Traffic Log-Legitimate Traffic or Data Mining???
From: Jeff (jeff_at_nospam.net)
Date: 08/08/04
- Next message: Duane Arnold: "Re: Tiny Firewall Pro 6.0: How do I stealth RPC Port 135 ?"
- Previous message: TheLoneTuna: "Re: ZoneAlarm and yEnc don't play well together"
- Next in thread: Duane Arnold: "Re: Traffic Log-Legitimate Traffic or Data Mining???"
- Reply: Duane Arnold: "Re: Traffic Log-Legitimate Traffic or Data Mining???"
- Reply: Dirk Claessens: "Re: Traffic Log-Legitimate Traffic or Data Mining???"
- Reply: Duane Arnold: "Re: Traffic Log-Legitimate Traffic or Data Mining???"
- Reply: Casey: "Re: Traffic Log-Legitimate Traffic or Data Mining???"
- Reply: Mike: "Re: Traffic Log-Legitimate Traffic or Data Mining???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 08 Aug 2004 17:36:49 GMT
My question comes about because my Netgear router had to be exchanged for a
new unit. I was using Sygate Personal Firewall (Free) at the time, and was
receiving daily reports of others trying to scan my ports. So I downloaded
Sygate Personal Firewall Pro to enhance protection while I was without a
hardware firewall.
I quickly became interested in the Traffic Log, after learning of the
different logs (security, packet, system and traffic) that the application
offered. And I began paying careful attention to it, clearing it often
before conducting any web activities so I could see what was happening.
I now know that everytime I try to download a page from a Yahoo website with
a particular IP address (i.e. 216.109.126.22 for My Yahoo), in less than a
thousand milliseconds my computer tries to send TCP data packets to
us.a1.yimg.com (206.18.104.200), us.i1.yimg.com (12.129.72.136), and
us.news1.yimg.com (12.129.72.144). I've blocked these from going out, and
nearly all other traffic as well, establishing very narrow ranges of safe IP
addresses my software firewall will permit communication with. And that's
the tip of the iceberg. If I try to download the comic from www.dilbert.com
(65.114.4.69), my computer tries to send data packets to
adsremote.scripps.com (204.78.38.15). The list goes on and on and on; these
are just a few examples.
Now that I'm blocking these 'extraneous' data packets from being sent, the
web pages I want to see take 30 seconds to 5 minutes to download, instead of
the usual couple seconds. But they do download eventually. Which tells me
that the data packets being sent out without my permission to other IP
addresses aren't neccessary for me to see the web pages I want. Call it
paranoia, but I can only suspect that the data packets I'm blocking contain
personal data such as my browsing habits going to marketing firms and the
like. I completely erased all of the cookies I had, but this had no effect
at all. Which isn't surprising, since the same kind of behavior (unwanted
data packets going to odd IP addresses) occurs even when I visit a new
website for the first time.
So as I said, I've configured Sygate Personal Firewall with a very narrow
set of IP addresses that information can be sent or received from. I build
up the set of "good IP's" each time I try connecting to a website by looking
at the traffic log, seeing the IP that was blocked when I tried to connect
to a desired website, and then including that IP into the allowed range of
good IPs. And I'm steering clear of sites that want data packets sent to
various alternative IPs when I try to download a webpage, looking for
alternative sites for reading news and other activities.
So the key question I have is this: is there a legitimate reason why my
computer should be sending a data packet to adsremote.scripps.com
(204.78.38.15) when I try to read the daily Dilbert comic (65.114.4.69)?
Other than the initial request from my browser to download the .html file(s)
from a website, why should my browser be sending anything to anywhere else?
I'm not a programmer or networking specialist, but I would sincerely like to
know what's in those datapackets I'm blocking from leaving my computer. For
the moment I'm just building my rules of which IPs are "safe" for my
computer to communicate with, so I can visit an increasing number of
websites. But I see no reason why I should be supplying any group or
business with any data from my computer when its obviously not neccessary
for the webpage I want to download to my computer. It may be extremely
inconvenient waiting five minutes for a webpage to download, but if somebody
wants information from me they should tell me, and possibly be paying me for
it. I realize that they are providing me a service when I download a webpage
from them. But as I said, I am steering away from those websites to
alternatives that aren't mining my computer for information.
Are my assumptions in this totally wrong? Or am I right in assuming there is
no legitimate reason why I should be sending data packets anywhere other
than the IP address from which I requested the web page.
- Next message: Duane Arnold: "Re: Tiny Firewall Pro 6.0: How do I stealth RPC Port 135 ?"
- Previous message: TheLoneTuna: "Re: ZoneAlarm and yEnc don't play well together"
- Next in thread: Duane Arnold: "Re: Traffic Log-Legitimate Traffic or Data Mining???"
- Reply: Duane Arnold: "Re: Traffic Log-Legitimate Traffic or Data Mining???"
- Reply: Dirk Claessens: "Re: Traffic Log-Legitimate Traffic or Data Mining???"
- Reply: Duane Arnold: "Re: Traffic Log-Legitimate Traffic or Data Mining???"
- Reply: Casey: "Re: Traffic Log-Legitimate Traffic or Data Mining???"
- Reply: Mike: "Re: Traffic Log-Legitimate Traffic or Data Mining???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
