For the first time in a while, saw an outgoing packet that I didn't recognize.
It was a TCP packet sent to 213.155.157.32. This seems to be part of the telia.net domain, though this address doesn't actually have a domain name. Telia is a Swedish IP that extends throughout Europe. Hostsearch says the address is maintained by Akamai, which is based here in Cambridge MA, but that it's located in London - so this is an Akamai International host, accessed through the Telia network. The packet was sent by one of those generic svchost.exe processes, and I didn't notice it in time to see if netstat could have told me anything else.
The host has open http ports - my packet was sent to port 80, so maybe it was an attempt at opening an http session. Maybe some Microsoft component was checking for an update - I've noticed before that Microsoft updates are often hosted on Akamai servers - but it's weird that it tried with a single packet and gave up. Other option (more likely maybe) is that it was a long delayed "close connection" packet, from a website I had opened much earlier - the web browser had been closed for a while, though I don't remember how long it had been.
The packet was sent from port 22095. This doesn't appear to be associated with anything interesting...
Oh well, this was pretty boring.
Tuesday, March 29, 2011
Friday, March 25, 2011
How To Escape the Web
I have finally found a browser configuration that can reliably keep me from screwing around on the internet.
For a while I've had the Leechblock add-on for Firefox, which lets me dynamically (i.e. on-the-spot) add a site to a list, and then keep me from seeing it for some period of time. But I figured out early on that I could remove sites from the list with just a little work. Apparently, I just didn't know how to use Leechblock to the fullest of its abilities, because it's also possible to set it so that no changes at all to its configuration - except for adding addresses - are possible outside certain circumstances, which can be made very restrictive.
So, with Firefox, I am now prohibited from visiting my favorite places to read, visiting my favorite forums, and periodically checking Facebook to make sure that, still, no one has left me any messages.
But that leaves IE, which I quickly discovered is basically un-uninstallable. You can roll back to earlier versions, but you cannot, without more expertise than I have, remove it from XP. So I persisted this way for a while, with an old version of IE that at least made me nervous to go wandering around the web, for fear of Java trojans. I could sneak over to stupid IE to check for Facebook messages, or to see what the others were talking about on the forums, or to see what country was on fire today. I was basically controlling myself relatively well, but still not satisfied.
Solution: rather than try and figure out whether there's some Leechblock equivalent for IE, I rolled IE back up to the current version, went into the "content advisor" settings, and told it not to let me visit any websites that I haven't already rated as okay. I'm not even sure what a content advisor rating is - I was just testing to see what the setting did. It prevented me from looking at basically any website at all, making IE useless. But the key is that the content advisor has a password option, so that without the password you can't change the settings.
I set the password to something I made up on the spot, and I have no idea now what it was. It was actually a word, something like arduvon or.. I remembered it for a few minutes afterwards, and worried that I had memorized it, but it's gone!
I'm not completely protected, however. I could always download Chrome or something else, or roll IE back again. The first option can be prevented by just adding the Chrome site to the Leechblock list.
Anyways, I'm pretty satisfied with this.
For a while I've had the Leechblock add-on for Firefox, which lets me dynamically (i.e. on-the-spot) add a site to a list, and then keep me from seeing it for some period of time. But I figured out early on that I could remove sites from the list with just a little work. Apparently, I just didn't know how to use Leechblock to the fullest of its abilities, because it's also possible to set it so that no changes at all to its configuration - except for adding addresses - are possible outside certain circumstances, which can be made very restrictive.
So, with Firefox, I am now prohibited from visiting my favorite places to read, visiting my favorite forums, and periodically checking Facebook to make sure that, still, no one has left me any messages.
But that leaves IE, which I quickly discovered is basically un-uninstallable. You can roll back to earlier versions, but you cannot, without more expertise than I have, remove it from XP. So I persisted this way for a while, with an old version of IE that at least made me nervous to go wandering around the web, for fear of Java trojans. I could sneak over to stupid IE to check for Facebook messages, or to see what the others were talking about on the forums, or to see what country was on fire today. I was basically controlling myself relatively well, but still not satisfied.
Solution: rather than try and figure out whether there's some Leechblock equivalent for IE, I rolled IE back up to the current version, went into the "content advisor" settings, and told it not to let me visit any websites that I haven't already rated as okay. I'm not even sure what a content advisor rating is - I was just testing to see what the setting did. It prevented me from looking at basically any website at all, making IE useless. But the key is that the content advisor has a password option, so that without the password you can't change the settings.
I set the password to something I made up on the spot, and I have no idea now what it was. It was actually a word, something like arduvon or.. I remembered it for a few minutes afterwards, and worried that I had memorized it, but it's gone!
I'm not completely protected, however. I could always download Chrome or something else, or roll IE back again. The first option can be prevented by just adding the Chrome site to the Leechblock list.
Anyways, I'm pretty satisfied with this.
Friday, January 21, 2011
yandex.ru
Another boring Sitemeter post. I'm so sorry.
Several interesting visitors recently, though I haven't kept notes and have forgotten the names of several. Someone in France came here and spent something like an hour viewing several dozen pages, I don't know why - they came in through the MS-WBT server page, though.
Someone came here through my link in Facebook, which never happens, and he looked at a few pages. I know who it was, but I won't embarrass him.
Anyway, page views are up for some reason - every day or two, someone flips through several pages, I don't know why that's happening now but not before - the MS-WBT page isn't changed, nothing is. Random winter boredom maybe?
Today there was a visitor about whom Sitemeter seemed to know nothing at all. I was curious, so tracerouted the entire IP block, and it led back to a cluster of sites named yandex.ru. This, apparently, is the Russian Google, a search engine suite. I don't know what hit the site, exactly, but maybe it was a yandexbot - the Googlebot comes every few days or weeks, maybe the yandexbot will start dropping by.
Anyways, that's pretty boring. Sorry.
Several interesting visitors recently, though I haven't kept notes and have forgotten the names of several. Someone in France came here and spent something like an hour viewing several dozen pages, I don't know why - they came in through the MS-WBT server page, though.
Someone came here through my link in Facebook, which never happens, and he looked at a few pages. I know who it was, but I won't embarrass him.
Anyway, page views are up for some reason - every day or two, someone flips through several pages, I don't know why that's happening now but not before - the MS-WBT page isn't changed, nothing is. Random winter boredom maybe?
Today there was a visitor about whom Sitemeter seemed to know nothing at all. I was curious, so tracerouted the entire IP block, and it led back to a cluster of sites named yandex.ru. This, apparently, is the Russian Google, a search engine suite. I don't know what hit the site, exactly, but maybe it was a yandexbot - the Googlebot comes every few days or weeks, maybe the yandexbot will start dropping by.
Anyways, that's pretty boring. Sorry.
Friday, December 31, 2010
WebSense
This is kind of interesting.
Being on the private network and all, I can't see the main stream of internet traffic - or, I don't know how to watch it from an external host, same thing. Anyways, I am reduced to watching Sitemeter to see if anything interesting pops up there. So we get the Italia thing from last time.
Sitemeter tells me the referring URL for most visitors to this site. 98% of them are referred from Google, because they've searched for MS-WBT-SERVER and that April page is the top return for that search. The ones that aren't from there are the interesting ones. Today I get the following referral:
http://10.237.125.90:15871/cgi-bin/blockOptions.cgi?ws-session=1817507749
An IP address starting with 10.* is a private network address - so at first I thought this was a referral from some site on my own network, which doesn't make any sense at all. Then, slightly more sensibly, I thought it must be a reference from within the Blogspot network. Then I gave up guessing, and Googled it.
A number of forum questions suggest that someone on a private network tried to see this site, but it (i.e. blogger.com) was blocked by WebSense software. So WebSense poked the site, found it was on its block list, and probably gave that person a notification that it was blocked - 15871 is the port used by the WebSense monitor or something, so this actually reveals (I think) the user's own IP address. The request came from an address in Tamil Nadu, India.
So, strangely enough, this is a way of getting information about a user from within a private network - get your site blocked by them, then you can see their external, public address when they attempt to connect, and their private address when WebSense bounces them off. Neat!
***
The public address sitemeter gave me was 203.99.193.* - this is registered to Cognizant Technology Solutions - long story short, Cognizant is (among other things) an outsourcing company. No way of knowing exactly what they're doing there, some sort of white collar stuff, call centers, that sort of thing.
Being on the private network and all, I can't see the main stream of internet traffic - or, I don't know how to watch it from an external host, same thing. Anyways, I am reduced to watching Sitemeter to see if anything interesting pops up there. So we get the Italia thing from last time.
Sitemeter tells me the referring URL for most visitors to this site. 98% of them are referred from Google, because they've searched for MS-WBT-SERVER and that April page is the top return for that search. The ones that aren't from there are the interesting ones. Today I get the following referral:
http://10.237.125.90:15871/cgi-bin/blockOptions.cgi?ws-session=1817507749
An IP address starting with 10.* is a private network address - so at first I thought this was a referral from some site on my own network, which doesn't make any sense at all. Then, slightly more sensibly, I thought it must be a reference from within the Blogspot network. Then I gave up guessing, and Googled it.
A number of forum questions suggest that someone on a private network tried to see this site, but it (i.e. blogger.com) was blocked by WebSense software. So WebSense poked the site, found it was on its block list, and probably gave that person a notification that it was blocked - 15871 is the port used by the WebSense monitor or something, so this actually reveals (I think) the user's own IP address. The request came from an address in Tamil Nadu, India.
So, strangely enough, this is a way of getting information about a user from within a private network - get your site blocked by them, then you can see their external, public address when they attempt to connect, and their private address when WebSense bounces them off. Neat!
***
The public address sitemeter gave me was 203.99.193.* - this is registered to Cognizant Technology Solutions - long story short, Cognizant is (among other things) an outsourcing company. No way of knowing exactly what they're doing there, some sort of white collar stuff, call centers, that sort of thing.
Subscribe to:
Comments (Atom)