How did they get behind my NAT?

Discussion in 'Computer Security' started by Maniaque, Oct 10, 2007.

  1. Maniaque

    Maniaque Guest

    Sorry I'm new here, not sure this is the right newsgroup to post to -
    I have a question that is about routers, security, and connectivity
    all rolled into one.

    Yesterday while I was working on my desktop all of a sudden a session
    kicked in on my VNC server - my desktop background image disappeared
    and the RealVNC system tray icon turned black to indicate a session in
    progress. Within a couple of seconds, something hit my start menu, run
    dialog, "cmd", and typed "TFT" in the new command prompt window. At
    this point I panicked and shutdown the VNC service ASAP.

    This post is not actually about the VNC problem, I found out today
    that the version I used had a known security flaw that allowed
    bypassing the password prompt. That is clearly what happened there,
    and could be easily fixed with upgrading to the newest version.

    My question is how the attacker got to my VNC port!

    Here's all the background I can muster:

    - I am running an ADSL router, "Xavi" brand, "7028r" model, and it
    seems to run a "GlobespanVirata" chipset. This was provided to me by
    my previous ADSL provider, Telefonica Spain.
    - I have a standard NAT lan, with a variety of devices connecting to
    the internet through the router.
    - I have certain very specific ports forwarded to my desktop for
    remote access, peer-to-peer connectivity, etc. \
    - I am NOT forwarding either of the VNC ports (standard ports 5900
    and 5800), so to my limited knowledge the VNC service should not be
    accessible from the internet. I have of course tested this, and found
    that to be correct. The VNC service is not publically accessible.
    - I do not have the firewall enabled on the router, because I assumed
    the NAT basically made it safe. I tried enabling the router firewall
    today but it also seems to block the services that I need to be able
    to access from the internet (eg HTTP, I run a small webserver), so
    that does not work for me.
    - I WAS running uTorrent at the time of the attack (and had been for
    a few hours)
    - I did get the IP address of the attacker from my VNC log, it was
    "", an address in germany. I have not looked for or found
    any further information. I guess I could try a port scan but I assume
    it's a zombie computer so what's the point.

    Now my understanding is that "" being an internet
    address, for the VNC session to work that address would need to be
    routable - the only way that that address could be routed on my
    network is through the ADLS router / gateway (I think). In theory I
    guess there could have been some sort of local tunnel set up, but I
    assume that would have required a virtual network adapter to have been
    set up on my computer? (I saw nothing like that, and virus and spyware
    scans have come up clean).

    If it was routed through my router, how could the attacker have
    convinced the router to initiate the communication to my internal port
    5900 on that particular machine??? The safety of a NAT, as I
    understand it, is that remote hosts cannot access an internal address
    unless there is explicit port forwarding enabled, or the session is
    initiated by a host behind the NAT, is that not correct?

    I guess I'm only coming to the real point of my post now - assuming
    that I'm on the right track, and that this communication on port 5900
    was happily handled by my router, could it have been initiated my
    another program on my desktop, specifically the uTorrent client? I've
    been logging sessions on my router since this morning, and I see that
    client connections are opened by the uTorrent client (very frequently,
    thousands per hour) with random local port numbers, that slowly seem
    to increase / cycle. It is possible that the uTorrent client made a
    client connection using local port number 5900 (which was also being
    used by the VNC server), and the computer/remote host that the
    uTorrent client was connecting to took advantage of this situation to
    test / probe / attack the VNC server on that port?

    I guess the questions are:
    - it it possible for a client TCP connection to be initiated by a
    local "client" program from a port that is already being used by a
    "server" program, like VNC server?
    - what are the chances, statistically speaking, that this would
    happen? Would it be worth a hacker's time to set up servers as
    bittorrent participants / seeds in the hopes that some client computer
    makes a connection using a special port (eg VNC), which could then
    allow the computer's VNC server to be probed / tested for the known
    VNC vulnerability? It's the only explanation that I can think of, but
    I just can't see how it would be worth a hacker's time!

    Final blurb: I set up a syslog server on my desktop and have been
    logging all incoming and outgoing sessions from my router (generating
    a nasty amount of log data, but I'll put up with it). This way I'll be
    able to see how the session gets set up, if I ever become aware of
    another similar situation. I will upgrade my VNC server of course, so
    the attack would need to use another vector. My concern of course is
    that I may NOT be aware of it next time. My desktop is not hardened as
    a public server with all ports exposed - I'm very much counting on the
    fact that only specific selected ports should be accessible from
    outside. In theory, if any port on the desktop can be exposed, then my
    windows filesharing setup is just one of the things that would be
    vulnerable to brute-force attack. Is there anything else I can do to
    investigate this or help prevent future issues? Does anyone have any
    experience with the Xavi router or GlobespanVirata chipset that could
    help me get it set up to prevent this from happening again? For now I
    will probably install a local firewall on the desktop allowing only
    the servers I need to work, but that of course makes all sorts of
    things more complicated - file and printer sharing, VPN client
    software setup, HTTP proxy setup, etc etc. I just wish I could feel
    safe in my own network again!

    Sorry about the monster first post, I would appreciate any and all

    Maniaque, Oct 10, 2007
    1. Advertisements

  2. Maniaque

    Leythos Guest

    You mention the ADSL Router and NAT LAN, but you don't tell us how the
    NAT is implemented - is the ADSL device doing the NAT or do you have a
    NAT Router Appliance? You sort of indicate you do, but you don't tell us
    what device/vendor it is.

    You mention that you have ports forwarded for sharing - bad move.

    I suspect that you also have UPnP enabled and a weak password on the

    I suspect that you have so many holes in your NAT that you've let the
    person in on VNC and just don't know it.

    Try this:

    1) Disable UPnP

    2) Change the NAT Router (assuming that you have one and it's not the
    DSL router) to and remove ALL port forwards and ALL
    Triggers if used. Change the password to something proper.

    3) Run a quality Anti-Malware tool on your computer, run it in Safe Mode

    4) Do not share your computer with anything/anyone outside the LAN, stop
    doing file sharing completely - buy what you need instead.

    5) Put your website on a proper web server, one protected by a real
    firewall and on a locked down OS following the OS Vendors FULL

    Don't port forward and make sure that UPnP is disabled.

    Stop providing services over a residential grade DSL service.

    Leythos - (remove 999 to email me)

    Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
    create filth and put it on the web for any kid to see: Just take a look
    at some of the FILTH he's created and put on his website: all exposed
    to children (the link I've include does not directly display his filth).
    You can find the same information by googling for 'PCBUTTS1' and
    'exposed to kids'.
    Leythos, Oct 10, 2007
    1. Advertisements

  3. Maniaque

    Maniaque Guest

    Thanks for the feedback!
    Sorry I wasn't clear - the ADSL router is the NAT device. The ADSL
    connection uses PPPoA, which means (as I understand it) that I cannot
    operate the ADSL device in "bridged" mode with a different device
    handling the routers/NAT functions. I guess I could simply leave the
    ADSL device be, and set up a second NAT LAN behind another device - is
    there any disadvantage to double-NATing?
    Fair enough - why? Based on my limited understanding, this would only
    be a bad move if the file sharing program (uTorrent) had some
    vulnerability, right? Otherwise how could this be a problem?

    To be fair, I agree that the file-sharing is probably a major
    contributing factor - first of all there is the fact that the attack
    happened while I had the file-sharing program running, which is only
    once a month or less, and secondly I have noticed that when I have it
    running it drastically increases the amount of non-legitimate-looking
    activity to my IP address, so I guess attackers monitor this activity
    closely as "clueless but ambitious home user here, let's see what we
    can do with him!" targets. There could well be an unknown
    vulnerability in uTorrent of course, but I expect if that were the
    case the attacker would have done more than access my vulnerable VNC
    No and No. And the router does not have outside admin access enabled.
    And the first thing I did within seconds of the attack was check the
    router configuration to make sure that they hadn't got in that way.
    Fair enough, but I'd love to know how!
    done, always was
    I could do this, but that would really defeat the purpose of my asking
    the question here, as it would also prevent me from providing public
    access to specific services on the desktop. If that is totally
    impossible (to expose only specific ports to the internet and have all
    other ports be normally hidden) then I guess that's that. But it seems

    Any suggestions on quality anti-malware tools? I use AVG antivirus and
    Spybot S&D, so far they haven't missed anything that I know of (but
    then I wouldn't, would I? :))

    err - how does safe mode help? you mean so I don't have any additional
    programs running?
    If what I "need" were easy to buy, I would happily do so :) - I use
    uTorrent only to get stuff that I cannot find anywhere else, or for
    linux distributions (I would recommend it in fact, it is an incredibly
    fast way of getting any full multi-GB distribution you may want to try
    out, AND it makes the overall distribution much much easier/cost-
    effective for the maintainers)
    ok, so what you're saying is that there is no way to safely run a
    simple website without paying out either professional hosting fees or
    buying all the equipment that hosting vendors require. A safe, but
    uninspiring, answer.
    UPnP is disabled, but I would love to understand what the problem /
    risk with port forwarding is - can you provide any information, links,
    resources to help me understand?
    "Services"? I run my own personal 10-pageview/month website! It's
    kind of sad if there is no way to do that using home tools... Maybe
    that's where we're at now, I'm not sure.

    Thanks again for the feedback, I'd appreciate any info you could
    provide on the port forwarding question though!

    Maniaque, Oct 11, 2007
  4. Maniaque

    Leythos Guest

    Not having experience with that router, I can't be sure what limits it
    has or what quality of NAT and forwarding it has. The key thing is that
    the device does not provide a PUBLIC IP inside the LAN area and that you
    have control over what is forwarded inbound.

    I've seen a number of DSL routers that are PPPOE (no experience with oA)
    that use NAT to 1 IP, but they forward ALL ports inbound to that IP - so
    the users might as well be on a public IP.

    Double NAT'ing only has an advantage if you have one of those devices
    that forwards ALL PORTS to the single internal IP provided by the
    Because if you don't know enough that you have to ask here, it means you
    don't know enough to be securely exposed to the internet.
    You can get Linux without uTorrent, at least any quality Distro.

    uTorrent doesn't expose your VNC, but, there is any number of unknowns
    where as to what you've done in addition. The issue is that I've not see
    anyone that needs to run a file-sharing program on their computer unless
    they were pirating files of some type. Yea, not always true, but it's a
    good assumption since there are legal means and methods without using
    file sharing methods.
    No, it's the start of trying to determine what happened while you are
    also secure to do it. NAT only blocks inbound, so you could learn if
    what's on your machine also phones home or creates a connection to a
    remote location to allow control. First thing is block inbound
    connections, second is monitor outbound connections or block them
    entirely while you look.
    AVG is crap - I've seen hundreds of computers with AVG compromised. I
    use Symantec Corporate software, it's not a resource hog like Norton is
    and it's stopped all that I've been exposed to.

    If you want to know what AV products to trust, I've always found this
    site to have unbiased reviews and test results:

    Here are a few tools that I use and trust:

    Always remember - only download files from Trusted Sites.

    The following links will take you to vendors sites for Spy Ware / Ad
    ware removal tools and also for Antivirus tools. After you install any
    of these applications and update them, run them in SAFE MODE to allow
    them to properly clean your system.

    First, make sure that your Java is updated to the latest version:

    These sites are for downloading Anti-Malware and Anti-Spyware tools, in
    order that I would use them myself:

    Dave Lipman's tools:
    Download MULTI_AV.EXE from the URL --

    AdAwareSE can be found here:

    SpyBot Search and Destroy can be found here:
    Because many malware can't run in safe mode - it's not just "you having
    any additional programs running". In the case of Multi-av, download it,
    run it in normal mode to get the updates, but don't run the scans, then
    reboot in safe mode, run it again, since safe mode disables the network,
    you've already downloaded them, now run the scans, full drive, run each
    of the 4 scanners and run them until nothing is found.
    I'm well aware of torrent software, but I don't use it either and never
    have a problem getting distro's downloaded. I don't subject my networks
    to unknowns.

    I also don't download apps I've not paid for or music or anything that
    is questionable - not saying you do, as you've side stepped that issue -
    but the quickest way to get compromised is to start downloading pirate
    No, what I'm saying is that there is little chance that a non-OS guru,
    that a non-technical type, is going to run a website without being
    compromised or exploited - notice why you are here.
    IF you allow anyone in you risk being connected too, simple enough to
    If you run a website then you really need to step back and start
    learning about security and how to setup a DMZ and how to lock down your
    Port Forwarding - means you are allowing the WORLD ACCESS TO THE PC YOU
    the service answering that port(s) secured then you've exposed your

    Leythos - (remove 999 to email me)

    Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
    create filth and put it on the web for any kid to see: Just take a look
    at some of the FILTH he's created and put on his website: all exposed
    to children (the link I've include does not directly display his filth).
    You can find the same information by googling for 'PCBUTTS1' and
    'exposed to kids'.
    Leythos, Oct 11, 2007
  5. Maniaque

    Bit Twister Guest

    Bit Twister, Oct 11, 2007
  6. Maniaque

    Maniaque Guest

    It does not.
    regardless of the inbound transport type (PPPoE, PPPoA, RFC1483, etc),
    most NAT router devices (that I have seen) do not by default use a
    "default forwarding IP", although it is an option on many. Not this
    one, as it turns out.

    ok... and what is the advantage then? The only reason I'm considering
    it is because then I can use a regular/standard device like the
    linksys wrt54G that is well-known and supported on the internet, turn
    on the firewall on that device (which I had to disable on the router I
    use now), and keep the services that I need up.
    Oh come on - this sounds a lot like "I don't know exactly, but I know
    it's a bad idea, so I'm going to make fun of you instead of answering
    the question". I understand that exposing a port exposes any service
    that listens on that port. I also understand that that then means any
    vulnerability in that service then becomes a vulnerability for the
    entire server, and potentially (in my case, without DMZ etc) the
    entire network. I understand that, and it's a risk I'm OK with. My
    question is whether anyone can tell me whether there are any
    circumstances under which port forwarding is "bad" in and of itself,
    rather than because of any vulnerabilities in the services that it
    purposefully exposes.
    OK, now there's a sensible suggestion - you're saying (unless I got it
    wrong) that the infection probably had nothing to do with the port
    forwarding at all, but rather was because of some something I picked
    up while downloading all those pirated "w4r3z" that I keep hidden
    under the kitchen sink, and that said malware has escaped detection
    either through comporomising my detection tools or because they're
    just too specific, not known widespread infections. To be fair, that
    is a possibility. I do take more risks than I probably should, I could
    well at some point have run something I shouldn't have... but I don't
    think so.

    Ah, now there's a sensible suggestion, again - running a software
    firewall or carefully monitoring all outgoing traffic on the router (a
    monster task, i
    it's accumulated 20 megs of data in 1 day) would certainly help
    identify any unpleasant low-key trojan I may have running.
    Nice to know, thanks!
    Thanks, never heard of multi-AV
    Fair enough, I didn't realize the idea was to more thoroughly scan for
    malware, but with the suggestions above I think I'm well equipped to
    do that :)

    ok, but calling the entire family of bittorrent programs a general
    "unknown" is exaggerating a little, no? The protocol is well-specified
    and well-understood, there are the same security measures built in as
    for a direct download from a distributor via HTTP or FTP (i.e MD5
    hash). If you're referring specifically to uTorrent, fair enough. Not
    open-source, already had one known vulnerability - I'd say it's more
    risky than I planned.
    Yep, that's fair.
    Yep, but that's how you learn. I'm a little bit irked by your
    condescending tone, but I really do appreciate the time and help -
    while I have worked with professional windows-based webserver
    development and hosting for several years and have a pretty good idea
    of "best practices" are at a corporate level, I'm trying to work on a
    shoe-string budget here, get a taste for doing things for free or
    cheap. As I get burned, I'm trying to understand exactly why and how.

    But more than a little simplistic, no? The ONLY argument against port-
    forwarding that I have seen from you so far, and that I was well
    aware of before, is that it limits the security of your server, and in
    my case network, to the security of the service running on the
    forwarded port. On the other thread (sorry about the messed up cross-
    post, like I said I am new here), someone suggested that there are
    ways and means to gain access to a port OTHER than the one being
    forwarded - but if I understand correctly that argument applies
    equally if you don't forward ports at all!

    Well, I was pretty sure I had :)

    Which is why I'm trying to understand where I went wrong. As you've
    noted, I have probably not searched extensively enough for malware - I
    will keep at it. Other than that, I run an updated version of Apache,
    there are no known vulnerabilities for other services I expose,
    uTorrent seems the most risky, and the jury's still out on what
    actually caused the problem:
    - malware that I somehow acquired?
    - unknown uTorrent vulnerability?
    - misunderstanding of how NAT works, leading to attacker's ability to
    access a port that was NOT forwarded?

    Yes, that's pretty obvious. But that's not a problem with port
    forwarding, it's a problem with the services you are exposing.
    Obviously if they are not secure, and they are public, nothing is

    Thanks again,
    Maniaque, Oct 11, 2007
  7. Maniaque

    Leythos Guest

    And, having worked all over the country here in the US, I can say that
    I've seen in about 30% of cases - that's why I mentioned it.
    In a double NAT you could use it like a DMZ and LAN - the first NAT
    would be your DMZ, the second NAT would be your LAN - so, you would port
    forward to the DMZ computer and not to the LAN computers. This means
    that your LAN computers could access the internet and DMZ computers, but
    the DMZ/WAN networks would not be able to access the LAN computers:

    WAN >>> NAT1 >>> DMZ >>> NAT2 >>> LAN
    No, it means that you really don't know enough and have not spent the
    time to just read how to secure your web/network from the thousands of
    websites that have been around since before you started doing this. It
    means that you're looking for a short-cut to get it done quickly and
    don't want to spend the time to properly secure it and learn about it.
    No picking on you intended, just calling it like I've seen it thousands
    of times.
    Port Forwarding is not different than exposing the listening service by
    any other means - all traffic that hits that port is sent to the device
    listening. Once that listening service is compromised, any number of
    things can be done to the host computer/device - and there is no way to
    know what the hacker would/is doing unless we see the computer.
    No, since the problem could have been things you downloaded OR from
    compromised services you allow public exposure too.

    You say you don't think you've done anything, but the fact is that
    Someone was using your VNC connection other than you - so you've done
    something and don't know what, yet you want to knock the basics of
    security because "you don't think so".
    No, software firewalls are useless on most personal computers. What you
    want to do is run a logging application that accepts the logs from the
    NAT appliance - this will show, in real time, inbound and outbound
    traffic clearly.

    If the log doesn't allow easy determination of ports/IP, then it's
    Always scan offline - in fact, if you can place the drive in a clean
    machine and scan, it's even better.
    well, fact is that most people doing torrents are also downloading
    things that are unethical/pirated and against licensing. Being Open
    Source does not mean it's any better, but that you download a lot means
    your exposure is much higher.
    It's not condescending, it's accurate and because of years of working
    with people in your boat - yea, people don't like to be exposed for not
    doing the leg work before jumping into things, but, it's not personal,
    it's technical.

    Fact is that you can secure a Windows PC just fine with a Simple NAT
    router and run a nice website on it without much fear, but you really
    needed to follow ALL of the security instructions and methods as
    suggested for YEARS by MS and others - before you put it online.
    Yea, some routers can be cracked by several means, most of them have
    been patched - that's part of not using the default network address
    range, not using a weak password, not using standard ports, checking the
    logs, etc.... If you are hosting a web server you really need a real
    firewall and not a NAT device.
    Well, since you can't be sure that you secured the services then you
    have to look at if you really need the ports forwarded.

    There are methods that you can use to detect attacks with you needing to
    be there (auto methods in firewalls) - hosting means you need to
    consider the protection of your devices so that the rest of us don't
    suffer because of your compromise.

    Leythos - (remove 999 to email me)

    Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
    create filth and put it on the web for any kid to see: Just take a look
    at some of the FILTH he's created and put on his website: all exposed
    to children (the link I've include does not directly display his filth).
    You can find the same information by googling for 'PCBUTTS1' and
    'exposed to kids'.
    Leythos, Oct 11, 2007
  8. Maniaque

    Maniaque Guest

    Thanks for all your help Leythos!

    The double NAT setup makes sense, I did not understand that you meant
    using the first NAT as DMZ.

    I am familiar with Microsoft's Baseline security checklists, multi-
    layer security, etc - I'm just more concerned with having a solid
    first layer for this simple home-hosting situation, and keeping all my
    "convenience" functionality (eg VNC service hidden from public access,
    rather than disabled) around. I don't have a machine to spare as my
    web server, so until I get truly fried I'll soldier on... :)

    I'm pretty sure I found the attack vector in the end, it turned out to
    be neither downloaded malware nor a compromized service (although I am
    aware that both remain a possibility):

    Michael Ziegler helped me find the issue on a thread I badly cross-
    posted on alt.comp.networking.connectivity:

    My router (Xavi 7768r with GlobespanVirata chipset, I think I had it
    wrong above) has an Active FTP "NAT Helper" which allows any program
    with TCP-connection-creation priviledges on any of my computers to
    open an incoming port to this machine from a target site on the
    internet. Java Applets, by default, have this functionality enabled.
    You can test for this "feature" or "flaw" at the following site:

    On the day this happened, I was browsing on at least a couple of sites
    that could well have had "harmful content", probably including a java
    applet that opened up my port to the attacking site by using the FTP
    NAT helper trick. My VNC server was a flawed version which (I tested
    that) allowed certain well-crafted incoming connections to bypass

    Now - at this point I have no proof that that was the course of
    events, but "Occam's razor" and all that, it is definitely the
    simplest explanation that fits all the facts. I will definitely do a
    more thorough malware check on my machine and I will implement a
    solution that allows be to forward the ports I want without the NAT
    Helper flaw, but in the meantime I will sleep much better knowing that
    chances are 95% that I at least know exactly what the problem was. And
    at the same time I learned a lot about what NAT is and isn't!

    Thanks for all your help!
    Maniaque, Oct 11, 2007
  9. Maniaque

    Leythos Guest

    A DMZ is a secured network that you use for Public hosts that they don't
    want to expose their LAN to when they are compromised.

    So, look at how this works:


    So, you put your web server in the DMZ network - that would be the LAN
    side of NAT 1 device. In NAT 1 you forward from the public IP to the DMZ
    network machines as needed.

    In NAT 2 device you don't forward ANYTHING, nothing, nada, zip. This
    means that the computers in your LAN network are not exposing anything
    to the public for them to vector in on.

    So, DMZ is web/ftp/etc servers, (LAN2) is the protected network were
    your computers reside.

    Make sure that you change the default subnets for each LAN/DMZ.

    LAN1 =
    LAN2 =

    Leythos - (remove 999 to email me)

    Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
    create filth and put it on the web for any kid to see: Just take a look
    at some of the FILTH he's created and put on his website: all exposed
    to children (the link I've include does not directly display his filth).
    You can find the same information by googling for 'PCBUTTS1' and
    'exposed to kids'.
    Leythos, Oct 11, 2007
  10. Maniaque

    Unruh Guest

    I suspect they got in through your http port which you have wide open, with
    no NAT on it.

    You may also have your system set up in bridging mode in which case there
    is no NAT either. What is your IP address on your computer?
    ifconfig in linux or ipconfig. If it is a routable addresses you are
    running in bridging mode and do not have NAT.

    And any one of those could be broken into, especially the http port.

    And that means you do not have http (port 80) NATed.
    Unruh, Oct 12, 2007
  11. Maniaque

    Unruh Guest

    No you cannot. Having double NAT confuses the hell out of many routers.

    t set up a firewall properly.

    And you know it does not? You also have port 80 open but do not tell us
    which web server you run.

    Unruh, Oct 12, 2007
  12. Maniaque

    Unruh Guest

    You talk about Linux which you almost certainly downloaded using torrent
    and you say that the only use you know of for filesharing is pirated files?
    Unruh, Oct 12, 2007
  13. Maniaque

    Leythos Guest

    No, what confuses users is not understanding that both LAN's must be in
    different subnets or the router wont know which LAN you want to access.

    Routers have NO issues with double NAT, it's only when the user doesn't
    know anything about networking and sets both LAN's to (or
    the default subnet on both).

    Leythos - (remove 999 to email me)

    Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
    create filth and put it on the web for any kid to see: Just take a look
    at some of the FILTH he's created and put on his website: all exposed
    to children (the link I've include does not directly display his filth).
    You can find the same information by googling for 'PCBUTTS1' and
    'exposed to kids'.
    Leythos, Oct 12, 2007
  14. Maniaque

    Leythos Guest

    No, I downloaded Linux (Fedora) using FTP, not a torrent, and I do not
    use torrent programs, nor other PtP programs.

    You also misstated my view of P2P programs, I said "I've not see anyone
    that needs to run a file-sharing program on their computer unless they
    were pirating files of some type." which is not the same "the only use".

    Yes, people CAN use P2P software ethically, but I've not seen ANY person
    that has P2P software installed that has ONLY used it ethically.

    Leythos - (remove 999 to email me)

    Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
    create filth and put it on the web for any kid to see: Just take a look
    at some of the FILTH he's created and put on his website: all exposed
    to children (the link I've include does not directly display his filth).
    You can find the same information by googling for 'PCBUTTS1' and
    'exposed to kids'.
    Leythos, Oct 12, 2007
  15. Maniaque

    Jim Watt Guest

    if you are running software obtained from a bittorrent you
    do not know if its been tampered with to include a backdoor
    for some hacker.
    Jim Watt, Oct 12, 2007
  16. Maniaque

    Unruh Guest

    That can certainly confuse things. But also NAT tends to work by assigning
    a very high port number on the outgoing and translating those. If the port
    on the inward side is also a high number, then the system can get confused.
    Of course they should not, but should not and do not are different things.
    Unruh, Oct 13, 2007
  17. Maniaque

    Unruh Guest

    As I pointed out, I have and almost certainly you have as well. Let me give
    as an example Mandriva, which I am downloading via torrent right now from a
    bunch of sites around the world, and I suspect strongly that they use
    torrent only for downloading programs. Also I have a torrent running to
    allow people to download the repostitory. That is a completely
    legitimate use and the system is not used for "unethical" purposes (We have
    permission from the people at to do so). So, now you have to
    change your statement.
    Unruh, Oct 13, 2007
  18. Maniaque

    Unruh Guest

    Yes, you do. The tracker has a md5sum which tells you that what you
    downloaded is the same as what you were supposed to download.
    If what you meant to say is that if you download a torrent whose tracker is
    controlled by some totally unknown person, you do not know whether what you
    downloaded is not tampered with. But that is also true if you download via
    ftp or http or whatever. And with torrent you have the MD5 checksum to
    ensure that what you downloaded is what you were supposed to.

    Ie, your observation is ass backwards.
    Unruh, Oct 13, 2007
  19. Maniaque

    Leythos Guest

    You've not comprehended what I wrote - I never once said that "ALL
    USES" are unethical or illegal - but I can see how someone that is
    paranoid would think I said that if they didn't comprehend what I wrote.

    Leythos - (remove 999 to email me)

    Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
    create filth and put it on the web for any kid to see: Just take a look
    at some of the FILTH he's created and put on his website: all exposed
    to children (the link I've include does not directly display his filth).
    You can find the same information by googling for 'PCBUTTS1' and
    'exposed to kids'.
    Leythos, Oct 13, 2007
  20. Maniaque

    nemo_outis Guest

    It is you who hasn't comprehended.

    You said that you had never encountered a person who used P2P exclusively
    for ethical purposes. Unruh gave himself as an example of someone who only
    uses P2P ethically (which he described with examples). Unless you believe
    Unruh is lying, you now DO KNOW at least one person who uses P2P ethically
    and, accordingly, you must (at least in future) change your statement about
    never having encountered such a person.

    nemo_outis, Oct 13, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.