Are web sites attacking us even AFTER we disconnect from them?

Are web sites attacking us even AFTER we disconnect from them?

Can someone else verify (& perhaps explain) what's going on here?

My test:

  1. Set PeerGuardian (PG2) freeware to "Block HTTP"
  2. Point your browser to a suspect site such as
    formatting link
  3. Do you see many blocks of "Beyond The Network America, Inc"?
  4. Now press the PG2 "Allow HTTP" button (wait about ten or twenty seconds)
  5. Then press "Block HTTP" and you'll again see the blocked connections
  6. These blocked connections continue until you change your IP address
  7. Only then do these blocked connections cease to arrive

My hypothesis:

- The bad guys target your IP even after all communications cease.

- I presume they are looking for weak ports.

- When I change my IP address, they lose me & that's why it stops.

My question: What is going on? Are web sites attacking us even AFTER we disconnect from them? What are they trying to obtain from us? Why didn't my firewall stop this (why does PG2 only stop this)?

Reply to
Andrea Otto
Loading thread data ...

On Sun, 9 Sep 2007 08:56:50 -0700, Andrea Otto wrote: I skipped an important step which was to close your browser down.

  1. Set PeerGuardian (PG2) freeware to "Block HTTP"
  2. Point your browser to a suspect site such as
    formatting link
  3. Do you see many blocks of "Beyond The Network America, Inc"?
  4. Now press the PG2 "Allow HTTP" button (wait about ten or twenty seconds)
  5. Then press "Block HTTP" and you'll again see the blocked connections
5.5 CLOSE YOUR BROWSER!
  1. These blocked connections continue until you change your IP address
  2. Only then do these blocked connections cease to arrive

Even with no browser running, the connections from them continue to be blocked by PG2. The connections from them only cease when you change your IP address.

What is going on? Why didn't my firewall settings prevent this kind of attack? Are rogue web sites mining your IP address and then "attacking" somehow? Is there some other way to verify other than PG2 log files?

In summary, Are web sites attacking us even AFTER we disconnect from them?

Reply to
Andrea Otto

Andrea Otto :

No, I won't.

Yrrah

Reply to
Yrrah

Idiot.

-- Rodney

Reply to
rodney.usenet

Yes. Of course they are. I'm not an expert but no firewall can protect you on the Internet and there is no freeware known to man that tracks the connection attempts made to the thousands of ports to your computer.

Even legitimate sites do this all the time!

You can repeat your experiments with Disney or the NY Times or even Newsweek and you'll see the same affect.

They "remember" your IP address and then send "things" your way even after you've changed the browser connection.

It's just the way it is and you may as well sit back and enjoy it.

Reply to
Ed Drivenowski

I cannot even install this shit on a test machine.

What exactly makes this site suspect?

No. Anyway, why should I care?

Well, most likely this is due to HTTP being based on TCP, which is stateful. If you incompetent fool simply drop the connection, you shouldn't wonder for resent packets until the timeout drops in.

Your hypothesis is obviously bullshit.

An expected technical behaviour.

They don't attack you.

Nothing.

Consider your deep lack of understanding about simply network protocols, and having successfully infected your machine with the well-known malware "PeerGuarding", I doubt that you have any working firewall concept.

Reply to
Sebastian G.

I would like to make one correction to your statements. Sygate Firewall has an outstanding Traffic Log. When your computer is on line, it lists the following:

  1. All connections and attempted connections incoming and outgoing.
  2. It lists local and remote IP numbers of these sites.
  3. Specifies protocol ie, TCP, UDP, and ICMP.
  4. List port numbers.
  5. Lists software making your own outgoing connections.
  6. Gives time/date.
  7. Indicates allowed or blocked.

If fact, there is not much else it could report.

Casey

Reply to
Casey

Unless you'd consider packet content and state information as useful.

And unless you actually want to use that machine for anything but testing. Why else would someone intentionally install this defective software?

Reply to
Sebastian G.

s/fo/to/

Reply to
Greg Hennessy

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.