

    roadburner Guest

    On Mon, 19 Sep 2005 19:41:05 GMT, "David H. Lipman"
    <DLipman~nospam~@Verizon.Net> wrote:

    Snipped
    >
    >I wrote the Multi AV scanning tool. It is a scripted front end to the Trend Micro Sysclean
    >utility and for the McAfee and Sophos Command Line Scanner. I saw a need to to help those
    >infected so I wrote the tool to be as useful as possible. I am always willing to accept
    >feedback for future improvements or enhancements.
    >
    >Realize that there *may* be multiple IP addresses associated to the web site you blocked
    >(such as via DyDNS -- http://www.dydns.com/ ). So if the IP changes, the blocking is
    >ineffectual. The question would what if you blocked the alias (URL) such as
    >www.furryanimals.cyberspace.com ?



    I thought of that one to ask him. He will double check it. He thinks not
    because only a very short time elapsed between him blocking and testing. The
    site would had have to go offline for a bit to get assigned a new address.

    I registered a new domain with DyDNS and subscribed to the service. Though my
    IP has stayed fixed for the 1 1/2 years I have had cable, who knows. There was
    nothing in writing that said I would have a fixed IP.

    I should have added that I am a bit of a privacy buff. The new PC will be
    dedicated to running a Tor node. Likewise, type 1 and 2 remailers. That was
    why I was running Mercury. As I think about it more, I had port forwarded 25
    for Mercury mail and 9001 and 9030 for the Tor node in the Netgear router.

    I had the Tor node setup on my primary computer at 198.168.0.2. The primary
    computer has a Symatecs firewall which only allowed connection through 9001
    and 9030 to Tor at 198.168.0.2.

    When I reconfigured the network, I set the new PC as 198.168.0.2, the primary
    as 3, and the laptop as 4. I had not installed a software firewall yet.

    Possible I could have left myself open for an attack through those ports. In
    the little over a month I had been operating a Tor node, the firewall logs
    showed the Tor ports came under attack. The firewall was configured to
    automatically close connections on a persistent attack which the logs show it
    did on 3 occasions. All Tor nodes, their IPs and their open Dirports and
    Orports are shown at: http://tinyurl.com/898o9

    Now I am wondering if I got "hacked" into. Possibility I guess.

    Very nice of you to take the time to write the scanning tool. I'll put it to
    use.

    Regards,
    roadburner
     
    roadburner, Sep 19, 2005
    #7
  8. From: "roadburner" <roadburner^at^comcast^dot^net>


    |
    | I thought of that one to ask him. He will double check it. He thinks not
    | because only a very short time elapsed between him blocking and testing. The
    | site would had have to go offline for a bit to get assigned a new address.
    |
    | I registered a new domain with DyDNS and subscribed to the service. Though my
    | IP has stayed fixed for the 1 1/2 years I have had cable, who knows. There was
    | nothing in writing that said I would have a fixed IP.
    |
    | I should have added that I am a bit of a privacy buff. The new PC will be
    | dedicated to running a Tor node. Likewise, type 1 and 2 remailers. That was
    | why I was running Mercury. As I think about it more, I had port forwarded 25
    | for Mercury mail and 9001 and 9030 for the Tor node in the Netgear router.
    |
    | I had the Tor node setup on my primary computer at 198.168.0.2. The primary
    | computer has a Symatecs firewall which only allowed connection through 9001
    | and 9030 to Tor at 198.168.0.2.
    |
    | When I reconfigured the network, I set the new PC as 198.168.0.2, the primary
    | as 3, and the laptop as 4. I had not installed a software firewall yet.
    |
    | Possible I could have left myself open for an attack through those ports. In
    | the little over a month I had been operating a Tor node, the firewall logs
    | showed the Tor ports came under attack. The firewall was configured to
    | automatically close connections on a persistent attack which the logs show it
    | did on 3 occasions. All Tor nodes, their IPs and their open Dirports and
    | Orports are shown at: http://tinyurl.com/898o9
    |
    | Now I am wondering if I got "hacked" into. Possibility I guess.
    |
    | Very nice of you to take the time to write the scanning tool. I'll put it to
    | use.
    |
    | Regards,
    | roadburner

    I looked at that log but I couldn't gleam anything from it.

    Posting the URL of that log in a FireWall News Group may be helpful.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Sep 19, 2005
    #8
  9. roadburner

    roadburner Guest

    On Mon, 19 Sep 2005 20:40:52 GMT, "David H. Lipman"
    <DLipman~nospam~@Verizon.Net> wrote:

    >From: "roadburner" <roadburner^at^comcast^dot^net>
    >
    >
    >|
    >| I thought of that one to ask him. He will double check it. He thinks not
    >| because only a very short time elapsed between him blocking and testing. The
    >| site would had have to go offline for a bit to get assigned a new address.
    >|
    >| I registered a new domain with DyDNS and subscribed to the service. Though my
    >| IP has stayed fixed for the 1 1/2 years I have had cable, who knows. There was
    >| nothing in writing that said I would have a fixed IP.
    >|
    >| I should have added that I am a bit of a privacy buff. The new PC will be
    >| dedicated to running a Tor node. Likewise, type 1 and 2 remailers. That was
    >| why I was running Mercury. As I think about it more, I had port forwarded 25
    >| for Mercury mail and 9001 and 9030 for the Tor node in the Netgear router.
    >|
    >| I had the Tor node setup on my primary computer at 198.168.0.2. The primary
    >| computer has a Symatecs firewall which only allowed connection through 9001
    >| and 9030 to Tor at 198.168.0.2.
    >|
    >| When I reconfigured the network, I set the new PC as 198.168.0.2, the primary
    >| as 3, and the laptop as 4. I had not installed a software firewall yet.
    >|
    >| Possible I could have left myself open for an attack through those ports. In
    >| the little over a month I had been operating a Tor node, the firewall logs
    >| showed the Tor ports came under attack. The firewall was configured to
    >| automatically close connections on a persistent attack which the logs show it
    >| did on 3 occasions. All Tor nodes, their IPs and their open Dirports and
    >| Orports are shown at: http://tinyurl.com/898o9
    >|
    >| Now I am wondering if I got "hacked" into. Possibility I guess.
    >|
    >| Very nice of you to take the time to write the scanning tool. I'll put it to
    >| use.
    >|
    >| Regards,
    >| roadburner
    >
    >I looked at that log but I couldn't gleam anything from it.
    >
    >Posting the URL of that log in a FireWall News Group may be helpful.


    It is not a log but a listing of active Tor nodes. For instance:

    router rfc1149 81.56.47.149 9001 0 9030

    Router name: rfc1149
    IP address: 81.56.47.149
    Open Tor ports: 9001 & 9030

    Basically, when we run a Tor node, we tell the world our IPs and which ports
    we have open for Tor connections. The rest are our keys, used by other nodes,
    and what IP addresses and ports are open or blocked by our Exit Policies.

    For instance if you were surfing the net through Tor and Privoxy, the IP
    address that shows up at the site you visit would be one of ours. Tor was
    first developed by the US Navy. Now it is sponsored by the EEF. The US
    security agencies are known to use our network nodes to disguise their own IPs
    when they visit certain questionable websites or chat in some chatroom.
    Basically, it is a free privacy service with volunteer operators and open to
    anyone. There are about 250 operators worldwide and an estimated 10,000 users
    of the service.

    I think what I'll do at this point is just reformat and reinstall the OS. It
    will probably take less time. Like I mentioned, I only have a few programs on
    it that can easily be re-installed. Since I won't be using that PC for
    anything else, I'll lock it down tighter than a drum.

    Fortunately, I had nothing on it yet, like my PGP Keyrings or Tor secret keys.
    I was just in the process of setting it up so everything else resides on a USB
    stick (in my shirt pocket) right now. Happy I didn't finish it without the
    firewall.

    Because of the sensitive nature of encryption keys, I think I'll just be safe
    rather than take a chance. I'll set it all up while disconnected from the
    Internet.

    Thanks for everything, you have been most helpful.

    My warmest regards,
    roadburner
     
    roadburner, Sep 19, 2005
    #9
  10. roadburner

    Unruh Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

    >From: "roadburner" <roadburner^at^comcast^dot^net>



    .....
    >|
    >| Another troubling thing is a discussion I had about it with another engineer.
    >| I work in real time process control and he works in the networking, Level 2 or
    >| data collection side of things.
    >|
    >| He has a NAT router on his home PC. He has 2 children. One of the kids did an
    >| "adoption" of an animal on the net. Not a real animal, just a schooling
    >| project. So each night his daughter has to take care of her adopted cyberspace
    >| animal. As a joke, the other sister asked her Dad to block the site for a
    >| practical joke. He pinged the site, got the IP, and blocked it in his NAT
    >| router. Then he tested his work with Firefox. It took a while, but the site
    >| came up in Firefox. (This guy is our networking expert with over 20 years
    >| experience). The he logged on to her account and was still able to access the
    >| site though some of it was blocked. We are both starting to think Firefox is
    >| the root cause.
    >|


    How could it be Firefox? If the firewall blocks the packet, firefox never
    sees it to do anything with it.
    I locked the door to my house, and my vacuum cleaner still picks up outside
    dirt from the living room carpet. Must be something to do with the vacuum cleaner.

    It is probably some redirection. Ie, the IP address he thought it was at is
    not the actual responding IP address. Ie some of the pages get redirected.

    And why in the world her dad thought this was a reasonable "practical joke"
    is beyond me. Does he give her empty boxes for Christmas presents as well?
     
    Unruh, Sep 20, 2005
    #10
  11. roadburner

    roadburner Guest

    On 20 Sep 2005 00:03:26 GMT, Unruh <> wrote:

    >"David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:
    >
    >>From: "roadburner" <roadburner^at^comcast^dot^net>

    >
    >
    >....
    >>|
    >>| Another troubling thing is a discussion I had about it with another engineer.
    >>| I work in real time process control and he works in the networking, Level 2 or
    >>| data collection side of things.
    >>|
    >>| He has a NAT router on his home PC. He has 2 children. One of the kids did an
    >>| "adoption" of an animal on the net. Not a real animal, just a schooling
    >>| project. So each night his daughter has to take care of her adopted cyberspace
    >>| animal. As a joke, the other sister asked her Dad to block the site for a
    >>| practical joke. He pinged the site, got the IP, and blocked it in his NAT
    >>| router. Then he tested his work with Firefox. It took a while, but the site
    >>| came up in Firefox. (This guy is our networking expert with over 20 years
    >>| experience). The he logged on to her account and was still able to access the
    >>| site though some of it was blocked. We are both starting to think Firefox is
    >>| the root cause.
    >>|

    >
    >How could it be Firefox? If the firewall blocks the packet, firefox never
    >sees it to do anything with it.
    >I locked the door to my house, and my vacuum cleaner still picks up outside
    >dirt from the living room carpet. Must be something to do with the vacuum cleaner.
    >
    >It is probably some redirection. Ie, the IP address he thought it was at is
    >not the actual responding IP address. Ie some of the pages get redirected.
    >
    >And why in the world her dad thought this was a reasonable "practical joke"
    >is beyond me. Does he give her empty boxes for Christmas presents as well?


    Naw, it was a short time joke. The guy is a very dedicated father. In fact, he
    and his wife are so dedicated and educated that they are home schooling their
    children. I have spoken with the 2 kids a number of times and they are light
    years ahead of most kids their age. Polite, extremely well versed in
    everything. The 2 young kids can already speak fluently in multiple languages.

    The "practical joke" was more to teach the young lady about Internet
    communications. Both parents have advanced degrees. His happens to be in
    Computer Science.

    They are the most dedicated parents I know of. You would have to know them to
    understand. Don't think them bad parents please. They are amongst the best.

    He is investigating what happened. It could have been a redirection we are
    guessing. Or a leak. Don't know if he was running the latest version of
    Firefox. Some of the earlier versions had some security issues, I just don't
    remember what they were.

    This morning, I rolled over and asked the President of my company if I could
    take the day off and work on my dedicated server. She was quite happy to say
    yes since I am always at the office.

    About 15 years ago, when the company was started, I was a General Manager for
    a similar type of engineering company. I ran a remote office. My boss at that
    time was at the home office so communications were by phone.

    The company was incorporated in my wife's name since I had a non compete
    agreement. Then my wife hired me as Vice President. Her background is a 2 year
    degree in secretarial studies at a community college. In the 35+ years we have
    been married, she has never had a paying job. She quit her job as a secretary
    2 weeks before we got married and never had to go back to work since.

    Oh, the good old days where one man could support his family.

    Regards,
    roadburner
     
    roadburner, Sep 20, 2005
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil Stripling

    Photo quality inkjet without DMCA cartidges?

    Phil Stripling, Dec 11, 2003, in forum: Digital Photography
    Replies:
    11
    Views:
    1,315
  2. McF
    Replies:
    7
    Views:
    580
    Nero Wolfe
    Nov 4, 2003
  3. Mike Kohary

    You think the DMCA is bad?

    Mike Kohary, Jun 18, 2004, in forum: DVD Video
    Replies:
    10
    Views:
    713
    Ronald Cole
    Jun 25, 2004
  4. Imhotep
    Replies:
    10
    Views:
    755
    Imhotep
    Aug 12, 2005
  5. networkuser
    Replies:
    0
    Views:
    1,153
    networkuser
    Jul 30, 2013
Loading...

Share This Page