Anyone know why the MOD the US Military and China are trying to access my laptop?

I've been running peer guardian for a while now and only recently noticed the University of California, Office of the President being blocked


I ran a quick IP trace and found the following :
OrgName: University of California, Office of the President
OrgID: UCOP
Address: Information Resources and Communications
City: Oakland
StateProv: CA
PostalCode: 94612-3550
Country: US
NetHandle: NET-169-229-0-0-1
Parent: NET-169-0-0-0-0
NetType: Direct Allocation

also the University of British Columbia

OrgName: University of British Columbia
OrgID: UBC-3
Address: 6356 Agricultural Road
City: Vancouver
StateProv: BC
PostalCode: V6T-1Z2
Country: CA
NetHandle: NET-142-103-0-0-1
Parent: NET-142-0-0-0-0
NetType: Direct Assignment

Now to me it seems the Uni of BC was given a direct assignment (NetType) to perhaps read thru my browser history specifically when I search for John Lear my peer guardian blocks Uni of BC. Interestingly a few government IP's will try and get thru peerguardian and my firewalls at least once a day

I've noticed over the years as a beta tester for PG both 1 & 2 that when creating the halt lists (blocking filters) we are a bit paranoid. The reason why AboveNet Communications specifically is blocked is due to them being a partner (out of necessity and lawsuit) with MediaSentry (a very unpopular anti p2p organization) basically what they do is query the internet connections that are coming into AboveNet's lines i.e. most of the internet anymore. Also most major ISPs are connected in circuit with a lot of AboveNet's servers to reduce lag and server pressure.

As far as the military IPs go for those are just safety precautions, most military bases have the internet held behind a filter, through PeerGuardian it sees those IPs (AAFES hosts their own internet service on a lot of bases) and blocks them automatically.

Overall anytime you are on the internet (which on broadband internet is all the time) you will have pings most likely from those, unless of course you enable further hard blocks on your router/firewall. Personally, I wouldn't do the aforementioned unless you absolutely want to be safe. But to each their own.

Hope that helped a little bit, any other questions should be inquired on the PG forums.

yesterday
06:38:21 Headquarters, USAAISC 164.170.203.130:31261
07:23:08 Boeing Computer Services 136.240.230.207:31261
23:55:07 DoD Network Information Center 30.69.216.79:31123
Today
01:39:34 Naval Air Station 138.160.94.112:30847
01:54:30 DoD Network Information Center 55.102.78.48:30847
02:09:25 Randolph Air Force Base 131.44.56.179:30847

any comments...should i be worried or anything?

[edit on 10-1-2008 by Maya432]

reply to post by Hope_for_reason


Windows XP Firewall is useless! If you want a good free firewall use Zone Alarm or even Sygate Personal Firewall.
XP firewall doesn't block outgoing connections!!!!!!
Those Chinese IP adresses are just part of the regular espionage traffic that comes out of China daily.
China is the largest Cyber-Attack nation in the world.
Install a decent firewall, block Ports 135 (UDP & TCP), Ports 139, 445, 137, 138, 3389, 2869, 1900 and Port 445.
This stops all the Windows Services like Remote Desktop, Remote Registry, DCOM, MS DTC, Messenger etc.. from binding NETBIOS to TCP/IP and openening your computer to the world.
Windows is Swiss Cheese!!!!
Hope this helps.

I read this thread with interest, as I saw all the same on my computer. It you call the DOD admin abuse they tell you it is Spoof, and that hundreds of thousands of .gov names are spoofed. I used LanMan, Zone Alarm Pro, etc. and saw all the same that is listed in others posts here.
Wanna know how to end it?
The solution is simple, and really has made me feel good (took away much paranoia!!)...
Install PCLinuxOS and then..Be Happy!
My net experience is totally smooth now-everything works so much better- quicker-there have been no limitations in any applications I use, and I even game on Linux, playing Enemy Territory.
And, I tell you, it is a good feeling knowing Bill isn't around anymore. No more .exe,s!
Before me, a poster said "Windows is like Swiss Cheese" I certainly agree!
Six months now, of pure pleasure and no trouble. No viruses, pop ups, etc. Also, I use Gmail as primary, because it is virtually spam and bs free. Use Linux, Gmail, stay in a guest account while online, and you will end the paranoia and distraction.

I did not see this post before I downloaded PeerGaurdian 2, but I too have been getting tons of multiple pings to my computer. what brought me here was AAFES/Barracks. Not to mention China, Taiwan, Russia, Poland, research centers, Universities (one called Guleph ????) anyway I just downloaded it last night and this mourning (I just wished PeerGaurdian had a counter ) but the scroll bar tab is "small" to give you an idea. This is just one night. Did anyone find out why the constant pings from the same ones if it failed to block on the first attempt. I agree it makes you wonder why!!! I downloaded this software in the first place because a state computer said I sent a virus. Now that is one thing that really tics me off and like others is being accused of sending a virus. Anyway I thought I was very secure with my firewall, Norton, careful on opening up emails only from the people I know, having my ISP catch virus attempt emails on their servers for me. Even running full system scans twice a week, and still no viruses found. Yet after PeerGaurdian was installed well no wonder, so is there any other software that could be helpfull in blocking out intruders?

The AAFES is the one I would worry about most.

They have an awful lot of computing power in very secure locations for a gas station chain. Of course they do sell beer and ciggaretts too!

Ok, I was cruising around and noticed PG blocked Islamic Republic of Iran Broadcasting Branch of Birjand 78.38.123.18 . So I Googled it and shortly afterwards I noticed AAFES/Barracks 205.246.153.252 and the USAAISC Headquarters.
Any thoughts?

Ok the thing with Peerguardian and their lists is they are extremely paranoid and I mean extremely if they are suspicious of one IP they are more than likely to block that whole netblock.

What this basicly means is most of the hits you think are Government and Organisations are more than likely just unlucky IP's that happened to be on the same block.

But at the same time it's better to be safe than sorry so I think they are taking the right approach but I wouldn't worry to much about any you read the vast majority will be mistaken identity and at least you know it's working.



[edit on 17-9-2008 by Teknikal]

Originally posted by Hope_for_reason
Thanks for all the replys, you guys seem to have a good idea what your on about so I have to say my original concern as seomwhat declined.

I have managed to get a screen capture though just to proove it really was saying MOD. I havent had any attempts now for a few hours so hopefully its all over.

The whole thing as really opened my eyes up to how unsecure the internet really is. kind of worrying really, and like what smokeyjo said. What are the real big corperations like Microsoft up to and what can anyone really do about it??

Regards

Paul

I'm glad you posted that. 192.168.x.y is your INTERNAL address. It is the IP address of the computers on your home network. 192.168.0.x is NOT routable on the internet. Most ISPs will explicity disallow this to be routed over the internet. Also 10.x.y.z and 172.16.x.y are addresses that are considered "private" IP addresses, and won't be routed by the internet. (Edit to add for clarification: At some point, your hardware or software will change this IP address to a public IP address so that it CAN be routed over the internet.

You misunderstood your program. It isn't saying that the MOD is contacting your computer. YOUR COMPUTER IS CONTACTING SOMEONE IN THE MOD!!!!

In your program the "source" is where it is coming FROM (i.e., who is starting the "conversation"). The destination is where the information is going TO (who is receiving the "conversation").

I'd blow away everything on your computer, reformat, and reinstall your software. You have, AT BEST, a trojan/virus. At worst, the government has software on it that is spying on you.

[edit on 17-9-2008 by sir_chancealot]

reply to post by SmokeyJo


for what it is worth www.eventid.net picks up the ip 194.126.213.78 as follows :
Location:
Country: Croatia (HR)
Region: 21
City: Zagreb
Postal code:
ISP: Ministry of Defence
Organization: Ministry of Defence
i just thought i would reply as there seemed to be some debate as to wether or not the ip was for real and as far as i can tell it's real if still worried about ip's they can be checked here www.eventid.net...