Firewall hits by DOD.

I've been reading for years about people, some here, getting Department of Defense hits and the like on their firewall software. I've always believed it.

But if it's true, and so readily known, why isn't it an issue?

I just got my firewall set up two weeks ago and boy the DoD hits me many times each day!

Do you run a virtual IP?

it just means they like it most of the time. MOST DoD folks aren't political and are life long servants of the country :)

and not all of them are bushbots

website visits?

I don't understand this.

If not, then you are correct.

In that case, I think it is most likely some amateur hacker is spoofing a DoD address to probe your network.

I doubt the DoD could get away with something so heavy handed as hitting firewalls without some techie raising a public fusss about it.

Also, if the DoD really wanted to get past your firewall, I'm sure they have ways of doing so without leaving tracks.

I'm just asking how such intrusions can be common knowledge without those committing the intrusions facing consequences.

1. IP addresses are very easy to forge and aren't really proof that the nominal owner of the address did something

2. Innocuous processes can sometimes trip firewall alarms. Anyone working with network intrusion detection systems knows that false positives are the bane of their existence

3. Law enforcement does not have the resources to deal with every possible intrusion. Unless a system has been provably hacked and a substantial dollar loss results, nothing will be done. Sadly, minor intrusions are very very common.

Can I be posting on DU, using my off-the-shelf computer, and be subject to somebody tapping into my computer and logging non-posted keystrokes?

Is that the type of thing that's possible?

And unfortunately, that is minor unless they steal your banking information and commit major fraud.

Way too common - all that is necessary is to write some software that inserts a new keyboard driver that intercepts your typing and mails it off to Mr. BadGuy.

See, for example:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cybspy.html

And got 10 DoD hits from same ip.

That's what I've been worrying about?

But why does a firewall program provide information on such a "hit."

Are the only people "hit" those who use their own computers to host websites?

at any given moment. DoD may come with a street address, state etc.

It also tells me that I have had 17K of info 'stolen' from my computer. I don't know exactly who or what they have taken.

but ONLY to do with people trying to infiltrate your computer and steal your information, right?

If so, why isn't it a big deal?

Todays DoD hits:
6.190.100.230 Port 31260

Yes I do have an issue with it, and as you can see I've taken steps to prevent it. With the copywrite crap and organizations allowed to scan your systems, to be honest, I have no idea what the law is regarding this.

to have a "hit."

Do you think the gov't is gathering information on you? Do you think it's legal? Is it spying?

It could simply be an automated program checking to see what's "out there." To really understand it, you have to know something about how the internet works, and it's kind of long and tedious to explain here, though not difficult to understand if you're patient.

Here you go, a site that explains firewalls:
http://www.howstuffworks.com/firewall.htm

Many times I read posts from people saying they had identified the DOD and I think, the Navy, trying to get through their firewalls. I was thinking about that yesterday when I heard about Bush spying on the American people. Maybe it would be a good idea to let people in Congress know about that?? They have NO right to access people's personal computers or emails without probably cause and a warrant. This is really an outrage!

creating bogus firewall hits to make the real hits less obvious.

from not only the DOD, but from other domestic intelligence agencies and other sovereign nations, including China, Australia, EU, etc. I followed up by calling the phone numbers provided. I had a lot of polite conversations with the FBI, the CIA the NSA and intelligence agencies from other countries.

Most people I told about it thought I was nuts. I'm glad to see this stuff coming out, because it shows that I wasn't crazy after all.

Not necessarily about you, but about what it means to have an "intrusion attempt" and how successful they are at it.

Let me add that in addition to being an independent newsman, I'm a Quaker somewhat involved in peace activities. What happened back then was that my hard drive and those of some of the other participants in the World News Trust project, and other Quakers at my meeting in Manhattan were destroyed. Fortunately, I had recently installed another hard drive and was mirroring the main drive.

In any case, I don't want to frighten anyone, because I think I was under particular scrutiny because of my efforts to start a TV news network in addition to being an active Quaker. Also, keep in mind that the United States was launching a war against Iraq. I'd suggest to anyone, though, that they regularly back up their hard drives. It's just good practice in any case.

Also, I'll add this. We were using some serious encryption software among some of the WNT participants. In hindsight, it really was unnecessary under the circumstances. We may have been asking for trouble by using such powerful encryption software.

Do you suppose we, without encryption protocols and the like, attract such attention simply because we think?

"Bad guys" shouldn't use the internet for communication, because it's really open to authorities, especially sovereign nations. But, normal law-abiding folks shouldn't worry about anything, I'll suggest.

On edit: Except, of course, that we don't have any real privacy any more. John Perry Barlow of the Electronic Frontier Foundation has been working recently on a project to provide solid encryption to everyone. It's a nightmare for governments.

several different types of organizations, both domestic and foreign.

Why should it be an issue? IP addresses are pretty easy to access. This site has lots of public information if you know where to find it.

SOME INFORMATION REMOVED NOT TO PISS THE OWNERS OFF. I FOUND THIS IN ABOUT 2 MINUTES. I DIDN'T EVEN POST 25 % OF THE INFO I FOUND WITHOUT EVEN TRYING

Registrant:
DEMOCRATIC UNDERGROUND, LLC
P.O. Box XXXXXX
Washington, DC 20009
US

Domain Name: DEMOCRATICUNDERGROUND.COM

Administrative Contact :
XXXXXXXXXXXXXXXXX
mail@DEMOCRATICUNDERGROUND.COM
1612 20th Street, NW, Suite 401
Washington, DC 20009
US
Phone: XXX-XXX-XXXX

Technical Contact :
DCANet
dns@DCA.NET
1204 N WEST ST
WILMINGTON, DE 19801-1026
US
Phone: XXX-XXX-XXXX
Fax: XXX-XXX-XXXX

Record expires on 05-Dec-2010
Record created on 05-Dec-2000
Database last updated on 06-Jul-2004

Domain servers in listed order: Manage DNS

NS1.DCA.NET 204.183.80.2
NS2.DCA.NET 207.245.82.2

Show underlying registry data for this record


Current Registrar: NETWORK SOLUTIONS, LLC.
IP Address: 216.158.28.197 (ARIN & RIPE IP search)
IP Location: US(UNITED STATES)-DELAWARE-WILMINGTON
Record Type: Domain Name
Server Type: Apache
Lock Status: REGISTRAR-LOCK
Web Site Status: Active
DMOZ 1 listings
Y! Directory: see listings
Web Site Title: Democratic Underground
Meta Description: Democratic Underground provides political satire and commentary for Democrats. Home of the Top Ten Conservative Idiots. Plus a great Discussion Forum.
Meta Keywords: democratic underground democraticunderground.com democrats partisan commentary discussion board forums top ten conservative idiots top 10 republican
Secure: No
E-commerce: Yes
Traffic Ranking: Not available
Data as of: 23-Sep-2005

This is about people hacking into your computer

But, my point was really was about how much information is available on the net about who, what, where your computer goes. If I can access your IP address as easily as reserve email look up to find your home address or phone number, people are really naive about what they are putting out there.

At work I tell people they need serious computer security and when I get poo-pooed about it, I will normally ask them for their IP server email address and bring them back several pages of information from their home address, phone numbers, true age, a satellite picture of their home and several other juicy tidbits like traffic violations & fines, mortgages, home value, property value, refinancing, divorces.

It's normally an eye opener for them. Just get a couple of pieces of the right information and your life is an open book to anyone with a little bit of time and know how

............and people are concerned about the DOD is pinging your PC

:shrug: What port are they probing? Is it UDP?

Are you aware of attempts by the DOD, or other gov't agencies, to spy on citizens by breaching computer firewalls?

I'd expect the DoD to use "middle-man" approaches ... and you'd probably never know it. :shrug:

2 ip's for today
6.190.100.230 Port 31260 UDP
205.7.248.195 Port 12130 UDP

6.190.100.230 is the Army Information Systems Center at the U.S. Army Yuma Proving Ground in Yuma, AZ

205.7.248.195 is Space and Naval Warfare Systems in Washington, DC

When I get around to it, I'll scan through my logs and see if I caught anything. :shrug:


12/19/05 22:15:06 IP block 6.190.100.230
Trying 6.190.100.230 at ARIN
Trying 6.190.100 at ARIN

OrgName: DoD Network Information Center
OrgID: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US

NetRange: 6.0.0.0 - 6.255.255.255
CIDR: 6.0.0.0/8
NetName: YUMA-NET
NetHandle: NET-6-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: NS01.ARMY.MIL
NameServer: NS02.ARMY.MIL
NameServer: NS03.ARMY.MIL
Comment: Army Information Systems Center
Comment: U.S. Army Yuma Proving Ground
Comment: Building 2105
Comment: Yuma, AZ 85365-9110 US
RegDate:
Updated: 2002-10-07

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-800-365-3642
OrgTechEmail: HOSTMASTER@nic.mil



12/19/05 22:24:41 IP block 205.7.248.195
Trying 205.7.248.195 at ARIN
Trying 205.7.248 at ARIN

OrgName: DoD Network Information Center
OrgID: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US

NetRange: 205.0.0.0 - 205.117.255.255
CIDR: 205.0.0.0/10, 205.64.0.0/11, 205.96.0.0/12, 205.112.0.0/14, 205.116.0.0/15
NetName: JMCIS-BLOCK
NetHandle: NET-205-0-0-0-1
Parent: NET-205-0-0-0-0
NetType: Direct Allocation
NameServer: NCC.NCTS.NAVY.MIL
NameServer: GATE.NCTS.NAVY.MIL
NameServer: NS1.NOSC.MIL
Comment: DOD Network Information Center
Comment: Space and Naval Warfare Systems
Comment: Washington, DC 20363-5100 US
RegDate:
Updated: 2004-09-20

RTechHandle: LS529-ARIN
RTechName: Slade, Lawana
RTechPhone: +1-850-452-7562
RTechEmail: LSLADE@nnic.navy.mil

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-800-365-3642
OrgTechEmail: HOSTMASTER@nic.mil

spam, etc. Also private network PC's can sometimes inadvertently roam about on the net such as in cases of infected PC's scanning for vulnerable PC's, with real or spoofed IPs. The Gov't has far more effective ways to get into your business if they want to than scanning IP's and leaving their calling card on your firewall logs.

Some threads from DSL Reports Security forum on this:
http://www.broadbandreports.com/forum/remark,12932910?hilite=dod+firewall+logs
http://www.broadbandreports.com/forum/remark,10656905
http://www.broadbandreports.com/forum/remark,9279664~mode=flat
http://www.broadbandreports.com/forum/remark,6746075?hilite=dod+firewall+logs

I download a file with known addresses to block - which is where the DoD address's are coming from - the "known" ranges are programed in.

Networks. They'll come in through a regular ISP with no connection to the DoD. Its just plain silly to leave that kind of bread crumb trail right back to the DoD. The hits you are seeing are either from spoofed IPs or from zombie/hacked DoD computer systems out scanning for more computers to infect. Its more a sign of how lousy some DoD computer network security is :)

...and now they're sending out solicitations for penis enlargement pills.

When I enter political sites? I'm hardly a chicken little when it comes to computer stuff. This has been happening since Katrina and started coming here.

I still feel that when we bring up items like spying, the fact I get hit on a regular basis by a governmental agency while visiting political sites -- It should be noted.

I take as much precaution as I can, but do you really think that the DoD are not on top of worms and tracking their traffic? Please - Where I work, it takes IT about 10 minutes to find a virus or worm in an international network.

Do not be blindly complacent. I'm not saying be paranoid either, but take some precautions and be aware that it is going on.

Only the favorites get new computers with decent anti-virus software. Peons get hand-me-downs from five years ago. Until the republican coup, most IT work wasn't centralized at all, and not all IT departments were created equal. Now, there is more centralizing, but to an outsourced company or companies. The resulting power struggle has caused as many problems as it's solved. Also, not all computers are given the same access. Some have access to critical databases, some only internet and email access. Low level secretaries often download that stupid purple monkey spyware thing, or whatever the latest generation appears to be. It doesn't take ten minutes to bounce a hundred or so emails from a DoD IP. Plus, as others have brought up, IPs are fairly simple to fake by those in the know. When trying to add an air of legitimacy to some crap virus, whose IP would you fake as the source? Burger King's?

I'm not saying you aren't actually getting pings from DoD. Maybe you are. So what. Ping them back. See what they want.

Just like the spy who snoops in on an enemy will not be wearing any US identification. The purpose is to not expose who you are working for.

Plus, if they wanted to snoop on your communications, they'd just hack your ISPs router and monitor your data there. No need to alert your firewall that way :).

Tons of attempted inquiries, and I assume they get nothing.

Lots of attempts though.