Are web sites attacking us even AFTER we disconnect from them?
in [Firewalls]
|
Prev: Decisions
Next: SW firewall speed drop :-(
From: Andrea Otto on 9 Sep 2007 11:56 Are web sites attacking us even AFTER we disconnect from them? Can someone else verify (& perhaps explain) what's going on here? My test: 1. Set PeerGuardian (PG2) freeware to "Block HTTP" 2. Point your browser to a suspect site such as www.onlyteenstgp.com 3. Do you see many blocks of "Beyond The Network America, Inc"? 4. Now press the PG2 "Allow HTTP" button (wait about ten or twenty seconds) 5. Then press "Block HTTP" and you'll again see the blocked connections 6. These blocked connections continue until you change your IP address 7. Only then do these blocked connections cease to arrive My hypothesis: - The bad guys target your IP even after all communications cease. - I presume they are looking for weak ports. - When I change my IP address, they lose me & that's why it stops. My question: What is going on? Are web sites attacking us even AFTER we disconnect from them? What are they trying to obtain from us? Why didn't my firewall stop this (why does PG2 only stop this)?
From: Andrea Otto on 9 Sep 2007 12:03 On Sun, 9 Sep 2007 08:56:50 -0700, Andrea Otto wrote: I skipped an important step which was to close your browser down. 1. Set PeerGuardian (PG2) freeware to "Block HTTP" 2. Point your browser to a suspect site such as www.onlyteenstgp.com 3. Do you see many blocks of "Beyond The Network America, Inc"? 4. Now press the PG2 "Allow HTTP" button (wait about ten or twenty seconds) 5. Then press "Block HTTP" and you'll again see the blocked connections 5.5 CLOSE YOUR BROWSER! 6. These blocked connections continue until you change your IP address 7. Only then do these blocked connections cease to arrive Even with no browser running, the connections from them continue to be blocked by PG2. The connections from them only cease when you change your IP address. What is going on? Why didn't my firewall settings prevent this kind of attack? Are rogue web sites mining your IP address and then "attacking" somehow? Is there some other way to verify other than PG2 log files? In summary, Are web sites attacking us even AFTER we disconnect from them?
From: rodney.usenet on 9 Sep 2007 12:17 On 9 sep, 17:56, Andrea Otto <aotto1...(a)onlinehome.de> wrote: > > Can someone else verify (& perhaps explain) what's going on here? > 2. Point your browser to a suspect site such aswww.onlytee.. Idiot. -- Rodney
From: Ed Drivenowski on 9 Sep 2007 13:33 On Sun, 09 Sep 2007 16:03:03 GMT, Andrea Otto wrote: > Are web sites attacking us even AFTER we disconnect from them? Yes. Of course they are. I'm not an expert but no firewall can protect you on the Internet and there is no freeware known to man that tracks the connection attempts made to the thousands of ports to your computer. Even legitimate sites do this all the time! You can repeat your experiments with Disney or the NY Times or even Newsweek and you'll see the same affect. They "remember" your IP address and then send "things" your way even after you've changed the browser connection. It's just the way it is and you may as well sit back and enjoy it.
From: Sebastian G. on 9 Sep 2007 15:33
Casey wrote: >> Yes. Of course they are. I'm not an expert but no firewall can protect you >> on the Internet and there is no freeware known to man that tracks the >> connection attempts made to the thousands of ports to your computer. >> > I would like to make one correction to your statements. > Sygate Firewall has an outstanding Traffic Log. When your computer > is on line, it lists the following: > 1. All connections and attempted connections incoming and outgoing. > 2. It lists local and remote IP numbers of these sites. > 3. Specifies protocol ie, TCP, UDP, and ICMP. > 4. List port numbers. > 5. Lists software making your own outgoing connections. > 6. Gives time/date. > 7. Indicates allowed or blocked. > > If fact, there is not much else it could report. Unless you'd consider packet content and state information as useful. And unless you actually want to use that machine for anything but testing. Why else would someone intentionally install this defective software? |