Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Government Checking Up On Vista Users?

Zonk posted more than 6 years ago | from the security-theatre-in-your-home dept.

291

Paris The Pirate writes "This article at Whitedust displays some very interesting logs from Vista showing connections to the DoD Information Networking Center, United Nations Development program and the Halliburton Company; for no reason other than the machine was running Vista. From the article 'After running Vista for only a few days — with a complete love for the new platform the first sign of trouble erupted. I began noticing latency on my home network connection — so I booted my port sniffing software and networking tools to see what was happening. What I found was foundation shaking. The two images below show graphical depictions of what has and IS trying to connect to my computer even in an idle state'."

cancel ×

291 comments

Sorry! There are no comments related to the filter you selected.

I call bullshit. (5, Insightful)

XorNand (517466) | more than 6 years ago | (#19947345)

I swear this place is becoming more and more like Digg everyday. I'm no longer renewing my Slashdot subscription while I can get this same quality news for free elsewhere. Where do I start?

1.The screenshots clearly show WinXP, not Vista. In fact, this guy's ultra-leet "port sniffing software and networking tools" is PeerGuardian 2 [phoenixlabs.org] . Straight from the product's home page: Note: PeerGuardian 2 does not support Windows Vista at the moment. This is a top priority, and we hope to have a Vista download soon.

2. Lame screen shots from some Windows app isn't enough to validate a conspiracy theory. Where's the complete traffic dump? And not from some random guy and his "fanboy" friend; how about a creditable network security organization? Hell, I'd even settle for an intern with his CCNA.

3. Hard to tell because all we have are screen shots, but it looks like nothing more than port scans. ::yawn::

(Guess is this is what I get for spending a beautiful Sunday afternoon indoors, on my computer).

Re:I call bullshit. (5, Insightful)

igotmybfg (525391) | more than 6 years ago | (#19947389)

1.The screenshots clearly show WinXP, not Vista. In fact, this guy's ultra-leet "port sniffing software and networking tools" is PeerGuardian 2. Straight from the product's home page: Note: PeerGuardian 2 does not support Windows Vista at the moment. This is a top priority, and we hope to have a Vista download soon.

The screenshots also clearly show another computer is involved, since he is remoting from his Vista PC to his Windows PC. Perhaps they are both on the same network, and he has reason to believe that these connections are being caused by having Vista on the network.

Re:I call bullshit. (3, Funny)

entgod (998805) | more than 6 years ago | (#19947727)

I love how you're clearly indicating that vista ist't windows enough to be windows :)

Re:I call bullshit. (2, Insightful)

Tuoqui (1091447) | more than 6 years ago | (#19947787)

Well considering all the DRM and crap that Vista has in it. He is doing the right thing by NOT trusting a Vista machine to accurately represent the IP traffic passing through it.

I personally would have done it with a Linux machine myself using Ethereal or something reliable. The fact is you cannot trust Vista to report the packets in an unbiased manner. It could theoretically drop these packets before they make it to your OS.

Either way if you set up a ARP spoofing attack on your own network (or have a managed switch) it would be better means of packet sniffing the network so that you dont even have to remote into Vista to get this going.

Re:I call bullshit. (1, Insightful)

Anonymous Coward | more than 6 years ago | (#19948015)

More likely he was running P2P software on one of the machines on the network and Peerguardian was picking up the network scans.

Re:I call bullshit. (0)

Galactic Dominator (944134) | more than 6 years ago | (#19948131)

No, I have long said I noticed the same type of traffic with no Vista present on the Peerguardian boards.

One method of increasing those types of hits is to use utorrent. You'll see haliburton and DOD type of hits regardless, but with maybe a 10 - 25% increase when using utorrent on that exact same torrent/time span.

I also see this types of hits from work where there is no vista, and no torrenting software.

Re:I call bullshit. (0, Redundant)

nbannerman (974715) | more than 6 years ago | (#19947397)

Yeah, I don't get those screenshots either - the RDP window is Vista, but the contents are XP... I'm willing to call bullshit on this as well - nothing more than anti-MS FUD without verification.

Re:I call bullshit. (2, Informative)

Maniac-X (825402) | more than 6 years ago | (#19948029)

Well PeerGuardian doesn't run on Vista, so that's probably why he RDP'd to it.

Though what I can't figure out is why he didn't use actual port sniffing software like WireShark. I call bullshit on this lame post.

Re:I call bullshit. (0)

Anonymous Coward | more than 6 years ago | (#19947403)

Wouldn't he be port sniffing on another box, say his xp box? Just a thought. Granted, it would have been l33t if he used his linux box with ethereal or something instead.

Re:I call bullshit. (1)

aichpvee (631243) | more than 6 years ago | (#19947453)

This guy obviously doesn't use Linux if he thinks he needs to "upgrade" to Vista to keep up with the "technology evolution."

Re:I call bullshit. (1)

larry bagina (561269) | more than 6 years ago | (#19947507)

ethereal runs just fine on windows (although gtk is a ugly as cowboyneal's brown hole). A halfway decent firewall (kerio) would also show the same information.

Re:I call bullshit. (1)

ClubStew (113954) | more than 6 years ago | (#19947407)

It's nothing more than FUD.

Besides, if he wrote a paper and his professor was shocked, I'm sure it was only because of his horrible grammar (ex: countries instead of country's). Sheesh. If you're going to spread FUD, at least try to sound intelligent.

Re:I call bullshit. (5, Informative)

avaric3 (580446) | more than 6 years ago | (#19947421)

The machine running the peer guardian is an XP machine. It is sniffing traffic on the local network and filtering out all the results that don't originate from the vista machine. He is running remote desktop from the Vista machine to the XP machine (the one running Peer Guardian). He probably did this because of the issues that software has with Vista, or possible because he feels that Vista would hide this information from programs running locally.

Re:I call bullshit. (5, Insightful)

Anonymous Coward | more than 6 years ago | (#19947425)

I agree, but .. you missed the best part.
PeerGuardian is for blocking *incoming* connections, this has nothing to do with Vista *AT ALL*.
The names that show up against the IP are taken from user submitted rule files(In case you didn't know this is so that IP's from RIAA/MPAA employed companies can be blocked-who log all ip's connected to any torrent as seeds/leeches). There is no validation on the name corresponding to the IP. Complete and utter FUD.
Even the IPs DID correspond to DoD etc.. there is a completely plausible reason for that.
Bit torrent clients cache IP addresses so that they can connect to all the seeds/leeches in case the torrent managing host goes down. All this has proven is that the US Government uses Bit torrent.

think again (1)

CiderJack (961987) | more than 6 years ago | (#19947793)

PG2 blocks both incoming and outgoing connections to blacklisted IP addresses.

Granted, we don't know which particular software is requesting the connections, although from a quick glance at the screenshots, it appears that the connections are indeed incoming requests.

Color me skeptical.

Re:think again (4, Insightful)

Fallingcow (213461) | more than 6 years ago | (#19948125)

Peerguardian2 under WinXP commonly shows DoD and other odd incoming requests. Let's see what's on my log of recent attempts right now...

Kuwait Ministry of Communications
AAFES/Barracks
Military Medical Academy

And a host of other weird entries. I know I've seen DoD on there before... let's check my older logs:

Federal Electric and Water Authority (WTF?)
Saudi ARAMCO (oil company)

OK, no DoD now, but the point is that weird crap shows up in Peerguardian all the time. DoD entries appear fairly frequently. If this guy's run any P2P software in the last, oh, week or two, that'll cause this to happen.

Re:I call bullshit. (4, Insightful)

SocialEngineer (673690) | more than 6 years ago | (#19947427)

Maybe he's got multiple machines hooked up to a hub, with the XP machine sniffing in promiscuous mode. Maybe he's tunneling the connection through the XP machine. Who knows. While I too am inclined to call BS, the XP argument doesn't fly.

Re:I call bullshit. (5, Informative)

ptbarnett (159784) | more than 6 years ago | (#19947433)

Hard to tell because all we have are screen shots, but it looks like nothing more than port scans.

Or P2P. But, the important part is that he is showing nothing more than incoming frames, and conveniently obscures the destination port(s).

And to even get to the point where PeerGuardian (or whatever) can see the frame, it has to pass through his firewall -- presuming that he has one. And that means he either is explicitly allowing that port through or he made the connection himself.

I wonder what Task Manager would show running?

Re:I call bullshit. (4, Interesting)

Igmuth (146229) | more than 6 years ago | (#19947797)

And to even get to the point where PeerGuardian (or whatever) can see the frame, it has to pass through his firewall -- presuming that he has one. And that means he either is explicitly allowing that port through or he made the connection himself.

If you look at the screenshots, you can see he's connecting RDP to 192.168.0.1, which is the typical gateway address on most NATs. I think he might actually be running a WinXP box as a firewall. This would explain how he is seeing all of the packets, with the external destination IP. Therefore I wonder if his XP box has just been rooted.

Re:I call bullshit. (-1, Troll)

Anonymous Coward | more than 6 years ago | (#19947459)

stop astroturfing you Microsoft employee. Obviously Microsoft has an interest in helping the government spy on terrorists. They are probably being forced into it so that the Bush administration will protect Microsoft's monopoly even after Ron Paul is elected president. The government probably planed 9/11 and is using this to help find petty terrorists to blame. I'm sure there are even more backdoors in Windows we don't know about. It is just that most security organizations are afraid to get investigated by the FBI and shut down if they dare to expose the government's backdoors in Windows. Just wait a few more years, and the backdoors will move to the hardware's firmware. Then it won't matter what open source operating system you are running.

The captcha is differer.

Re:I call bullshit. (1)

Anonymous Coward | more than 6 years ago | (#19947469)

if i had vista installed id try it out myself. im not saying its right one way or the other, but i will say this. you sound like the kind of skeptical asshole that even IF this were proven true, you'd say, 'so what, its not like theyre doing anything bad. theyre the government. crazy conspiracy theorists.'

Re:I call bullshit. (5, Insightful)

guardiangod (880192) | more than 6 years ago | (#19947497)

For the first time in many years, I agree that /. ain't what it used to be.

Blah how does this make the front page? There are million of reasons for these connections.

Maybe he is using a dynamic ip based isp and he just got a new ip? Maybe the last person who used that ip was using bittorrent? Botnets trying to reconnect to this ip?

Aside from those "Remote Desktop" xp screenshots, I noticed there are Hei Long Jiang education committee, UN Development program, China Edu and Research Network, and whatever.

I guess the DoD and the "Chinese intelligence agency" are both attacking his computer.

UN probably sent some people to infiltrate his computer as well.

Wait, Hei Long Jiang is right next to Russia? Maybe the KGB is using China's network to go after him as well!*roll eyes*

Even if they are not bt, they might just as well be port scans.

News for nerds, indeed.

Re:I call bullshit. (4, Insightful)

Dude McDude (938516) | more than 6 years ago | (#19947695)

Blah how does this make the front page?
It gives the anti-Microsoft crew yet another chance to bitch and moan.

Re:I call bullshit. (1)

fredklein (532096) | more than 6 years ago | (#19947725)

Botnets trying to reconnect to this ip?

Even if they are not bt, they might just as well be port scans.


Port scans from GOVERNMENT computers? Oh, okay, nothing to see here...

Re:I call bullshit. (5, Insightful)

gujo-odori (473191) | more than 6 years ago | (#19947837)

Yeah, I looked at the wide-ranging place he's getting connections from and asked myself, "Now, what do IPs in all those places - especially China - tend to have in common?" I've been working in email security for four years and was a postmaster before that, so I had a ready answer to that question; zombies.

P2P and fast-flux networks is the current cutting edge of botnets, and that fits with all the inbound connections he's seeing.

The explanation that fits best with his experience is that his Vista box has already been owned and has become part of a botnet.

While his conspiracy theory that Microsoft is in bed with DoD, DOHS, and Haliburton (gimme a break!) is clearly anti-MS FUD, there is good reason to draw a bad conclusion about Vista from this. One of Vista's big selling points was better security, yet here we have somebody stepping up front and center with an apparently freshly installed and freshly owned Vista box.

The article doesn't speak well of Vista, but not for the tinfoil hat theory advanced by its author.

The other leading theory, which has been advanced by a number of others, is that he's running bit torrent or another P2P app. This is also plausible, and if the zombie theory is wrong, then the P2P app theory still holds. Bhy far the least likely explanation is the conspiracy theory advanced by the author.

Re:I call bullshit. (0)

Anonymous Coward | more than 6 years ago | (#19947501)

1.The screenshots clearly show WinXP, not Vista. In fact, this guy's ultra-leet "port sniffing software and networking tools" is PeerGuardian 2. Straight from the product's home page: Note: PeerGuardian 2 does not support Windows Vista at the moment. This is a top priority, and we hope to have a Vista download soon.

If you're going to assume that your OS is doing something underhanded on the network, you probably want to sniff your packets from some other host, otherwise your underhanded OS might not provide the packets with the evil bit set to the packet sniffer.

I'm confused (3, Informative)

raftpeople (844215) | more than 6 years ago | (#19947521)

Isn't this inbound stuff? Isn't this the same crap that ZoneAlarm blocks for me constantly?

Re:I call bullshit. (1)

Corson (746347) | more than 6 years ago | (#19947541)

peerguardian2 works fine on vista.

Re:I call bullshit. (2, Informative)

JimDaGeek (983925) | more than 6 years ago | (#19947547)

1. It shows an RDP from Vista to XP.

2. There is a version that is working on Vista [winmatrix.com] . However it is command line only right now, the GUI is not done.

3. I am sure a lot of people will be monitoring now. This guy just noticed increased traffic from suspicious organizations AFTER he installed Vista. Did you see all of the Vista code? Do you know what info Vista sends and to whom?

It sounds like you are trying to apologize for MS. This sounds just like the crap MS would do. All these connection attempts weren't there in XP. "Upgrade" to Vista and now all kinds of "terrorist" scans are taking place? What the hell is Haliburton doing scans for? This seem more than a coincidence to me.

Re:I call bullshit. (2, Insightful)

arth1 (260657) | more than 6 years ago | (#19947975)

One thing worth noting is that Vista-running boxes don't have telepathic connections to the US DoD, Halliburton and all the others. They won't know that his machine runs Vista and to contact him unless they're told about it -- normally by an outgoing request.
If there's no outgoing requests, but just incoming, this is more likely to be cached P2P entries, where the outside hosts are trying to reach a (now gone) peer, be it bittorrent, edonkey, kademlia or whatever.
It would have been very interesting to see the incoming port numbers that the outside clients are trying to connect to. My bet would be on these being p2p software ports -- quite possibly known because this very same guy was leeching pr0n the night before.

Re:I call bullshit. (1)

mistahkurtz (1047838) | more than 6 years ago | (#19948043)

we're all forgetting one thing. most large organizations or corporations have problems with keeping track of 100% of the computers in the organization, let alone making sure that no outside machines have been brought in. we've all heard of some rogue machine, plugged into a network or running with a wireless nic, sitting in a 3rd basement janitorial closet for who knows how long doing who knows what, with an origin of who knows where... the DoD and Halliburton wouldn't be immune to this sort of thing. major organizations all over can't even keep track of the hardware they knew they had [attrition.org] ...let alone monitor what's happening with the hardware they don't know is there.

however, since none of us have access to the DoD, Halliburton, or this users computers or logs, almost any explanation is as likely as another.

I was going to mod you down... (4, Insightful)

msimm (580077) | more than 6 years ago | (#19947553)

Just as over-rated. But I realized leaving your post modded higher makes more sense anyway (since you obviously weren't ust trying to be a prick and this why the whole conversations is easy to read).

As you'll see in one of the follow-up posts to this parent the software is being run on a second systems (since as you point out Vista isn't supported the listener is XP).

As to the credibility of the rest of the story I suppose that's up for grabs. Or rather reproducibility. Sniffing software is easy enough to install/use. Maybe the poster of the original story is being watched via a government trojan. Maybe there is a backdoor for the government to use to monitor potential criminal. I imagine if ALL Vista systems phoned home like this they'd be drown in data so it's either addition software, activated existing feature or hoax/fluke.

you saw the reason, yet you didn't understand it (1, Interesting)

Anonymous Coward | more than 6 years ago | (#19947619)

Looks like the guy had to boot into XP to use that software he wanted to use. Ever hear of dual boot, sparky? Maybe YOU are too quick to be "leet" and showoff your complete lack of reasoning skills. +5, what a joke, anyone who modded your post up is a 'tard and can't think past ONE step.

Time for a "zonksucks" tag? (0)

Anonymous Coward | more than 6 years ago | (#19947645)

Just sayin'.

Re:I call bullshit. - About Lame Screen Shots (1)

Nom du Keyboard (633989) | more than 6 years ago | (#19947663)

Lame screen shots from some Windows app isn't enough to validate a conspiracy theory.

They're certainly enough to get you sued, and thereafter spending upwards of $100K in legal defense against the RIAA.

Re:I call bullshit. - About Lame Screen Shots (4, Funny)

monoqlith (610041) | more than 6 years ago | (#19947765)

Don't be sillly. The RIAA will sue you with much less evidence than a screenshot.

Re:I call bullshit. (1, Informative)

Anonymous Coward | more than 6 years ago | (#19947705)

Bah! You get that with any computer on a open network. Spambots, torrent clients and what not... Halliburton has botnet infected PC's too. Oh my!
No info on his network setup or for that matter what other boxes on the network might be running.

Re:I call bullshit. (3, Funny)

phayes (202222) | more than 6 years ago | (#19947707)

Given that the firehose seems to be broken, there's no way to get this unsubstantiated bullshit off slashdot...

Re:I call bullshit. (0)

Anonymous Coward | more than 6 years ago | (#19947803)

Dugg!

Re:I call bullshit. (1)

spyrochaete (707033) | more than 6 years ago | (#19947813)

The XP machine is on 192.168.0.1. Maybe he's using it as a router.

Bullshit OR Bad Writing! (1)

sciop101 (583286) | more than 6 years ago | (#19947815)

The author should have given a short explanation of his technique (backout to Vista, separate machine, whatever...)

I suggest a separate machine.

Re:I call bullshit. (0)

Columcille (88542) | more than 6 years ago | (#19948057)

while I can get this same quality news for free elsewhere.

Did you say quality? Slashdot is getting pathetic. Quality need not apply.

Re:I call bullshit. (1)

Oldsmobile (930596) | more than 6 years ago | (#19948103)

Ha, ran in to this on Digg myself and immediately got a red warning light flashing in my head.

I do think it's worth posting about on Slashdot since it'll get a better quality debunking here than on Digg.

PeerGurdian is not a legitimate investigative tool (5, Informative)

Anonymous Coward | more than 6 years ago | (#19947369)

The DOD NIC runs one of the DNS root servers. Yes, that's right... his DNS requests are sometimes going to the Department of Defense! Burn the government down.

Re:PeerGurdian is not a legitimate investigative t (4, Insightful)

CastrTroy (595695) | more than 6 years ago | (#19947485)

Which when you think of it, makes complete sense, because the Internet was invented for and by the military.

Re:PeerGurdian is not a legitimate investigative t (1)

arth1 (260657) | more than 6 years ago | (#19948005)

Indeed. That's why one of the other DNS TLD root servers sits in Al Gore's basement...

Re:PeerGurdian is not a legitimate investigative t (4, Informative)

nEoN nOoDlE (27594) | more than 6 years ago | (#19947625)

indeed. When I was running Peer Gaurdian, I got DOD requests all the time in XP. This is a non-story

Re:PeerGurdian is not a legitimate investigative t (1)

iminplaya (723125) | more than 6 years ago | (#19947657)

Burn the government down.

Got a match?

Re:PeerGurdian is not a legitimate investigative t (1)

Jeremiah Cornelius (137) | more than 6 years ago | (#19947871)

Not since Superman died.

Ba-dump!

Re:PeerGurdian is not a legitimate investigative t (2, Interesting)

Jherico (39763) | more than 6 years ago | (#19947795)

That's as may be, but a default OS installation should have no reason to talk to any of the root servers. Only a machine RUNNING a DNS server should have any reason to communicate with root servers.

Re:PeerGurdian is not a legitimate investigative t (0)

Anonymous Coward | more than 6 years ago | (#19947861)

That's as may be, but a default OS installation should have no reason to talk to any of the root servers. He may run a non-standard install or even a DNS server... BIND will run on anything.

Re:PeerGurdian is not a legitimate investigative t (1)

bev_tech_rob (313485) | more than 6 years ago | (#19947949)

Especially if the machine is resolving to 192.168.0.1 on his internal network. Looks like the XP box is set up as a router (ICS maybe?) and probably a DNS server as well for his internal network (Smoothwall or a similar flavor of firewall software would be a lot cheaper alternative than WinXP..imo)

Bullshit (1)

alflauren (1124651) | more than 6 years ago | (#19947379)

This looks like a typical log from a torrent-sharing user. It's not even a Vista screen cap.

Re:Bullshit (3, Funny)

Tablizer (95088) | more than 6 years ago | (#19947401)

It's not even a Vista screen

That's because the FBI installed XP in the middle of the night.
       

Um... (1)

Perseid (660451) | more than 6 years ago | (#19947415)

PeerGuardian does NOT qualify as port-sniffing software. I was expecting to see Ethereal logs or something. I ran PG for about 10 minutes, decided it was insane and uninstalled it.

Highly Suspicious to me... (5, Insightful)

tgatliff (311583) | more than 6 years ago | (#19947437)

Either M$ is the dumbest company on earth, or this is a scam article. I would assume that if M$ was in fact monitoring users, which I think is quite possible, then all of the information would go back to Redmond and then distributed to the appropriate groups. At least this way they have plausible deniability....

Also, "Halliburton"? Give me a break.... First, what type of tool is going to return a text output so blunt... Not is not "HA-39214", but instead is just "Haliburton" the evil company.... Also, I am certainly not a fan of the company and its former involvement with the vice president which just smells bad to begin with, but what in the world would a military contracting company that fufills soft drinks, food, oil, and other supplies to military groups want to monitor computers... This is just unrealistic...

Re:Highly Suspicious to me... (3, Insightful)

Anonymous Coward | more than 6 years ago | (#19947593)

whois 34.60.236.180
[Querying whois.arin.net]
[whois.arin.net]

OrgName: Halliburton Company
OrgID: HALLIB-1
Address: 10200 Bellaire Blvd
City: Houston
StateProv: TX
PostalCode: 77072-5299
Country: US

NetRange: 34.0.0.0 - 34.255.255.255
CIDR: 34.0.0.0/8
NetName: HALLIBURTON
NetHandle: NET-34-0-0-0-1

and so on. So, yes, it's in Halliburton's IP range. That still does not mean anything, though. PG as a traffic analysis tool is a joke, as others pointed out already. At least he could have displayed the destination port and check what service is supposed to listen to it, if any. This way it might very well be just a bunch of zombies portscanning away[*] - there are a bunch of University addresses (Purdue, Athens, Rio) and a couple of Chinese IPs. Wow, MS must have really sold out to the barbarian invaders, right?

[*] I'm giving the guy the benefit of the doubt about these not being attempts to connect to his previously-running p2p application, although with the carefully-trimmed destination ports from his screen-captures maybe I shouldn't. After all, he was clever enough to tune this blog entry to the net-herd paranoia and get hits from at least /.

Simple solution (1)

Enderandrew (866215) | more than 6 years ago | (#19947443)

This looks suspect, as it has been noted before. And it may very well be FUD. However, given that the instructions appear to be laid out, why doesn't someone see if they can replicate this to verify or debunk this with some authority?

I'd do it myself, but I don't have Vista.

Re:Simple solution (0)

Anonymous Coward | more than 6 years ago | (#19947475)

I agree. Can't someone at least attempt to verify this before calling bullshit on it? I don't have Vista either, so yeah...

Re:Simple solution (5, Funny)

MillionthMonkey (240664) | more than 6 years ago | (#19947505)

Great plan genius- now we have to find someone who bought Vista! :)

Re:Never trust a compromised box. (1)

Technician (215283) | more than 6 years ago | (#19947947)

Great plan genius- now we have to find someone who bought Vista! :)

Never trust a compromised box to tell the truth. Wake me when he has router logs instead of Vista logs or worse XP logs of a Vista monitor. Many routers will send connection logs to a 3rd machine. This way you don't have to trust the machine under test. Simply log it's traffic as it passes an external router. Now you have evidence of real traffic.

I was skeptical of the original setup. Was it Vista. The author claimed "idle" while running remote desktop software. That's hardly idle to me. What if it isn't Vista, but something like a back door into some communications package such as remote desktop?

The Department of Homeland Security may have in intrest in remote connections, especialy if they cross into hostile territories. Someting could have flagged this connection as something they wanted to watch for some reason. Maybe it's the connections to all the overseas .edu's. Many of the people being watched are on educational visa's. Having ties to some of these schools may be a red flag. It's not Vista, but the remote software that may be to blame. Having active connections to schools in several contries may have raised intrest. See the logs in the screenshots.

FUD (2, Insightful)

gregholt (90624) | more than 6 years ago | (#19947461)

Yawn. 1/10 for FUD. Slashdot FUD: "...showing connections to..." Source: "...trying to connect to..." Nice faulty translation there. Tons of system try to connect to every other system on the Internet; bad guys, good guys and just curious guys. Also from the source: "...my computer even in an idle state..." The processes active on a target system is not indicative of what other systems are trying to do in most cases. Plz may I'z haves moore FUD. K thx.

nothing to see here.. move along now (2, Informative)

sonictheboom (546359) | more than 6 years ago | (#19947463)

this is just normal scans that everyone gets all the time. nothing to do with having vista installed.

Ever been connected to a P2P network (0)

Anonymous Coward | more than 6 years ago | (#19947467)

If that computer has, and I assume it has cause you're running PeerGuardian, it's likely that your IP is in a host cache or tracker somewhere. As for the DoJ it could be some guy on a break using P2P. A connection attempt alone means nothing.

I can confirm this (-1, Troll)

Anonymous Coward | more than 6 years ago | (#19947481)

Posting anonymously for obvious reasons...

I work in one of the government agencies in question, and I can confirm that we have been doing this. To be fair to Microsoft, they had no choice to let us in. It's been going on for months now. Right here, directly out of our own network, so that any retard with a freeware tcpdump/traceroute frontend can see exactly what we're up to.

PS: this isn't fake.

Re:I can confirm this (5, Funny)

Anonymous Coward | more than 6 years ago | (#19947515)

Posting anonymously for obvious reasons...

I work in one of the extraterrestial government agencies not in question, and I can confirm that we have been doing this. To be fair to United States government, they had no choice to let us in. It's been going on for years now. Right here, directly out of our own network, so that any retard with a freeware tcpdump/traceroute frontend can see exactly what they're up to.

PS: this isn't real.

I swear.. Zonk is.... (0)

Anonymous Coward | more than 6 years ago | (#19947499)

becoming more and more a Fox Mulder wanna be.... Everything is a conspiracy... The MAN is out to get us... Oooohhh.... Spooky Mulder where are you....

Please... Can we cut back on the Slashdot Conspiracy Theories....

I actually like the Slashdot conspiracy theories.. (0)

Anonymous Coward | more than 6 years ago | (#19947641)

Like that ScuttMoney was taking bribes from that * * Beatles guy for posting stories (and notice how that stopped not that he doesn't get a PR boost for those links...).

Anyway, I think Zonk is just auditioning for Coast to Coast AM since Art Bell decided to retire again.

Re:I swear.. Zonk is.... (1)

ScrewMaster (602015) | more than 6 years ago | (#19947661)

Yes, well ... at least Fox Mulder was usually right, even if he could rarely prove it.

That explains it! (0)

Anonymous Coward | more than 6 years ago | (#19947523)

I wondered why Vista defaulted to that Black Helicopter screensaver. I guess we know why now.

More reason I'm glad I'm running 2003 server that the nice man from the NSA helped me harden.

Just Vista? (5, Interesting)

orkysoft (93727) | more than 6 years ago | (#19947535)

So he installed Vista, plus his warez, and now he's seeing suspicious network connections? Get a grip.

I'd like to see a bare install of Vista (legit), with no other programs running, and connection monitoring being done on a router in between the Vista box and the internet, before I will believe this. And I say this as a die-hard Linux user who has barely touched XP.

Re:Just Vista? (1)

mini me (132455) | more than 6 years ago | (#19948079)

I'd like to see a bare install of Vista (legit)

What if Vista only enables this feature after it sees suspicious activities, such as using P2P programs?

Connection to or from? (4, Insightful)

Britz (170620) | more than 6 years ago | (#19947647)

I guess all those computers are botnets (check out the other connections, DoD is only one among a whole bunch of seemingly random international sites including a couple universities from Brazil and China) trying to get more bots using security holes and trying if they have yet been patched on random IPs.

Because those are trying to connect TO his computer from the outside, not the other way around.

What a load of bullcrap. Where does /. pick up its editors?

Slashdot (0)

Anonymous Coward | more than 6 years ago | (#19947659)

Getting worse every day!

Re:Slashdot (0)

Anonymous Coward | more than 6 years ago | (#19948055)

I used to think this was sour grapes. Everybody everywhere always thinks everything is worse than it used to be. But fuck, Slashdot really is getting shittier by the minute.

Here it is! (0)

Anonymous Coward | more than 6 years ago | (#19947675)

Basically no one I know uses Vista (after they tried it).

Microsoft is so upset by this that their market department invented this FUD so all geeks around the world try this to prove it! Nice scam!!!

Thank god my home computers are all Macs! No Microsoft-related issues or problems to worry about.

Statistics (4, Insightful)

tsa (15680) | more than 6 years ago | (#19947697)

Those are some very strong allegations. I can't understand why /. soiled its pages with this. The guy didn't even try other machines and other operating systems. No statistics at all. This is the worst 'article' I've seen so far on /., and I have seen some really bad stuff here already. Indeed, as one poster said, /. is becoming more and more like Digg. And that is NOT a compliment, Taco at al.!

Re:Statistics (4, Insightful)

TopSpin (753) | more than 6 years ago | (#19947969)

I can't understand why /. soiled its pages with this.


As I see it, there are two possibilities:

The first is that the story actually had credibility with Zonk and he was more than happy to put it up. Put Halliburton in a story and the truthers soil themselves. The second; Zonk saw through it like any other technically savy grownup and knew it would be ridiculed. In that case it is a sort of April Fools joke.

Anyhow, there are plenty of reasonable explanations already posted for the 'evidence' provided. Here is one I didn't notice; why would 'they' use easily identified domains to spy on people? 'They' run the world so clearly 'they' could arrange for something less obvious, no?

Finally, is there any recourse for a business that has had it's products publicly slandered? I'd hate to see Microsoft get a piece of /. in court, but it wouldn't surprise me if they tried [slashdot.org] .

Ceiling Cat Is Watching You Masturbate (1)

bmo (77928) | more than 6 years ago | (#19947703)

It's goddamn Windows. Even if this was something to get excited about, Windows users get what they deserve, especially if they're p2p'ing warez like the source of this dodgy "article" was doing.

Set up a pristine Vista machine. Put a box inline with it and run Snort. Post the logs in some sort of reasonable format. Then we might have something to talk about. But this? What can I say, besides "bullshit"? The origin of this may as well be ranting about Ceiling Cat.

--
BMO

Re:Ceiling Cat Is Watching You Masturbate (1)

bigstrat2003 (1058574) | more than 6 years ago | (#19947769)

It's goddamn Windows. Even if this was something to get excited about, Windows users get what they deserve....
No. Just no. I'm sorry, but that's pretty much the height of stupidity, what you just said. "Even if the government were inspecting his computer, he deserves it cause he's using Windows!"

I can see a little bit of leeway for a similar argument about any other source of attack, but not one which is supposedly originating from our government (and note that those arguments aren't legit either, but they're at least a bit better than what you said). But you are correct in that this is nothing to get excited about, so it doesn't matter.

Re:Ceiling Cat Is Watching You Masturbate (1)

bmo (77928) | more than 6 years ago | (#19947959)

Did you RTFA?

Maybe what I said was a bit over the top, but he got exactly what he deserved. He was p2p'ing warez on Windows. That's the _only_ reason to run PeerGuardian, and you _don't_ need PeerGuardian if you're doing something legal like torrenting Linux distros. I don't know about you, but running p2p on Windows and bitching about weird connections is like, oh I dunno, deliberately peeing on an electric fence and then complaining that it hurts.

I'm sorry if my lack of empathy strikes you as callous, but...well, my sympathy for stuff like this died a long time ago.

--
BMO

Halliburton? (3, Insightful)

Jeian (409916) | more than 6 years ago | (#19947711)

Halliburton?

He's really grasping, isn't he.

LOL Cat! (1)

Jeremiah Cornelius (137) | more than 6 years ago | (#19947923)

We'rE In uR Ip'S, SteaLiN' Ur GovAminTS!

I might've read the article (1, Insightful)

RichPowers (998637) | more than 6 years ago | (#19947729)

Until I saw the bit about the "Halliburton Company" in the summary. Are these nutjubs now required to mention it in every one of their hackneyed theories?

The worst part about stories like these is that it obscures what the government is really doing to invade our privacy.

How about some editorial control, Slashdot?

Digg story down. (1)

Aaron England (681534) | more than 6 years ago | (#19947733)

Article buried for lack of journalistic standards.

Re:Digg story down. (1)

tsa (15680) | more than 6 years ago | (#19947919)

Digg is that way --->

Re:Digg story down. (1)

blowdart (31458) | more than 6 years ago | (#19948019)

What, you really believe people Digg due to truth in URLs as opposed to "Micro$oft is evil" contents? Do you want to buy some land?

You call that a conspiracy? (3, Interesting)

Nate Eldredge (133418) | more than 6 years ago | (#19947761)

Okay, so maybe the US government and Halliburton are checking up on Vista users, but that's benign compared to the folks after us FreeBSD users. I whois'ed some of my port scan logs and found McGraw Hill, The Washington Post, the BBC, and Ikea. Now that is one terrifying conspiracy. Eisenhower was right when he warned us of the dangers of the media-Swedish furniture complex.

Seriously, though. Worms and botnets are endemic and every organization has boxes probing the internet without their knowledge. Doesn't mean they're out to get you.

I always hated people who would whine about Slashdot story selection, but come on, editors, use a little discretion. You're just helping spread paranoid stupidity.

Highly plausible... (2, Insightful)

Ub3rT3Rr0R1St (920830) | more than 6 years ago | (#19947779)

With the fairly recent uproar that occurred with the numerous accounts of illegal wire tapping by part of the Bush administration, why, oh why, would anyone discard this as some sort of sham?

Now, I'm not agreeing that the proof is 100% credible, and I'm not completely disregarding the fact that this might really be a sham, but the previous experiences the US has had with any sort of monitoring on the peoples should be enough to regard this with high suspicion.

Monitoring through the internet isn't difficult. You don't need to be a Government agency with vast resources at your disposal. All you need is a terminal, and knowledge. I think the Government has plenty of both. Most people with internet connections don't know how to check the connections going into their computer. They don't know how to "port sniff". This makes for millions upon millions of victims to such an invasion of privacy.

I strongly believe this should be taken more seriously than it is at the moment. If wire tapping is illegal, and is treated with such priority, then I think this should be handled the same way. We have nothing to lose by assuming this is legitimate, and we have so much more to gain by going directly to the facts, by means of thorough investigation. This shouldn't be taken lightly.

Re:Highly plausible... (1)

Dachannien (617929) | more than 6 years ago | (#19947855)

We have nothing to lose by assuming this is legitimate

Except, perhaps, your credibility?

Never attribute to malice what you can attribute to zombies.

Re:Highly plausible... (1)

Jeian (409916) | more than 6 years ago | (#19948045)

Plausible it may be, but until there's better proof than this article...

Hacker took over the box perhaps? (2, Interesting)

Adammil2000 (797026) | more than 6 years ago | (#19947865)

Is it possible that this box was taken over by a hacker and is trying to attack DoD addresses? As opposed to some alleged "phone home" behavior that Vista is showing?

Bad facts (0)

Anonymous Coward | more than 6 years ago | (#19947877)

fta "We're talking about a Microsoft upgrade that almost rivals the audio development quality seen on Mac DAW's for years - but with none of the proprietary hardware BS that is forged into the Mac world."

I'd like to see a list of these so called "proprietary" mac parts.

hmm (1)

LinuxRegisteredUser_ (887810) | more than 6 years ago | (#19947891)

I don't see any connections on the new vista machine. I'm watching the packets go through the router. Read that headline and was about to go uninstall. Glad I checked to confirm first.

Don't believe negative hype created by gov plants (0)

Anonymous Coward | more than 6 years ago | (#19947931)

This article isn't any more or less plausible than any other article on slashdot, however there are many angry and negative reactions towards it. It's entirely possible, probable infact that the people trying to "Digg it down" are plants by the government or the type who easily chime in with government plants.

Think about it, the person is just asking a question and is showing what they did, screenshots and all. It requires more investigation and it's important for someone to do it, but it's not the writer's responsibility. They are simply sharing some very disturbing news.

Our government does use undercover people to sway public opinion and paranoia bashing is one of their effective methods. They know that the target audience fears looking like some sort of off-the-rocker loonies and would rather not voice or investigate their suspicions in order to save face. It works.

Don't give into conformity people, think! THINK!!

No Destination Ports (5, Insightful)

tiny69 (34486) | more than 6 years ago | (#19947951)

The screenshots conveniently leave out the destination ports. With out that information and without knowing what programs the user had installed or running, the entire article is a waste of time. We have no idea if the traffic is associated with a program he's running or if it's something else. He's concerned about connections that appear to originate from the U.S. Government, but isn't phased by the connections appearing to come from China. Oh noes!?! China has a backdoor in Vista!!

My guess is that he's running some P2P software. Guess what? The U.S. Government does get 0w3nD and does have problems with viruses, trojans, and P2P software.

Nothing to see here. Move along....

Worst /. Story Ever? (2, Insightful)

nuintari (47926) | more than 6 years ago | (#19947999)

Okay, this has got to one of the most pointless slashdot stories ever.

One, he is sniffing with a crappy piece of software that is barely a sniffer. Secondly, unless he has that XP system he claims is a Vista system, monitoring a HUB, not a switch, that the Vista machine's traffic has to go thru, he isn't sniffing anything relevant. Last, this is pointless paranoia.

You want to see more of your "government conspiracy traffic?" Find someone at an ISP to help you, as you will need a piece of public IP address space. Route it to someplace where you can monitor all the traffic destined to it, and plug nothing into that segment of your network. It just has to exist, and be publicly accessible. It goes nowhere, has no devices in it, it just exists. Then turn your sniffer on, and watch the botnet traffic fly by. Yeah, you will see attacks coming from everywhere, nowhere to go, and still they scan like crazy. And yes, you will see it come from DoD address space too, heaven for-fucking-bid.

Oh, and when do your sniffing, use a real sniffing tool. Then you can tell us what kind attacks the scary US government is mounting against its most paranoid citizens.

Linux and Amiga users can be safe... (2, Interesting)

3seas (184403) | more than 6 years ago | (#19948073)

A better question is (1)

brennz (715237) | more than 6 years ago | (#19948181)

Why does Zonk continually post such uninformed articles?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?