These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Don't scan my ports CCP or else

First post
Author
Jovan Geldon
Pandemic Horde Inc.
Pandemic Horde
#81 - 2012-03-15 01:18:22 UTC
The E-O forums really need a :hugecripes: emoticon for times like these
Roh Voleto
Doomheim
#82 - 2012-03-15 01:20:04 UTC
CCP Mort wrote:

This is a non-intrusive probe with good intentions ;)

CCP Mort


The road to hell is paved with good intentions.
Jovan Geldon
Pandemic Horde Inc.
Pandemic Horde
#83 - 2012-03-15 01:34:41 UTC
Muestereate wrote:
when you attack me, I disco and crash


Also I hope I'm not the only one who read this bit and then had a horrifying mental image of punching the OP's avatar then watching in confusion as he pulled out some swanky Saturday Night Fever shapes then collapsed into a comatose heap on the floor
Cipher Jones
The Thomas Edwards Taco Tuesday All Stars
#84 - 2012-03-15 02:40:45 UTC
Bergon Darek wrote:
Tippia wrote:
Muestereate wrote:
when you attack me, I disco and crash.
You keep using that word. I don't think it means what you think it means.
Inconceivable!

Anyone want a peanut?

internet spaceships

are serious business sir.

and don't forget it

Cindy Marco
Sebiestor Tribe
Minmatar Republic
#85 - 2012-03-15 02:46:37 UTC
CCP Mort wrote:
Hi, sorry about that

The source of the scan is our FCP guy, We wrote a devblog on it some time ago..

The FCP is listening to all client traffic and will probe clients with ICMP and traceroute through each of our Internet connections.It does that to figure out if another provider might have better latency or less loss than the one picked automatically by BGP. So if it finds a better path it will instruct our Internet edge routers to overrule the default path.

This is a non-intrusive probe with good intentions ;)

CCP Mort


This is actually a really awesome explanation. Its a really great idea, and doesn't screw with the players heads at all.

FCP guy for CEO!
Natalia en Thielles
Aliastra
Gallente Federation
#86 - 2012-03-15 02:52:39 UTC
Khanh'rhh wrote:

The remainder was my housemate pinging port 21 because he knew I had it configured to literally make the computer ping. (dont ask)


Give me a ping, Vasili. One ping only, please. Shocked
Khanh'rhh
Sparkle Motion.
#87 - 2012-03-15 09:26:55 UTC
Natalia en Thielles wrote:
Khanh'rhh wrote:

The remainder was my housemate pinging port 21 because he knew I had it configured to literally make the computer ping. (dont ask)


Give me a ping, Vasili. One ping only, please. Shocked


CCP are pinging away with their active sonar like they're looking for something, but nobody's listening.

"Do not touch anything unnecessarily. Beware of pretty girls in dance halls and parks who may be spies, as well as bicycles, revolvers, uniforms, arms, dead horses, and men lying on roads -- they are not there accidentally." -Soviet infantry manual,

Masamune Dekoro
School of Applied Knowledge
Caldari State
#88 - 2012-03-15 09:49:44 UTC
Krenalla wrote:

This is a non-intrusive probe with good intentions ;)

Source of OP's butthurt


I think I see what you did there.
Mara Rinn
Cosmic Goo Convertor
#89 - 2012-03-15 10:28:13 UTC
My public IP address receives about a dozen probes per minute for MySQL, MS-SQL, Oracle, SUN-RPC, SMB/CIFS, SSH, and a bunch of other services. The legitimate traffic over my network link is about 60% of total traffic.
Twulf
Order of the Eagles
#90 - 2012-03-15 16:10:02 UTC
Muestereate wrote:
Of course I knew it had originating code, The source was EVE. Kind of self evident since I posted on an eve forum asking them to stop???? I Doesn't show up as a ping on my logs but a scam. I mean scan, I allow echo requests so that servers don't time me out but the pings have to go where I expect them go. you can come in my front door port 80.


Oh my, this is priceless.

You talk about having your computer setup with great security but you have port 80 open? Lol that is classic.
Just more proof you have no clue how to setup computer security.

I route all Internet traffic through port 8080. Port 80 is the default port for HTTP traffic and is the first port that is attacked when trying to hack into a remote machine. This is a very simple setup and can be done in any router or firewall software and can be done by non IT professionals that have some knowledge of computers.

Man, your security is like the story of the three little pigs. You just happen to be the Pig that build his security out of straw and wonder why the big bad wolf still gets in.
Morganta
The Greater Goon
Clockwork Pineapple
#91 - 2012-03-15 16:19:35 UTC
Twulf wrote:
Muestereate wrote:
Of course I knew it had originating code, The source was EVE. Kind of self evident since I posted on an eve forum asking them to stop???? I Doesn't show up as a ping on my logs but a scam. I mean scan, I allow echo requests so that servers don't time me out but the pings have to go where I expect them go. you can come in my front door port 80.


Oh my, this is priceless.

You talk about having your computer setup with great security but you have port 80 open? Lol that is classic.
Just more proof you have no clue how to setup computer security.

I route all Internet traffic through port 8080. Port 80 is the default port for HTTP traffic and is the first port that is attacked when trying to hack into a remote machine. This is a very simple setup and can be done in any router or firewall software and can be done by non IT professionals that have some knowledge of computers.

Man, your security is like the story of the three little pigs. You just happen to be the Pig that build his security out of straw and wonder why the big bad wolf still gets in.


welp.. if you're running a webserver port 80 is correct, 8080 is typically used as a workaround for ISPs who block 80 on residential lines.
8080 is no safer as its highly publicized that most idiots with poorly implemented home services use it, so it would likely get scanned first. Bot net owners want home machines behind residential gateways, not production level servers

this also includes the top 5 or so ports and their workaround ports
21
27
110
and whatever irc defaults to now

like i said, an open port is not a threat, most scanners are looking for their own malware to reply on those ports, but the port simply being open is not a huge issue unless there's a documented exploit connected with it

Khanh'rhh
Sparkle Motion.
#92 - 2012-03-15 17:40:31 UTC  |  Edited by: Khanh'rhh
Twulf wrote:
Muestereate wrote:
Of course I knew it had originating code, The source was EVE. Kind of self evident since I posted on an eve forum asking them to stop???? I Doesn't show up as a ping on my logs but a scam. I mean scan, I allow echo requests so that servers don't time me out but the pings have to go where I expect them go. you can come in my front door port 80.


Oh my, this is priceless.

You talk about having your computer setup with great security but you have port 80 open? Lol that is classic.
Just more proof you have no clue how to setup computer security.

I route all Internet traffic through port 8080. Port 80 is the default port for HTTP traffic and is the first port that is attacked when trying to hack into a remote machine. This is a very simple setup and can be done in any router or firewall software and can be done by non IT professionals that have some knowledge of computers.

Man, your security is like the story of the three little pigs. You just happen to be the Pig that build his security out of straw and wonder why the big bad wolf still gets in.


It does not matter, at all. Anyone pinging port 80 against a machine behind a NAT will simply receive no response, since the packet is not routed anywhere. This is what you want, since you have plausible deniability; there is no evidence a machine is even there.

A weaker solution is to deliberately forward all non-routed packets as routed to one host (DMZ) in which case a software firewall will either report the port closed, or not respond. The latter is functionally identical. Replying with a closed port indicates a machine is there and will result in your machine being shortlisted and pinged at intervals. The complete absence of *any* firewall at all is surprisingly not that insecure; the attacker still needs to exploit an unknown/unpatched software vulnerability to do anything.

I'm pretty sure OP is using one of those firewalls (such as COMODO) that has an "advanced" mode which allows you to control every DLL and every single port that every application can have access to. They're a massive resource hog, have compatibility issues (see:OP) and take a lot of user effort for negligable gain.

Lastly, they are absolutely zero use against modern rootkits, which disable the service as a first call to action. Rootkits like zeroaccess / sirefef currently have no software based defense, outside of A/V solutions that scan incoming traffic. A firewall is of zero use at all.

I had a client who shot himself in the foot with all this "BLOCK ALL THE THINGS!!" mentality; he had stopped java from checking for updates, which lead to him getting a trojan which perfectly spoofed itself as his DNS service and installed into his TCP/IP stack. I still have an image of his HDD because it's a fantastic example of a little knowledge causing harm. A machine with no A/V or firewall installed (but with updates running) is immune to the same trojan because the exploit was patched out.

"Do not touch anything unnecessarily. Beware of pretty girls in dance halls and parks who may be spies, as well as bicycles, revolvers, uniforms, arms, dead horses, and men lying on roads -- they are not there accidentally." -Soviet infantry manual,

FloppieTheBanjoClown
Arcana Noctis
Shoot First.
#93 - 2012-03-15 18:05:42 UTC
Paranoia and the pretense of competence are a time-honored combination.

Founding member of the Belligerent Undesirables movement.

admiral root
Red Galaxy
#94 - 2012-03-15 18:09:57 UTC
Jovan Geldon wrote:
Muestereate wrote:
when you attack me, I disco and crash


Also I hope I'm not the only one who read this bit and then had a horrifying mental image of punching the OP's avatar then watching in confusion as he pulled out some swanky Saturday Night Fever shapes then collapsed into a comatose heap on the floor


Yeah, pretty much had the same scary visual myself.

No, your rights end in optimal+2*falloff

Alpheias
The Khaleph
#95 - 2012-03-15 18:21:27 UTC
OP clearly needed that blue pill...

Agent of Chaos, Sower of Discord.

Don't talk to me unless you are IQ verified and certified with three references from non-family members. Please have your certificate of authenticity on hand.

Taedrin
Virtues Corporation
#96 - 2012-03-15 18:39:52 UTC
Twulf wrote:
Muestereate wrote:
WHY are all the people with military type names so insistent that I open my doors to them. I have a right to keep and bare firewalls. Mine happens to be Russian where freedom still exists. Why are so many people against me having some privacy? Why do so many act as if they don't even think I should expect privacy and security. I pay a premium price, I expect a lot from any publisher for only a few bucks a month but now I have one that takes 20 times that off of me. Publication is one way, they put it out and I pay. They don't get information off me with or without my permission without compensation.



Well where to start.

First, if you have an internet connecton active on your computer, you have no privacy or security. Do you buy things online? You have not privacy. Do you do online banking? You do not have privacy. The internet is a great and wonderful place but it has many many danagers. Once your info is on the internet, that is it, nothing you can do but hope you are not a target someday.
End of Debate.

There is not such thing as hack proof or 100% security when we are talking about technology.

After working in the IT field for over 20+ years, computer/network security is a false sense of safe. It is a cat and mouse game and the mouse has the advantage Just like Cops and Crimials, Criminals have the advantage as they do not have a set of rules to follow like the cops do. Same thing with Security Experts and Hackers/Virus makers, the hackers/virus makers have the advantage and always will.

Port Scanning is not an attack and alot of programs and ISP companies do port scanning. It can lead to an attack but the most you have to worry about on a home PC is it becoming part of a BoT network and you would never know about it most likely.


I understand that take the time to setup your security and you want to have that false sense of safety but the reality is, unless you go back to dial up and/or unplug your router everytime you leave your computer, you will never been 100% secure and you will not have privacy.



"There is not [sic] such thing as hack proof or 100% security when we are talking about technology."

While this is strictly true, you can get pretty damn close to 100% security if you design the system from the bottom up to be secure. In fact, I would argue that with the proper resources you could design a system which can ONLY be compromised by some sort of physical intrusion or exploiting human error.
Terminal Insanity
KarmaFleet
Goonswarm Federation
#97 - 2012-03-15 18:58:38 UTC
If you have an IP address on the internet, its going to be scanned by someone, eventually, hundreds of times.

The fact CCP themselves are doing it should assure you its nothing harmful. I doubt a major company is going to be 'hacking' your computer.

If you have a proper router set up you should have NO open ports anyways, unless you manually open them via your router's interface (for opening torrent or game server ports for example.)

"War declarations are never officially considered griefing and are not a bannable offense, and it has been repeatedly stated by the developers that the possibility for non-consensual PvP is an intended feature." - CCP

Doc Severide
Doomheim
#98 - 2012-03-15 19:06:30 UTC
Privacy is NOT the issue here. Trying to probe my "privates" now that really gets me going...
Xavier Holtzman
Caldari Provisions
Caldari State
#99 - 2012-03-15 19:11:05 UTC
Muestereate wrote:
I sleep with a Bowie knife under my pillow and several firearms within reach.Yes some one is ringing the bell, I've racked a round into my shotgun, I've shut my lights off inside and turned on the spotlight outside. I have billions of Isk.


I think he's making up for somthing....... Blink

I do not like the men on this spaceship. They are uncouth and fail to appreciate my better qualities. I have something of value to contribute to this mission if only they would realize it. - Bill Frug

Ryan Startalker Zhang
Garoun Investment Bank
Gallente Federation
#100 - 2012-03-15 20:10:10 UTC
Natalia en Thielles wrote:
Khanh'rhh wrote:

The remainder was my housemate pinging port 21 because he knew I had it configured to literally make the computer ping. (dont ask)


Give me a ping, Vasili. One ping only, please. Shocked


Hunt for Red October!