Firewall shows ports being used in sqeuence

Discussion in 'Computer Security' started by Alix, Dec 5, 2005.

  1. Alix

    Alix Guest

    What could be causing my apps to accept connections to use local
    ports in sequence? Below are some more details.

    Thank you for any help.

    Alix

    ------

    I run on XP Pro on cable with no other PCs or devices attached to
    the network.

    I use the free FILSECLAB firewall. My firewall is ANTIVIR. For
    my browser I use OPERA and my newsreader is NEWSBIN PRO.

    I have scanned my PC for viruses and for other malware or adware.

    ------

    The monitor feature in the FILSECLAB firewall shows that simply to
    do their work, the browser and newsreader are accepting
    connections which come into my local ports numbered 1030, 1031,
    1032, 1033, etc. The sequence is not precisely followed but more
    or less that is what is happening.

    It doesn't seem like a port scan as it seems too slow and anyway
    it is closely correleated with my own use of my applications.

    But it seems very odd.

    Each time I boot the PC and launch Opera to Google somewhere,
    there is a pause for a second or two for this FIRST web page and
    the status line says: "Connecting to www.google.com". Then it
    frees up.

    What could be causing this sequential use of local ports? Is it
    something I might have set in XP's registry?
     
    Alix, Dec 5, 2005
    #1
    1. Advertising

  2. Alix wrote:

    > The monitor feature in the FILSECLAB firewall shows that simply to do
    > their work, the browser and newsreader are accepting connections which
    > come into my local ports numbered 1030, 1031, 1032, 1033, etc. The
    > sequence is not precisely followed but more or less that is what is
    > happening.


    Are you absolutely sure they're *accepting* connections on those ports?

    I'd wager they're using those ports for outgoing connections, to remote
    ports that look more normal. 80 and 119 for typical HTTP and NNTP traffic.

    Internet related software using an arbitrary local port to establish
    outgoing connections is expected and necessary. And yes, they generally
    establish multiple connections using more or less sequential port numbers.
    Especially web browsers. Mine is configured to make as many as 64 at a
    time, although I've never seen it actually do that. News readers typically
    don't make more than 3 or 4 at a time, as NNTP servers won't allow it.

    --
    _?_ Outside of a dog, a book is a man's best friend.
    (@ @) Inside of a dog, it's too dark to read.
    -oOO-(_)--OOo-------------------------------[ Groucho Marx ]--
    grok! Registered Linux user #402208
     
    Jeffrey F. Bloss, Dec 5, 2005
    #2
    1. Advertising

  3. From: "Alix" <>

    | What could be causing my apps to accept connections to use local
    | ports in sequence? Below are some more details.
    |
    | Thank you for any help.
    |
    | Alix
    |
    | ------
    |
    | I run on XP Pro on cable with no other PCs or devices attached to
    | the network.
    |
    | I use the free FILSECLAB firewall. My firewall is ANTIVIR. For
    | my browser I use OPERA and my newsreader is NEWSBIN PRO.
    |
    | I have scanned my PC for viruses and for other malware or adware.
    |
    | ------
    |
    | The monitor feature in the FILSECLAB firewall shows that simply to
    | do their work, the browser and newsreader are accepting
    | connections which come into my local ports numbered 1030, 1031,
    | 1032, 1033, etc. The sequence is not precisely followed but more
    | or less that is what is happening.
    |
    | It doesn't seem like a port scan as it seems too slow and anyway
    | it is closely correleated with my own use of my applications.
    |
    | But it seems very odd.
    |
    | Each time I boot the PC and launch Opera to Google somewhere,
    | there is a pause for a second or two for this FIRST web page and
    | the status line says: "Connecting to www.google.com". Then it
    | frees up.
    |
    | What could be causing this sequential use of local ports? Is it
    | something I might have set in XP's registry?

    You said -- "My firewall is ANTIVIR."
    Care to rephrase that ? Do you really mean anti virus ?

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Dec 5, 2005
    #3
  4. Alix

    Winged Guest

    Alix wrote:
    > What could be causing my apps to accept connections to use local
    > ports in sequence? Below are some more details.
    >
    > Thank you for any help.
    >
    > Alix
    >
    > ------
    >
    > I run on XP Pro on cable with no other PCs or devices attached to
    > the network.
    >
    > I use the free FILSECLAB firewall. My firewall is ANTIVIR. For
    > my browser I use OPERA and my newsreader is NEWSBIN PRO.
    >
    > I have scanned my PC for viruses and for other malware or adware.
    >
    > ------
    >
    > The monitor feature in the FILSECLAB firewall shows that simply to
    > do their work, the browser and newsreader are accepting
    > connections which come into my local ports numbered 1030, 1031,
    > 1032, 1033, etc. The sequence is not precisely followed but more
    > or less that is what is happening.
    >
    > It doesn't seem like a port scan as it seems too slow and anyway
    > it is closely correleated with my own use of my applications.
    >
    > But it seems very odd.
    >
    > Each time I boot the PC and launch Opera to Google somewhere,
    > there is a pause for a second or two for this FIRST web page and
    > the status line says: "Connecting to www.google.com". Then it
    > frees up.
    >
    > What could be causing this sequential use of local ports? Is it
    > something I might have set in XP's registry?

    Are you running google desktop search engine?

    Winged
     
    Winged, Dec 5, 2005
    #4
  5. Alix

    Donnie Guest


    > Are you absolutely sure they're *accepting* connections on those ports?
    >
    > I'd wager they're using those ports for outgoing connections, to remote
    > ports that look more normal. 80 and 119 for typical HTTP and NNTP traffic.
    >

    #################################
    Correct. Both Unix and Windows use those ports as source ports. That's what
    is seen in the Local Address column on a netstat -an oputput. The Foreign
    Address column will have what you term as normal ports otherwise known as
    destination ports. That column is the important one when looking for
    unwanted connections.
    donnie
     
    Donnie, Dec 6, 2005
    #5
  6. In article <>,
    "Jeffrey F. Bloss" <> wrote:

    > Alix wrote:
    >
    > > The monitor feature in the FILSECLAB firewall shows that simply to do
    > > their work, the browser and newsreader are accepting connections which
    > > come into my local ports numbered 1030, 1031, 1032, 1033, etc. The
    > > sequence is not precisely followed but more or less that is what is
    > > happening.

    >
    > Are you absolutely sure they're *accepting* connections on those ports?
    >
    > I'd wager they're using those ports for outgoing connections, to remote
    > ports that look more normal. 80 and 119 for typical HTTP and NNTP traffic.


    Usually the source ports in outgoing connections are much higher, like
    32000+. 1030, 1031, etc. are pretty unlikely to be used as ephemeral
    source ports.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
     
    Barry Margolin, Dec 6, 2005
    #6
  7. Alix

    Alix Guest

    On Mon 05 Dec 2005 17:49:44, David H. Lipman
    <DLipman~nospam~@Verizon.Net> wrote:

    > You said -- "My firewall is ANTIVIR."
    > Care to rephrase that ? Do you really mean anti virus ?


    Oops. Yes, you are quite right.

    The antivirus is ANTIVIR and the firewall is FILSECLAB.

    Sorry for any confusion.
     
    Alix, Dec 6, 2005
    #7
  8. Barry Margolin wrote:

    > Usually the source ports in outgoing connections are much higher, like
    > 32000+. 1030, 1031, etc. are pretty unlikely to be used as ephemeral
    > source ports.


    Wrong, it depends on the stack implentatin, in genaral the use of the port
    range from 1024 upwards as source-port is an absolutely normal stack
    behaivior.

    Sample netstat output snippet from an avarage win2000 box:

    C:\Dokumente und Einstellungen\wk>netstat -an

    Aktive Connections

    Proto Local Address Remoteaddress Status

    TCP 192.168.1.3:1123 192.168.1.254:445 Established
    TCP 192.168.1.3:1131 192.168.1.254:143 Established
    TCP 192.168.1.3:1132 192.168.1.254:143 Established
    TCP 192.168.1.3:1133 192.168.1.254:22 Established
    TCP 192.168.1.3:1910 146.48.98.96:80 Established
    TCP 192.168.1.3:1911 146.48.98.96:80 Established
    TCP 192.168.1.3:1924 192.168.1.4:139 Established
    TCP 192.168.1.3:1931 192.168.1.254:25 Established
    TCP 192.168.1.3:1934 64.233.183.124:80 Established
    TCP 192.168.1.3:3389 192.168.1.19:41835 Established
    TCP 192.168.1.3:1939 64.233.183.124:80 Established
    TCP 192.168.1.3:1946 212.60.1.145:119 Established

    Wolfgang
     
    Wolfgang Kueter, Dec 6, 2005
    #8
  9. Alix

    Alix Guest

    On Tue 06 Dec 2005 08:40:15, Wolfgang Kueter
    <> wrote:

    > Wrong, it depends on the stack implentatin, in genaral the use
    > of the port range from 1024 upwards as source-port is an
    > absolutely normal stack behaivior.
    >
    > Sample netstat output snippet from an avarage win2000 box:
    >
    > C:\Dokumente und Einstellungen\wk>netstat -an
    >
    > Aktive Connections
    >
    > Proto Local Address Remoteaddress Status
    >
    > TCP 192.168.1.3:1123 192.168.1.254:445
    > Established TCP 192.168.1.3:1131 192.168.1.254:143
    > Established TCP 192.168.1.3:1132 192.168.1.254:143
    > Established TCP 192.168.1.3:1133 192.168.1.254:22
    > Established TCP 192.168.1.3:1910
    > 146.48.98.96:80 Established TCP 192.168.1.3:1911
    > 146.48.98.96:80 Established TCP 192.168.1.3:1924
    > 192.168.1.4:139 Established TCP 192.168.1.3:1931
    > 192.168.1.254:25 Established TCP
    > 192.168.1.3:1934 64.233.183.124:80 Established
    > TCP 192.168.1.3:3389 192.168.1.19:41835
    > Established TCP 192.168.1.3:1939 64.233.183.124:80
    > Established TCP 192.168.1.3:1946 212.60.1.145:119
    > Established
    >
    > Wolfgang
    >



    I am the OP and I get the following sort of result.
    (Apologies if the line wrap does not work properly.)

    You can see the port numbers go from 2087 to 2093. I suspect this
    morning they started at 1024 or something like that.


    Pass Opera HTTP/Out 62.107.125.121/2087 194.201.98.217/80
    0/60 12:59 ACK
    Pass Opera HTTP/Out 62.107.125.121/2087 194.201.98.217/80
    54/0 12:59 ACK
    Pass Opera HTTP/Out 62.107.125.121/2087 194.201.98.217/80
    54/0 12:59 ACK
    Pass Opera HTTP/Out 62.107.125.121/2087 194.201.98.217/80
    728/116 12:59 domino.newhall.gov.uk/web/html.nsf/full-
    default.css
    Pass Opera HTTP/Out 62.107.125.121/2087 194.201.98.217/80
    0/60 12:59 ACK
    Pass SYSTEM HTTP/Out 62.107.125.121/2089
    172.16.16.16/80 62/0 12:59 SYN
    Pass Opera HTTP/Out 0.0.0.0/0 172.16.16.16/80 0/0 12:59
    RDSD|RT:6|No.10000
    Pass Opera HTTP/Out 62.107.125.121/2090 172.16.16.16/80
    62/0 12:59 SYN
    Pass Opera HTTP/Out 62.107.125.121/2086 194.201.98.217/80
    2805/77235 12:59
    194.201.98.217/Committee/CE_CommRepository.nsf/vSCByCD?
    OpenForm&RestrictToCategory=Development+Committee&tip=committee
    Pass named UDP/Out 62.107.125.121/1025 199.166.31.3/53
    2188/4140 12:59 RDSD|RT:10|No.10000
    Pass SYSTEM HTTP/Out 62.107.125.121/2088
    172.16.16.16/80 62/0 12:59 RDSD|RT:10|No.10000
    Pass Opera HTTP/Out 0.0.0.0/0 172.16.16.16/80 0/0 12:59
    RDSD|RT:6|No.10000
    Pass Opera HTTP/Out 62.107.125.121/2091 172.16.16.16/80
    62/0 12:59 SYN
    Pass Opera HTTP/Out 0.0.0.0/0 172.16.16.16/80 0/0 12:59
    RDSD|RT:6|No.10000
    Pass Opera HTTP/Out 62.107.125.121/2092 172.16.16.16/80
    62/0 12:59 SYN
    Pass Opera HTTP/Out 0.0.0.0/0 172.16.16.16/80 0/0 13:00
    RDSD|RT:6|No.10000
    Pass SYSTEM HTTP/Out 62.107.125.121/2092
    172.16.16.16/80 62/0 13:00 SYN
    Pass Opera HTTP/Out 62.107.125.121/2093 66.249.87.99/80
    62/0 13:00 SYN
    Pass Opera HTTP/Out 62.107.125.121/2093 66.249.87.99/80
    0/62 13:00 ACK
    Pass Opera HTTP/Out 62.107.125.121/2087 194.201.98.217/80
    1060/412 13:00 RDSD|RT:10|No.10000
    Pass Opera HTTP/Out 62.107.125.121/2086 194.201.98.217/80
    0/60 13:00 ACK
    Pass Opera HTTP/Out 62.107.125.121/2086 194.201.98.217/80
    54/0 13:00 ACK
    Pass Opera HTTP/Out 62.107.125.121/2086 194.201.98.217/80
    54/0 13:00 ACK
    Pass Opera HTTP/Out 62.107.125.121/2086 194.201.98.217/80
    0/60 13:00 ACK
    Pass SYSTEM HTTP/Out 62.107.125.121/2089
    172.16.16.16/80 62/0 13:00 RDSD|RT:10|No.10000
    Pass Opera HTTP/Out 62.107.125.121/2090 172.16.16.16/80
    62/0 13:00 RDSD|RT:10|No.10000
    Pass Opera HTTP/Out 62.107.125.121/2093 66.249.87.99/80
    0/60 13:00 ACK
    Pass Opera HTTP/Out 62.107.125.121/2093 66.249.87.99/80
    798/6133 13:00 www.google.com/search?as_q=fred
    Pass Opera HTTP/Out 62.107.125.121/2093 66.249.87.99/80
    54/0 13:00 ACK
    Pass Opera HTTP/Out 62.107.125.121/2093 66.249.87.99/80
    54/0 13:00 ACK
    Pass Opera HTTP/Out 62.107.125.121/2093 66.249.87.99/80
    0/60 13:00 ACK
    Pass Opera HTTP/Out 62.107.125.121/2091 172.16.16.16/80
    62/0 13:00 RDSD|RT:10|No.10000

    [I have changed my IP number slightly to mask it's actual value.]
     
    Alix, Dec 6, 2005
    #9
  10. Alix

    Alix Guest

    On Wed 07 Dec 2005 19:12:14, Wolfgang Kueter
    <> wrote:

    >> Are you saying that it is normal behavior of the TCPIP stack
    >> that I am going out of port 80 and using those ascending port
    >> numbers as I try to access various web and news servers?

    >
    > Of course, yes. There is a difference between client and server
    > and destination port and source port. Both major transport
    > protocols (which are tcp and udp) when connecting a service on a
    > remote machine will contact the destination machine on the well
    > known destination port for the particular service (80 for
    > web/http, 119 for news/nntp, 110 for pop3, 25 for smtp ...) and
    > use a random source port above usually above 1024 to recieve the
    > answer packets from the remote machine. That is just how a
    > tcp/ip stack works. Ascending source port numbers are nothing to
    > worry about. Ascending TCP sequence numbers however would of
    > course be a completely different story.
    >
    > Please read documents like:
    >
    > http://www.firewall.cx/tcp-analysis-section-4.php
    > http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ip.htm
    >
    >>>> What could be causing this sequential use of local ports?
    >>>
    >>> Normal behaivior of an avarage TCP/IP stack.



    Thanks for the info Wolfgang.
    Thanks too for two very good links


    >>
    >> I am going to get a hardare firewall when I can afford to.

    >
    > Your stack won't behave any diffrent with a hardware firewall.
    > What you observe is totally normal behaivior and absolutely
    > nothing to worry about.


    I was thinking of the hardware firewall as better a replacememnt for
    a personal software firewall.

    I find that the the config requirements of many software firewalls
    can get more complicated than I am able to handle! Things like
    making sure various utility servers get through (DHCP, UBR, DNS, etc)
    and distinguishing between WAN and private IP addresses all makes my
    head spin!
     
    Alix, Dec 8, 2005
    #10
  11. Alix

    itsecgirl Guest

    I belive good security needs to take a layer protection approach. I
    believe a good practice is to have both a hardware and software
    firewall. Software firewall are not meant to be your baseline of
    defense. I have a hardware firewall setup and rely on Symantec Internet
    Security (AV & software firewall) to tell me what else gets through. I
    use this to have more control to what my computer is exposed to.

    I agree with you that some software firewall programs are not as
    intuitive. For home users, I recommend Symantec Internet Security and
    for corporate users, you can contact me for more info.

    -itsecgirl
     
    itsecgirl, Dec 8, 2005
    #11
  12. Alix

    * Guest

    Firewall shows "OSP" ports being used in sqeuence.

    Karl Rove's White House " Murder Inc. ".

    Ariel Sharon's & Karl Rove's White House " Assassinations Inc. " !!!
    Neocon's SOCOM @ "OSP" .

    "The significance of this masterpiece is not only the divulsion of facts,
    but the focus it's made on the covert cooperation between the parties who
    are enemies...., thanks to the organized " Smear Campaign by ..X..?,
    and the deliberate resonance it received in Damascus..... "

    http://www.abcnorio.org/pcgi-bin/boards/housing/robboard.cgi?action=display&num=162

    http://www.abcnorio.org/pcgi-bin/boards/housing/robboard.cgi?action=display&num=71


    Special Investigation.


    DEC., 2005- On September 15, 2001, just four days after the 9-11 attacks,
    CIA Director George Tenet provided President [sic] Bush with a Top Secret
    "Worldwide Attack Matrix"-a virtual license to kill targets deemed to be a
    threat to the United States in some 80 countries around the world. The Tenet
    plan, which was subsequently approved by Bush, essentially reversed the
    executive orders of four previous U.S. administrations that expressly
    prohibited political assassinations.

    According to high level European intelligence officials, Bush's counselor,
    Karl Rove, used the new presidential authority to silence a popular Lebanese
    Christian politician who was planning to offer irrefutable evidence that
    Israeli Prime Minister Ariel Sharon authorized the massacre of hundreds of
    Palestinian men, women, and children in the Beirut refugee camps of Sabra
    and Shatilla in 1982. In addition, Sharon provided the Lebanese forces who
    carried out the grisly task. At the time of the massacres, Elie Hobeika was
    intelligence chief of Lebanese Christian forces in Lebanon who were battling
    Palestinians and other Muslim groups in a bloody civil war. He was also the
    chief liaison to Israeli Defense Force (IDF) personnel in Lebanon. An
    official Israeli inquiry into the massacre at the camps, the Kahan
    Commission, merely found Sharon "indirectly" responsible for the slaughter
    and fingered Hobeika as the chief instigator.

    The Kahan Commission never called on Hobeika to offer testimony in his
    defense. However, in response to charges brought against Sharon before a
    special war crimes court in Belgium, Hobeika was urged to testify against
    Sharon, according to well-informed Lebanese sources. Hobeika was prepared to
    offer a different version of events than what was contained in the Kahan
    report. A 1993 Belgian law permitting human rights prosecutions was unusual
    in that non-Belgians could be tried for violations against other
    non-Belgians in a Belgian court. Under pressure from the Bush
    administration, the law was severely amended and the extra territoriality
    provisions were curtailed.

    Hobeika headed the Lebanese forces intelligence agency since the mid- 1970s
    and he soon developed close ties to the CIA. He was a frequent visitor to
    the CIA's headquarters at Langley, Virginia. After the Syrian invasion of
    Lebanon in 1990, Hobeika held a number of cabinet positions in the Lebanese
    government, a proxy for the Syrian occupation authorities. He also served in
    the parliament. In July 2001, Hobeika called a press conference and
    announced he was prepared to testify against Sharon in Belgium and revealed
    that he had evidence of what actually occurred in Sabra and Shatilla.
    Hobeika also indicated that Israel had flown members of the South Lebanon
    Army (SLA) into Beirut International Airport in an Israeli Air Force C130
    transport plane, in full view of dozens of witnesses, including members of
    the Lebanese army and others. SLA troops under the command of Major Saad
    Haddad were slipped into the camps to commit the massacres. The SLA troops
    were under the direct command of Ariel Sharon and an Israeli Mossad agent
    provocateur named Rafi Eitan. Hobeika offered evidence that a former U.S.
    ambassador to Lebanon was aware of the Israeli plot. In addition, the IDF
    had placed a camera in a strategic position to film the Sabra and Shatilla
    massacres. Hobeika was going to ask that the footage be released as part of
    the investigation of Sharon.

    After announcing he was willing to testify against Sharon, Hobeika became
    fearful for his safety and began moves to leave Lebanon. Hobeika was not
    aware that his threats to testify against Sharon had triggered a series of
    fateful events that reached well into the White House and Sharon's office.

    On January 24, 2002, Hobeika's car was blown up by a remote controlled bomb
    placed in a parked Mercedes along a street in the Hazmieh section of Beirut.
    The bomb exploded when Hobeika and his three associates, Fares Souweidan,
    Mitri Ajram, and Waleed Zein, were driving their Range Rover past the
    TNT-laden Mercedes at 9:40 am Beirut time. The Range Rover's four passengers
    were killed in the explosion. In case Hobeika's car had taken another route

    through the neighborhood, two additional parked cars, located at two other
    choke points, were also rigged with TNT. The powerful bomb wounded a number
    of other people on the street. Other parked cars were destroyed and
    buildings and homes were damaged. The Lebanese president, prime minister,
    and interior minister all claimed that Israeli agents were behind the
    attack.

    It is noteworthy that the State Department's list of global terrorist
    incidents for 2002 worldwide failed to list the car bombing attack on
    Hobeika and his party. The White House wanted to ensure the attack was
    censored from the report. The reason was simple: the attack ultimately had
    Washington's fingerprints on it.

    High level European intelligence sources now report that Karl Rove
    personally coordinated Hobeika's assassination. The hit on Hobeika employed
    Syrian intelligence agents. Syrian President Bashar Assad was trying to
    curry favor with the Bush administration in the aftermath of 9-11 and was
    more than willing to help the White House. In addition, Assad's father,
    Hafez Assad, had been an ally of Bush's father during Desert Storm, a period
    that saw Washington give a "wink and a nod" to Syria's occupation of
    Lebanon. Rove wanted to help Sharon avoid any political embarrassment from
    an in absentia trial in Brussels where Hobeika would be a star witness. Rove
    and Sharon agreed on the plan to use Syrian Military Intelligence agents to
    assassinate Hobeika. Rove saw Sharon as an indispensable ally of Bush in
    ensuring the loyalty of the Christian evangelical and Jewish voting blocs in
    the United States. Sharon saw the plan to have the United States coordinate
    the hit as a way to mask all connections to Jerusalem.

    The Syrian hit team was ordered by Assef Shawkat, the number two man in
    Syrian military intelligence and a good friend and brother in law of Syrian
    President Bashar Assad. Assad's intelligence services had already cooperated
    with U.S. intelligence in resorting to unconventional methods to extract
    information from al Qaeda detainees deported to Syria from the United States
    and other countries in the wake of 9-11. The order to take out Hobeika was
    transmitted by Shawkat to Roustom Ghazali, the head of Syrian military
    intelligence in Beirut. Ghazali arranged for the three remote controlled
    cars to be parked along Hobeika's route in Hazmieh; only few hundred yards
    from the Barracks of Syrian Special Forces which are stationed in the area
    near the Presidential palace , the ministry of Defense and various
    Government and officers quarters . This particular area is covered 24/7 by a
    very sophisticated USA multi-agency surveillance system to monitor Syrian
    and Lebanese security activities and is a " Choice " area to live in for its
    perceived high security, [Courtesy of the Special Collections Services.]
    SCS...; CIA & NSA & DIA....etc.

    The plan to kill Hobeika had all the necessary caveats and built-in denial
    mechanisms. If the Syrians were discovered beforehand or afterwards, Karl
    Rove and his associates in the Pentagon's Office of Special Plans would be
    ensured plausible deniability.

    Hobeika's CIA intermediary in Beirut, a man only referred to as "Jason" by
    Hobeika, was a frequent companion of the Lebanese politician during official
    and off-duty hours. During Hobeika's election campaigns for his
    parliamentary seat, Jason was often in Hobeika's office offering support and
    advice. After Hobeika's assassination, Jason became despondent over the
    death of his colleague. Eventually, Jason disappeared abruptly from Lebanon
    and reportedly later emerged in Pakistan.

    Karl Rove's involvement in the assassination of Hobeika may not have been
    the last "hit" he ordered to help out Sharon. In March 2002, a few months
    after Hobeika's assassination, another Lebanese Christian with knowledge of
    Sharon's involvement in the Sabra and Shatilla massacres was gunned down
    along with his wife in Sao Paulo, Brazil. A bullet fired at Michael Nassar's
    car flattened one of his tires. Nassar pulled into a gasoline station for
    repairs. A professional assassin, firing a gun with a silencer, shot Nassar
    and his wife in the head, killing them both instantly. The assailant fled
    and was never captured. Nassar was also involved with the Phalange militia
    at Sabra and Shatilla. Nassar was also reportedly willing to testify against
    Sharon in Belgium and, as a nephew of SLA Commander General Antoine Lahd,
    may have had important evidence to bolster Hobeika's charge that Sharon
    ordered SLA forces into the camps to wipe out the Palestinians.

    Based on what European intelligence claims is concrete intelligence on
    Rove's involvement in the assassination of Hobeika, the Bush administration
    can now add political assassination to its laundry list of other misdeeds,
    from lying about the reasons to go to war to the torture tactics in
    violation of the Geneva Conventions that have been employed by the Pentagon
    and "third country" nationals at prisons in Iraq , Guantanamo Bay,
    Morocco, and various East European locations, among others....


    It is noteworthy that the State Department's list of global terrorist
    incidents for 2002 worldwide failed to list the car bombing attack on
    Hobeika and his party.... But Listed a small Hand Grenade thrown at
    a U.S. franchise....? The White House wanted to ensure the attack was
    censored from the report. The reason was simple: the attack ultimately had
    Washington's fingerprints on it....


    This is some of the evidence for you and for the World .... article=1052
    *******************************************************************************
    ~encrypted/logs/access ====>> INTELLIGENCE Agencies Servers footprints.

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Not to mention hundreds of private companies and governments........!
    See Below :
    *******************************************************************************

    Lines 10-36 of my logfiles show a lot of interest in this article: =1052

    # grep sid=1052 /encrypted/logs/access_log|awk '{print$1,$7}'|sed-n'10,36p'.
    spb-213-33-248-190.sovintel.ru /modules.php?name=News&file=article&sid=1052
    Soviet/Russian Intelligence services...
    ext1.shape.nato.int /modules.php?name=News&file=article&sid=1052
    NATO Intel.
    server1.namsa.nato.int /modules.php?name=News&file=article&sid=1052
    Nato Intel.
    ns1.saclantc.nato.int /modules.php?name=News&file=article&sid=1052
    Strategic Air Command US Intel.
    bxlproxyb.europarl.eu.int /modules.php?name=News&file=article&sid=1052
    European Parliament Intel. Unit
    wdcsun18.usdoj.gov /modules.php?name=News&file=article&sid=1052
    USA Department of Justice...
    wdcsun21.usdoj.gov /modules.php?name=News&file=article&sid=1052
    USA Department of Justice...
    tcs-gateway11.treas.gov /modules.php?name=News&file=article&sid=1052
    USA Treasury Department
    tcs-gateway13.treas.gov /modules.php?name=News&file=article&sid=1052
    USA Treasury Department
    relay1.ucia.gov /modules.php?name=News&file=article&sid=1052
    CIA Langley
    relay2.cia.gov /modules.php?name=News&file=article&sid=1052
    CIA Langley
    relay2.ucia.gov /modules.php?name=News&file=article&sid=1052
    CIA Langley
    n021.dhs.gov /modules.php?name=News&file=article&sid=1052
    USA Department of Homeland security Intel.
    legion.dera.gov.uk /modules.php?name=News&file=article&sid=1052
    British Intel.
    gateway-fincen.uscg.mil /modules.php?name=News&file=article&sid=1052
    Pentagon US.
    crawler2.googlebot.com /modules.php?name=News&file=article&sid=1052
    Intel....
    crawler1.googlebot.com /modules.php?name=News&file=article&sid=1052
    Intel.....
    gateway101.gsi.gov.uk /modules.php?name=News&file=article&sid=1052
    British Intel.
    gate11-quantico.nmci.usmc.mil /modules.php?name=News&file=article&sid=1052
    USA Marine Corps Quantico Virginia Intel.
    gate13-quantico.nmci.usmc.mil /modules.php?name=News&file=article&sid=1052
    USA Marine Corps Quantico Virginia Intel.
    fw1-a.osis.gov /modules.php?name=News&file=article&sid=1052
    US Intel SIS.
    crawler13.googlebot.com /modules.php?name=News&file=article&sid=1052
    Intel....
    fw1-b.osis.gov /modules.php?name=News&file=article&sid=1052
    US Intel. OSIS.
    bouncer.nics.gov.uk /modules.php?name=News&file=article&sid=1052
    British Intel.
    beluha.ssu.gov.ua /modules.php?name=News&file=article&sid=1052
    Ukrainian Intelligence.
    zukprxpro02.zreo.compaq.com/modules.php?name=News&file=article&sid=1052....
    Intel....

    "The significance of this masterpiece is not only the divulsion of facts,
    but the focus it's made on the covert cooperation between the parties who
    are playing enemies.... " At the very Least in Lebanon since the 1970s...!!!
     
    *, Dec 8, 2005
    #12
  13. Am Thu, 08 Dec 2005 06:37:16 -0800 schrieb itsecgirl:

    > I belive good security needs to take a layer protection approach. I
    > believe a good practice is to have both a hardware and software
    > firewall.


    Belief is no base for security, knowledge is, you lack knowledge.

    >[...] For home users, I recommend Symantec Internet Security and
    > for corporate users, you can contact me for more info.


    You are clueless.

    Wolfgang
     
    Wolfgang Kueter, Dec 8, 2005
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    443
  2. Boston Bob

    HT tell if ports are being blocked?

    Boston Bob, Jun 24, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    2,525
    Boston Bob
    Jun 24, 2004
  3. Mike
    Replies:
    27
    Views:
    1,692
  4. ashjas
    Replies:
    5
    Views:
    1,281
    ashjas
    Jul 9, 2006
  5. RH

    port scan shows ports not stealthed

    RH, Jul 15, 2007, in forum: Computer Security
    Replies:
    13
    Views:
    754
    Juergen Nieveler
    Jul 16, 2007
Loading...

Share This Page