Re: Plausible reasons for http access?

Moe Trin wrote:

On Thu, 14 Dec 2006 in the Usenet newsgroup comp.security.misc, in article
<z81gh.67520$rv4.28983@edtnps90>, warf wrote:
..
wrote:
snip some important but volumous and onorous content...to free up your time while helping me..
Lessee, you're posting from an 'eastlink.ca' cable address. _Most_
residential broadband providers (especially in North America) like to
pretend to be "common carrier" which is a US term meaning someone who
provides transportation service - in this case, transporting packets.
They claim that's all they do, and they are not responsible for the
_content_ of those packets. Other providers around the world have
adopted a similar concept of "we're only delivering connectivity",
because it's less of a hassle than policing their turf, inspecting
the content of those packets, and so on. Yes, they're supposed to
pay attention to abuse complaints, but kicking off customers isn't
the way to make money. That's why we (in the business) use firewalls
to block access to our systems from large parts of the world.

You are very helpful and a valuable asset to persons like me trying to gain some sense of awareness.
RE providers, mine in particluar: Just today I noticed a FireWall rule had been created on my behalf [thanks, I think?] ....it passed a UDP packet to Level-3...which WHOIS->wiki says is the premier i-net backbone carrier in...the world.

you did say you area able to restrict your system from 'parts of the world...but if i am compromised then you are as well....by redirection so to speak.

.....snip some other useful text.
For XP, try 'netstat /ano'
and see what's open....snip for brevity.. they get the same "Connection refused" as
shown above.

Actually, ZA, Spybot S&D and Adaware provide me with those functions and that is how I became aware of LSPs and the convoluted path from executable to DLL to [fill in the blanks] to internet packet can be....and I wept volumously! [How can i learn fast enough to even keep up with the changes in protocol, never mind the tactics? hence my intrusion on this group....and maybe so others can learn and thereby thwart hijacking and cloaking]

F-EG:[vida supra] SCVHOST is running 6 instances of itself, each instance has about 20 different open modules. Many instances have different open 'ports' numbered anything but 80,110,25. Most all are 'listening' meaning awaiting incoming requests to connect right?
As you said [vida infra] if they are denied connection nothing happens. My ports are supposed to be masked by the firewall. I wonder though if Spybots utility has failed to differentiate a proxy port and an actual open ethernet-internet port and is telling me I have "open ports" but no tcp/ip packets are acknowledged unless specificaly allowed? {Easy now...I said I am a pleab..}

snip...
do I wonder why PCanywhere is trying to connect to me from RU?

Are people still using that?

My FW log says they are...kids or oldfarts I s'pose.

Or do I just watch blissfully the blinking lights on my Dlink wireless
router [hardwire connection]

OK - stop it right there.
>If someone tries to connect to port 80 on your
eastlink IP address, what "answers". (I haven't had a single system
setup in decades - if you connect to my broadband address, which of the
six computers should respond? Seeing as how I'm not offering services
to the world, the "new" connection isn't forwarded, but is blocked at
the router.)

AHHH...ok??? Even though the 'watch the lights blinking was metaphoric for "pick my nose in bliss and scratch my festering arse" I think I see what you are saying. If I am not offering a service there is no connection to be had? BUT, the 'service' may be offered by a trojan and you may be saying...find out what answers when i call?? Can I call myself on my own line, so to speak?

I do in fact have a Dlink router using hardwire to the cable modem and cable to the e-net adapter on my laptop....do those open ports mean they are simply forwarded to the router in no IP is associated with the open port number? The modem, the card and the cable modem have an IP address AND i have the internal 127.0.0.1 circuit to....no?

snip...
One of the problems with computers connected to the Internet is that
many (most) people don't want to learn anything about them. snip..

Old guy

Thanks, I still reiterate...again and unabatedly, I feel that by the time I get caught up It [I] will be outdated....I was a wiz at W95 [or so I thought] about the time W2000SP3 was dessicated wannabe [g].
Defeated but optimistically....miffed.
.

Relevant Pages

  • Re: Securing a server under Windows 2000
    ... > how could I close all ports below 1024. ... > these are the open ports in my machine. ... Just after booting it up. ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Securing a server under Windows 2000
    ... > how could I close all ports below 1024. ... > these are the open ports in my machine. ... Just after booting it up. ...
    (microsoft.public.win2000.security)
  • Re: Securing a server under Windows 2000
    ... > how could I close all ports below 1024. ... > these are the open ports in my machine. ... Just after booting it up. ...
    (comp.security.firewalls)
  • Re: Babysitting on iptables requested :-)
    ... Here's the list of ports that I see probed then I take the "Probe my ... this was a friendly probe; all packets were TCP SYNs - ... SYN is a packet that is used to initiate a TCP connection. ... >> between Windows machines, so without this a Windows machine in your ...
    (comp.os.linux.security)
  • Re: Political Analysis of Security Products
    ... > bee collected nor has any evidence of such a backdoor ever really been ... send several packets to ports on the target system. ... be used for booth sides of the security game. ...
    (Pen-Test)