ATS AD Server pings Trojan ports, page 1

ATS AD Server pings Trojan ports, page 1

Pages:
ATS Members have flagged this thread 0 times

Topic started on 30-4-2006 @ 05:53 AM by XphilesPhan

I understand that ATS is sponsored by having ads, however Im being pinged every 60 seconds while connected to ATS.

media.fastclick.net is pinging my computer every 60 seconds.....I wouldnt mind but it is checking Trojan horse ports and other exploitive ports.

The ads are originating from ATS, as I am only pinged while connected to ATS. (ads.abovetopsecret.com)

Fix the problem.....

reply posted on 30-4-2006 @ 06:35 AM by mo_trot

i have had the same problem for about a month

reply posted on 30-4-2006 @ 08:18 AM by SkepticOverlord

Originally posted by XphilesPhan
Fix the problem.....

FastClick is a broad-based, well-respected ad network. I doubt the "pings" are anything related to improper activity other than attempting to write/read a cookie to gauge which ads they'd like to serve you.

If you have the port numbers, I can initiate a trouble-ticket with FastClick and obtain an official response.

reply posted on 30-4-2006 @ 03:10 PM by XphilesPhan

I have just had several attempted denial of service attacks against my system.

they originate : ns1. denyignorance.com

my IDS (Intruder Detection System) indicates that they were fragmented packet floods orginating on several ports.

Sorry about flying off the handle like that skeptic.

[edit on 30-4-2006 by XphilesPhan]

reply posted on 30-4-2006 @ 04:46 PM by Jedi_Master

Originally posted by SkepticOverlord

Originally posted by XphilesPhan
Fix the problem.....

FastClick is a broad-based, well-respected ad network. I doubt the "pings" are anything related to improper activity other than attempting to write/read a cookie to gauge which ads they'd like to serve you.

If you have the port numbers, I can initiate a trouble-ticket with FastClick and obtain an official response.

Ya SO I'm seeing pretty much the same thing ( except for the DOS attacks ), Some of the ports are ( and IP addresses )...

71.232.95.92 port 15118
61.180.228.245 port 4081
61.180.228.245 port 1030
61.156.42.103 port 4081
202.97.238.131 port 4081
24.68.193.101 port 4899
24.64.102.115 port 4899
222.231.24.219 port 4899
33.209.66.211 port 1025
144.92.25.84 port 1025
70.167.254.214 port 1025
220.21.47.42 port 1025
60.161.192.2 port 9898

The 4899 port is troublesome because it's a Remote Administrator exploit ( which I did get at one time on my server )...

This the incoming log on my router...

FWIW...

[edit on 30-4-2006 by Jedi_Master]

reply posted on 30-4-2006 @ 05:04 PM by twitchy

I mentioned something similar a while back and was called a disruptive element. Glad to see it being addressed a little more calmly this time.

reply posted on 30-4-2006 @ 05:32 PM by St Udio

~~

its strange...youse guys were getting pinged
and i wasn't until yesterday, 29 april, now its a regular event about every 20-30 seconds.

i reckon, everyone will get a turn as the merry-go-round brings the brass ring
around to each of us.

the main thing that irks me is that when they spray my PC with that ping...
the keystrokes get knocked off, and i have to move the curser & click to
continue my reply...its happened 3 times already as i'm typing this messa

(there it goes again) message !

make that 4 times end of reply

reply posted on 30-4-2006 @ 05:35 PM by ThePieMaN

The only problem I have been seeing is that while posting a message the ad is refreshing and causing the cursor to reset or move sometimes, so say if Im plaving a quoted text somewhere it will move the text to the bottom of the message instead of where the cursor was currently placed at. On the bottom in the status bar it is reloading the page www.abovetopsecret.com... for some reason

Just as an FYI fastclick is generally banned in the host file if you use certain anti-spyware software that sets fastclick in the hosts file to 127.0.0.1 on loopback

reply posted on 30-4-2006 @ 05:39 PM by niteboy82

I really do like to be able to jump between this and other active programs that are constantly connected to the net. I don't want to give up either this or the other, but it slows me down with this adserver. I'm happy to know I'm not the only one. Is there a way to simply block this from happening, or would that mess everything up on my computer?

reply posted on 30-4-2006 @ 05:42 PM by SkepticOverlord

I need to create a FAQ on these sorts of things, it comes up over and over again.

Our server is configured to attempt to connect to you via multiple ports/connections. This is the most efficient way to send you a complex web page... for example, if we open 10 connections on 10 different ports and stream you HTML and images through these parallel connections, it's much more efficient than one connection. Hyper-sensitive firewall settings can interpret this type of access as a "port scan" or intrusion attempt because you suddenly receive more than one connection from one source.

Jedi_master...
None of these are connected to ATS in any way...
202.97.238.131 port 4081 --> Hei Long Jiang province education committee
61.180.228.245 port 1030 --> Qing An Zhang Hong Wei netbar
71.232.95.92 port 15118 --> Comcast Cable Communications, Inc
222.231.24.219 port 4899 --> madness
70.167.254.214 port 1025 --> Cox Communications Inc
It seems your IP is getting some odd activity. Send me a u2u as to who your provider as and I can look up a couple things for you.

twitchy...
Yes, I've considered you exceptionally disruptive for not accepting a common sense explanation here:
ATS Installs Dos Application??
And for some odd reason, escalated here:
NSA Web Site Puts 'Cookies' on Computers
If you're making baseless accusations about the operations of ATS, even when the reality was explained to you, it certainly comes across as an attempt at pure disruption. I'm wide open to learning different, but the surface story tells me otherwise.

In any event, we've always, and will always respond quickly to any member concerns over these types of issues on ATS. We've always understood our member's concerns for their computing privacy (we don't keep server logs) as well as sensitivity to computer security. If any of our advertising networks is doing something funky, we need to know as we will call them to task and disable their ads.

We've also assigned a refresh to the ad server to display a new ad every 40-50 seconds... this might be way your suddenly seeing pings while sitting idle.

reply posted on 30-4-2006 @ 05:46 PM by apc

point fastclick.net to 127.0.0.1 in your hosts file. If theyre trying to talk to something on your computer (cookie, trojan, spyware) nothing will be able to get to them.

And just firewall the upper ports and forget about them. a hardware firewall is best. One of those little blue linksys routers are cheap and easy for home users. Otherwise a software firewall running on the computer will do, but is easily compromised.

reply posted on 30-4-2006 @ 06:42 PM by Jedi_Master

Originally posted by SkepticOverlord
Jedi_master...
None of these are connected to ATS in any way...
202.97.238.131 port 4081 --> Hei Long Jiang province education committee
61.180.228.245 port 1030 --> Qing An Zhang Hong Wei netbar
71.232.95.92 port 15118 --> Comcast Cable Communications, Inc
222.231.24.219 port 4899 --> madness
70.167.254.214 port 1025 --> Cox Communications Inc
It seems your IP is getting some odd activity. Send me a u2u as to who your provider as and I can look up a couple things for you.

Howdy SO...

Ya those may have not have originated from ATS, but I got them when I was logged on to ATS, but it doesn't explain the other 6 addresses and ports...

But the others I think did originate from ATS, and the 4899 port worries me, I didn't really start looking into it untill I noticed my out going log ( on my router ) from ATS started growing from normal ( about every 60 seconds there is a new log entry from ATS and Fast click, servedby.adversitising.com, as.casalemadia.com ect ) ...

Most of these could be from cookie updates like you said but the ports are suspicious ( the cookie updates I've seem are from port 80 )...

No big deal for me though after the hack from Remote Administrator on my server( this was from another site ) I've learned my lesson and now I've blocked all access to those ports, and all other ports that could cause a problem, but my router still records them...

I'm going to continue to monitor this and let yoiu know what I find...

Here is a capture of my incoming log for the past couple of hours ( and I'm only logged on to ATS and my email )...

reply posted on 30-4-2006 @ 09:54 PM by XphilesPhan

yes I am actually receiving DOS attacks from ns1.denyignorance.com which I think is ATS's root server.

Skeptic, is it possible someone is spoofing the address to make it appear ATS is responsible?

I think the adminsistrator of the server is screwing with me, because I did run a scan of ns1.denyignorance.com and immediately afterwards, or within an hour I received numerous DOS attacks that failed.

are we in a cyber war?

reply posted on 30-4-2006 @ 10:07 PM by SkepticOverlord

Originally posted by XphilesPhan
yes I am actually receiving DOS attacks from ns1.denyignorance.com which I think is ATS's root server.

Please read above... no you're not.

I think the adminsistrator of the server is screwing with me, because I did run a scan of ns1.denyignorance.com and immediately afterwards, or within an hour I received numerous DOS attacks that failed.

Our anti-DOS firewall likely categorized your scan as an attack and responded by sending cookies to slow you down... comon anti-DOS tactic.

reply posted on 30-4-2006 @ 10:23 PM by WolfofWar

The Funkometer on my GPS systems on the CPU of my machine is telling me that my dorrito chip processor is getting pinged by DAWG attacks and am being implanted with B.O. packages. And one of those packages has some sort ofo white powder in it.

I have no idea what any of you guys are talking about, infact, all I know is if I push the power button, my computer magically turns on. I dont know exactly how, but I think it involves gnomes. Also, unrelated issue, but the coffee cup holder that comes out of my computer box seems to have broken when I actually put my cup on it; does this mean it was faulty?

reply posted on 30-4-2006 @ 10:23 PM by XphilesPhan

ok thanks skeptic......

reply posted on 30-4-2006 @ 10:31 PM by SimonGray

I feel really bad for S.O. as he seems to have to answer this every couple weeks.

We all have firewalls on our computers nowadays, we all have anti-virus software (if you don't people, do it!)...

But when it comes down to it, these programs are basically knowledge bases acting on logic. They compare stored information against data it is provided.

You're firewall may be saying ATS is "launching a DOS attack" but S.O. has explained very clearly that it's not, and the reason why your software is giving you the warning.

If you were to run a PC for a good few weeks without either firewall/anti-virus software (I have....) and then install them after you've been running your favourite/normal software for this time, you'll be getting warnings everytime you launch a multiplayer video saying that it is trying to access your computer in an unauthorised manner. The same goes for MSN, Windows Media Player, Limewire, Kazaa, Google Earth, Adobe Update, etc......

twitchy - Your continued negative attitude is really beginning to annoy the heck out of me. You've received the same public response to your queries about this in past. I don't see why you should even be on this website, all you do is openly moan about our inability to satisfy your every complaint.

Let me spell this out to you personally:

If you dont like how ATS is managed - go somewhere else!

reply posted on 30-4-2006 @ 10:37 PM by XphilesPhan

True and I appreciate SO answering our questions and im not trying to come off with a bad attitude....

probably just twitchy software.....

Pages: ^^TOP^^