Skip to comments.Freeper Gigantor Goes Wild at 2005 Inaugural Ball (lots of pictures)
Posted on 01/22/2005 6:47:13 AM PST by Gigantor
2005 Free Republic Inaugural Ball - Gigantor has a wild time!
But their server is looking for something else, too. I have my Zone Alarm set to "stealth mode - Your computer is hidden and protected from hackers. Sharing is not allowed."
That feature must be disabled for me to view the pictures.
I wonder why the website (www.rfny.us) demands that it be able to "see inside" my computer before it will let me view the photos.
(The owner of the rfny.us website is one "Hank Hayes", who, coincidentally, looks a lot like Gigantor. See www.hankhayes.com.)
Can anybody help explain this?
There's no way I'm dropping my firewall. I have enough problems. I don't need to go looking for them.
--"Car 54 Where Are You?"
I've got nothing to hide, however, I'm also not interested in someone putting spy programs in my computer to watch everything I do on the net. In my books, that'd be the bottom line of disabling a firewall along with Norton.
Yeah, I noticed that...but it's Sunday, traditionally a slow day.
But they're not, apparently. Those of us running firewalls are denied.
So that tells me that FR must forward the IP addresses of the requester to rfny.us, and those of us who have our outgoing IP addresses blocked by our firewalls are disapproved.
John, is "IP forwarding" enabled on the FR servers, and if so, why?
Does anybody have any idea if I know what the heck I am talking about, 'cause I sure don't.
Firewalls can do strange things. Sometimes I experience what you describe but I use Norton. If I really feel it necessary to view the image, I'll quickly disable the firewall, download the page and re-enable the firewall.
That's what I did, but I still feel the need to understand.
We've got some rather naive folks....w/out thinking about the security issues...many disabled their protection to look at the pics...now they've got egg on their faces...so to speak. During toons days we had lots of spies at FR...from his administration...my bet, we still do with even better tools.
In message #89 I posted direct links to the pictures on a different server than the one that got overloaded - were you able to see them that way?
I wish I could have been there! It looks like you had a blast!
The links in post #89 work for me - but the others don't. Thanks for reposting! Great pix.
I have Linux and I can see some of what's going on here, since my firewall logs incoming requests.
Whatever server is hosting those pictures (220.127.116.11) is requesting a connection to any machine requesting the pictures, and trying to open a port in the 328xx range (32807, 32816, etc. etc.).
I've seen this before - I don't recall seeing it with Windoze, but it's happened more frequently with Linux. Usually, I just bag it and don't look at the site, but this time I opened access to the 18.104.22.168 server to look at a couple of them (guess which ones...), and then turned it off again (the Linux firewall allows you to enable and disable any service to and from any port for any specific machine to which you're "talking").
I *think* (haven't thoroughly infestigated it; I have many more important computer issues to get paranoid about at the moment) that in most cases what it is, is the machine to which you're trying to connect is trying to do a reverse DNS lookup on your machine. Most sites don't do that, but some (probably an increasing number) do - what they're trying to do is to force your machine to identify itself in case you're trying to send "Spam" into their server, before they'll let you look at the babe in the gold dress. However, if you have services running on your machine which talk on the port to which their machine manages to connect, it *could* be a penetration attempt.
Because this is just a photo hosting site, and because Linux is far less likely to be the subject of a successful probe by hackers, (*most* of the exploits out there target Gatesware), and because I can turn on access on a port-by-port basis, and because I shut the access of as soon as I got a look at the babe in the gold dress (Nice bod but too much makeup for my barbarian tastes) (sorry, but you all have REALLY asked for it), I was willing to drop my ah... "Guard" in this case.
People with Windoze firewalls might experience various things, depending on their firewall (and I DON'T know how Gatesware plays with the third-party firewalls, so all I can do is guess, but...). If you've got your browser set up to act as a server, it might be doing the reverse DNS on request and sending out your Social Security Number and bank account and voting record, without your even knowing it (I hope I'm exaggerating). Or, your browser/firewall might be denying the reverse DNS (or whatever) request, so you end up having to take down your firewall in order to ogle the cute babe in the gold dress. I hate even speculating about Windoze; it's junk.
I'm not a computer expert, I'm just a paranoid redneck thug. My eventual intention is to figure out how to set up a server on my Linux system to "spoof" the reverse DNS lookups and any other service requests and, rather than just denying them, feed them a pack of lies in order to infuriate and frustrate whatever sniveling leftist compugeek on the other end who thinks he's cute...
Perhaps your statement explains the mystery, IF it is accurate - how do you know that the server ONLY ACCEPTS requests from FreeRepublic. If that IS correct, then this is the answer:
I played around with my Norton Internet Security Settings and got the following results:
If you have a different theory - explain, please.
For the love of God and image downloading, do these fiends have no mercy?
All the links are looking good bro. You remind me of James Bond... tuxedo, surrounded by beautiful willing women, savoring sumptuous cuisine, quaffing martinis shaken ... except I think he smoked "El Productos".
Oh, boy. Here we go again.
Heh! Aren't we all, though?
Laz, my jaw dropped as well.
Mine worked like a charm, but I know your frustration with the x's or system asking me what program I should open "ihhnen.ohhswf" with. UNGHH1
I can neither comfirm, nor deny that global Freeper hooliganism.
Man, if the male riff raff knew there would be unattached supermodels at this gala, the Ball would have sold out faster than Oprah's "book of the week".
I don't blame JimRob for hiding his harem.
Good God, that's really Franken...what did you say to him? Franken is one of those guys I am happy will never come within spitting distance of me, lest I be tempted.
Wasn't "Gigantor Goes Wild" an episode in the cartoon series ? The one where Gigantor and Prince Planet battle the evil Spider ?
The bad news: she's Gigantor's kid sister and he chaperons all dates. And any prospective suitors of the young lady have to pay for Gigantor's dinner as well.
...and his beer tab.
Also, when I copy and paste the URL from one of those picture directly into my browser, I get a "forbidden" message...even with Zone Alarm disabled.
Now regarding Zone Alarm, there was at least one FReeper other than you who was able to see the pix with ZA active. But we don't know his or her settings, so that really doesn't tell us anything.
What fire_eye said in the post above yours makes sense to me, and possibly the explanation is there.
I've set up my Zone Alarm to block incoming TCP Ports in the 32xxx range. It's a "custom" setup in the "Internet Zone" of the "Firewall" tab.
So maybe whoever set up the Apache Webserver at rfny.us just tried to get fancy by using some unusual port with unintended results. Or maybe not...
But with "Alert Notification" active, I get no alert that anybody was trying to access port 32xxx when I try to view any of those pictures. So I really still don't know what's going on.
I am still surprised that FR sends our IP address to any remote site to which we are "redirected". I wasn't aware that IP forwarding was going on, and if true, the management might want to add that to their privacy statement.
This is probably all innocent, but I sure wish Gigantor would chime in here before my paranoia builds further...
A. I copied the JPEGs to a folder I created on one of my web site ISPs. I posted a standard "img src=..." link for each picture.
B. When I reached the bandwith limit on that web site I copied same JPEGs to my other web site ISP and linked to them.
All I do is pay $7 bucks a month to have my domain hosted, anything beyond that - is beyond me.
Personally, I think we're dangerously close to tin-foil hat territory.
Al Franken wasn't this suspicious - and I was wearing several Bush/Cheney buttons and pins when I approached him!
You can't afford her.
Would you mind asking the webmaster at rfny.us why he has his site set up to block anyone with a firewall?
I use Windows XP SP2 firewall and I'm having no prolems at all... all but 2 photos downloaded just fine, and I'm getting no error messages that "something" is trying to access my computer.
Thanks very much for your efforts here and for sharing the adventure!
In snopercod's post # 132, he states:
"I have been discussing this situation offline with a knowledgeable friend with a packet sniffer in his pocket, and he told me that rfny.us checked for the "referrer" and would only pass the pix if the request came from an approved range of IP addresses."
In my post # 114, I explained that if one's computer has a firewall or similar program that prevents relaying that referrer information, then the pics won't show up. This is a common request that websites use to track where a visitor came from and where the visitor is going. No personal info is obtained, just tracking your surfing, usually for targeting ads to you. But, in this case, it's for verifying that you have permission to view the pics. No big deal.
Of course, they may also want to track for ad purposes, but I doubt it, since they only authorize specific referral websites - doesn't make since to advertise. Actually, it's kind of slick - I might consider using them for my pics.
...or does FreeRepublic forward the IP address of the member making the request?
I believe this is all innocent, too, but I sure would like to understand it since I have never encountered a situation like this before.
OTOH, the fact that nobody is talking makes me wonder. Guess I'll page John_Rob again...sigh...
I am behind a firewall and can see the pictures fine.
May I ask what kind of firewall you are behind? Do you have inbound TCP ports 32,xxx blocked?
Thanks for the data point.
WOW. Talk about Global Warming.
coul dyou stand it if she and ann C were in the same pic?
We use Cyberguard here in the office. I am not sure if we are blocking inbound ports. At home I use Norton and would never turn off my firewall. I can check from home whether or not I can see the pictures and get back to you.
Maybe your browser is blocking the pics.
That possibility occurred to me as well. I use Firefox so I disabled popup blocking, and no joy. Then I brought up IE and tried to access the pix - still no joy.
So I don't believe that it's browser-related.
Also, several FReepers who used IE had the problem as well.
Sigh...nobody's talking? Some people are needy, others anal, some are a combination of the two...
RFNY.COM is hosted by THRIFTWEB.COM - their email is firstname.lastname@example.org - perhaps someone there will be able to help you (I sincerely hope so...sigh...)
I am at home now and can't see the pictures. So, if you can figure it out let me know.
There's probably something in Windoze that enables responding to reverse DNS requests... i.e. if your Gatesware is rejecting them, it's probably not a setting in the browser but something buried in "Networking" in the "Control Panel" or whatever dumaflodget thingumbob... it probably *would* affect all browsers you try.
my wife is bugging me to bring up Windoze so she can use Screamweaver... maybe I'll probe Windoze's slimy entrails while she's doing that.
One other behavior... the 32xxx port requests get iterated (32962, 32963, 32972, 32973... etc... and it'll keep trying forever. (as I said, I've seen this behavior with other sites that I can't access; my theory is it's probing for an open reverse DNS port. (good luck you P.O.S. snoopware))
From: ShieldsUP! A web browser's request to a remote server may contain information about the user and the computer system running the browser. The composition of this information is dependent upon the specific browser and version, the browser's security settings, and even in the case of cookies the browser's history of previous contact with the remote server being queried. A web browser's request headers might also be modified by the request's passage through some other agent such as a privacy filter which deliberately removes potentially revealing information, or a proxy server which might add headers to identify the client on whose behalf the proxy's request is being made. Information such as cookies, the URL of the web page which contained the link that referred the browser to the remote server (potential privacy/tracking concerns there), the identity and version of the browser, and the format of information that can be accepted for the server's reply and more are all transmitted by the user's browser for every request. In some cases, the user's screen display resolution and color depth or the operating system and version being used is also included. It is important to recognize that the user's web browser can send any sort of information it chooses and the typical web-surfing user is none the wiser. In some situations, as mentioned above, intermediate Internet servers, such as transparent caching proxies, may process and forward the browser's request while appending their own data to the query; typically a "Via" or "Client" tag.
A web browser's request to a remote server may contain information about the user and the computer system running the browser. The composition of this information is dependent upon the specific browser and version, the browser's security settings, and even in the case of cookies the browser's history of previous contact with the remote server being queried.
A web browser's request headers might also be modified by the request's passage through some other agent such as a privacy filter which deliberately removes potentially revealing information, or a proxy server which might add headers to identify the client on whose behalf the proxy's request is being made.
Information such as cookies, the URL of the web page which contained the link that referred the browser to the remote server (potential privacy/tracking concerns there), the identity and version of the browser, and the format of information that can be accepted for the server's reply and more are all transmitted by the user's browser for every request. In some cases, the user's screen display resolution and color depth or the operating system and version being used is also included. It is important to recognize that the user's web browser can send any sort of information it chooses and the typical web-surfing user is none the wiser. In some situations, as mentioned above, intermediate Internet servers, such as transparent caching proxies, may process and forward the browser's request while appending their own data to the query; typically a "Via" or "Client" tag.
In other words, without firewalls, nats, etc., your browser automatically sends referrer information about the web page you are on to the server requesting it - this has nothing to do with FR.
One of the tests in 'Shields UP' is a port probe - it will tell you the status of your ports - open, closed, or stealth. You can even probe specific ports. Check it out.
Seriously, looks like a wonderful time was had by all!
What we have here is a simple technical problem I am trying to understand.
OK, you said RFNY.COM is hosted by THRIFTWEB.COM
Well, not exactly. The registrar is someone called Hank Hayes. If you go to www.hankhayes.com, you see this picture, whom I assume to be Hank Hayes.
Here's what I get with a whois search:
[whois.melbourneit.com] Domain Name: RFNY.US Domain ID: D3631344-US Sponsoring Registrar: GO DADDY SOFTWARE, INC. Domain Status: ok Registrant ID: GODA-02410637 Registrant Name: Hank Hayes Registrant Organization: Unknown Registrant Address1: 1748 70th Street Registrant City: Brooklyn Registrant State/Province: New York Registrant Postal Code: 11204 Registrant Country: United States Registrant Country Code: US Registrant Phone Number: +1.7185555555 Registrant Email: Hank@hankhayes.com Registrant Application Purpose: P3 Registrant Nexus Category: C11 Administrative Contact ID: GODA-22410637 Administrative Contact Name: Hank Hayes Administrative Contact Organization: Unknown Administrative Contact Address1: 1748 70th Street Administrative Contact City: Brooklyn Administrative Contact State/Province: New York Administrative Contact Postal Code: 11204 Administrative Contact Country: United States Administrative Contact Country Code: US Administrative Contact Phone Number: +1.7185555555 Administrative Contact Email: Hank@hankhayes.com Administrative Contact Application Purpose: P3 Administrative Contact Nexus Category: C11 Billing Contact ID: GODA-32410637 Billing Contact Name: Hank Hayes Billing Contact Organization: Unknown Billing Contact Address1: 1748 70th Street Billing Contact City: Brooklyn Billing Contact State/Province: New York Billing Contact Postal Code: 11204 Billing Contact Country: United States Billing Contact Country Code: US Billing Contact Phone Number: +1.7185555555 Billing Contact Email: Hank@hankhayes.com Billing Contact Application Purpose: P3 Billing Contact Nexus Category: C11 Technical Contact ID: GODA-12410637 Technical Contact Name: Hank Hayes Technical Contact Organization: Unknown Technical Contact Address1: 1748 70th Street Technical Contact City: Brooklyn Technical Contact State/Province: New York Technical Contact Postal Code: 11204 Technical Contact Country: United States Technical Contact Country Code: US Technical Contact Phone Number: +1.7185555555 Technical Contact Email: Hank@hankhayes.com Technical Contact Application Purpose: P3 Technical Contact Nexus Category: C11 Name Server: NS1.THRIFTWEB.COM Name Server: NS2.THRIFTWEB.COM Created by Registrar: GO DADDY SOFTWARE, INC. Last Updated by Registrar: GO DADDY SOFTWARE, INC. Domain Registration Date: Fri Feb 07 10:59:08 GMT+00:00 2003 Domain Expiration Date: Wed Feb 06 23:59:59 GMT+00:00 2008 Domain Last Updated Date: Thu May 08 23:39:25 GMT+00:00 2003