Replies

My personal theory is, these Windows firewall companies tune their software to a pointless level of sensitivity, and then flash pretty windows with technobabble during each "attack" in order to "show" their customers how many boogeymen are being denied access to their system because their software was installed. This is a marketing gimmick to make the customer feel "protected." I've been running a Linux firewall for years, and not once has it ever popped up a flashy window warning me about an ICMP ping, or UDP packet to port Kalamazoo. In truth, none of these "attacks" would have any affect, as they're all just random probes and other Internet noise.

Personal firewalls are more important in keeping traffic from going out of your computer than from coming in. When up pops a flashy window telling you Keylogger is trying to make a connection to the Internet, and you don't recognize Keylogger as being an authorized program on your computer, then you have something to worry about.

As for attacks occurring when you're on FR-- that is probably just a coincidence. How much of your time is spent on FR vs other sites when you're connected to the Internet?

Also, a number of these warnings can be attributed to a failed www connection. See "False Positives". On some image-laden threads, your web browser may make dozens of www connections (one for each image on the thread.) Most of those connections go to other machines, some of which may be under stress and failing connections.

And, btw, your IP address will be leaked to other websites if you download images off those websites. It is easy enough for that to happen on FR, all one has to do is visit a thread with an image hosted on another website. Most images aren't downloaded from FR, and anybody can post a link to an image. This is not unique to FR, it is a fact of HTML life. If you are truely concerned, you can surf the Internet with images disabled, but really, there isn't much anybody will do with any random IP address they find downloading an image (especially when thousands of hits are recorded each day.) [BTW--people--don't link in images that are hosted on other people's servers unless you have permission.]

We have no software hosted on our machines (IP range 209.157.64.193-209.157.64.254) that will probe your machine when you contact FR. The absolute most that will probably never happen is an ICMP ping or traceroute from me if I'm tracing a network problem (I would likely pull a random address from FR's server, something I know is alive.) ICMP pings are very similar to sonar pings (measures roundtrip time of the "ping") and traceroute lists the network routers between two locations.

We keep our machines clean, there are no third parties messing around, no trojans on our site. We employ several mechanisms to verify the integrity of the system to ensure nobody is fooling around. We keep the software up-to-date with the latest patches as soon as they are made available. I keep an eye on the security portals that note "zero-day exploits." The number of network services we do run is minimal, there isn't much to exploit.

Man-in-the-middle attacks, where a hacker compromises a machine between you and the server, are incredibly rare and difficult. Almost all machines between you and the server are dedicated routers with little or no services to compromise. These are dedicated pieces of hardware with no other function than to move packets around, compromising one would be a difficult act, and the person that has the resources to do that is probably not going to be scanning personal computers.

Having said that, please do let me know if there is any suspicious activity, something that can be reproduced and that can be attributed to FR or any of my servers. Random occurances are most likely meaningless, either coincidence or noise.

I'd like to comment on just a few items. I have never observed any probing, fingering, or port scanning from IP addresses associated with Freerepublic.com.

On the other hand, (as you have noted) it is possible to "spike" a thread with a photo from a different server than those assigned to freerepublic.com IP addresses. When the data is pulled from the third party server (i.e. a yahoo.com news photo), server administrators can review the log files and initiate port scanning themselves (which is what I observed when I hit the jpost.com story on Christians and Jews cooperating).

These are all just the effect of being plugged into the widest ranging digital network on Earth.

Al Queda and PRC operatives are sharing the same bandwidth that we are on. If a PRC or AQ operative spiked a thread with a photo from their server, they can track every IP address of every individual reading that thread on Free Republic. This becomes a future tool to identify potential targets for port scanning and hacking activity.

It is naive to believe that such attacks are "coincidence". We have routinely observed port scanning, pinging, fingering, and TCP/IP hits from IP addresses located in the PRC and Middle East. These hits often are clustered and coincide with international events. You may want to review your logs to identify such patterns.

The reality is that the dedicated men and women who anonymously post to this site are vulnerable to such probing and scanning. If someone has a fixed IP address, it would be possible to host imagery on your home server and dish out the data via the fixed IP address. Review of your server logs would reveal IP addresses for the visitor/intruder.

As you point out, "man-in-the-middle" attacks are less easy to do. However, if you control a major node on the internet, it is definitely possible to record and evaluate data packets moving through the node on the net. This process of "packet sniffing" is not very difficult. In fact, there are desktop applications which permit your home desktop device to packet sniff local traffic on your part of the internet.

If a perp/terrorist plugs this kind of machine near a major node, a significant amount of network traffic can be monitored. I think NSA is probably doing this now (MSG to NSA/CIA: HI GUYS!!! HOW'S MCLEAN, VA, THESE DAYS???)

God bless