Dear LW Folks

I have recently installed Peer Guardian (V1.99b r14) and found out that my PC is under attack from far more than just criminals and miscreants.

Believe it or not PG reported that NASA, Microsoft (UK), a scientific institute and some other sites trying to get into my computer.

Now why does these "agencies" and fakers want rummage around inside my (and all of our) PCs?



UK Bob

When I 1st read your post I thought hey ... but I've seen other reports that suggest it's very good.

http://www.techzonez.com/forums/showthread.php?t=4160

Crappy Spywares that are spies & supplementary
Sneaky devils! Here's some other comments I read:


Tweakers Tip: Block the RIAA

PeerGuardian is a free program that hides your file sharing from known RIAA informants.

You have a firewall to keep out hackers, so why not have a firewall to keep out the RIAA? If you're running Windows, PeerGuardian does just that.

Keep RIAA informants off your case
Each time you launch PeerGuardian, it downloads the latest list of known RIAA informants and blocks them from connecting to your computer. The list contains hundreds of known IP-address ranges the RIAA has used to catch file swappers.

Does PeerGuardian offer 100 percent protection? No. If an unknown RIAA informant sneaks through, you're still busted.

Remember, the best way to not get caught is to not share pirated files. Support the musicians or movies you love and pick up a CD or DVD. Then share it. (Just kidding.)

Get PeerGuardian now. It's free! Is a tiny firewall program especially designed for P2P software users

PeerGuardian is a tiny firewall program especially designed for P2P software users, but also to anyone who is concerned about the investigations that corporations and authorities perform on the internet. PeerGurdian blocks connections for the configured IP ranges and logs the blocked connections. It uses an online IP database for the blocking, but IP ranges can also be configured manually. Pre-cofigured for blocking are RIAA, MPAA and many others.

Dear LOTR (and others interested in PC Security)

I have just gone through my Peer Guardian log and found that the following organisations tried repeatedly, and failed, to connect themselves to my PC:

Naval Research Laboratory Stennis Space Center Bay, National Aeronautics and Space Administration (NASA), NHI-NETWORKS-FAKES, City of Halifax, Myrias Computer Technologies Inc Canada, Communications Resources, United States Navy, National Science Foundation, INRIA, FTP Software Inc., MCA, Microsoft London Internet Data Center and RealNetworks Inc.

I ask these questions knowing that I will never get an answer but why would NASA, the US Navy, some computer company in Canada, etc. want to look at my PC? What right do they have to try and invade my privacy?

It is bad enough that I have to try and protect myself from criminals, phisers and hackers but now I have to protect myself from foreign (US and Canadian) agencies and companies.

This just makes me feel sick.




UK Bob

Hmmm surprised here are the results I got:

Connection Rejected: 131.107.102.76 - Microsoft Corp trackers 2 AP2P (02-20-2005 @ 09:22:00)
Connection Rejected: 12.220.190.60 - National Aeronautics and Space Administration AP2P (02-20-2005 @ 09:32:58)
Connection Rejected: 12.220.190.60 - National Aeronautics and Space Administration AP2P (02-20-2005 @ 09:32:58)
Connection Rejected: 12.220.198.132 - National Aeronautics and Space Administration AP2P (02-20-2005 @ 09:50:36)
Connection Rejected: 199.126.36.102 - City of Halifax CITY-HALIFAX-NS-CA (NET-199-126-28 (02-20-2005 @ 09:59:49)
Connection Rejected: 12.214.28.86 - INRIA AP2P (02-20-2005 @ 10:00:02)
Connection Rejected: 12.214.28.86 - INRIA AP2P (02-20-2005 @ 10:04:39)
Connection Rejected: 12.220.229.154 - Naval Research Laboratory Stennis Space Center Bay (02-20-2005 @ 10:06:13)
Connection Rejected: 12.214.45.166 - INRIA AP2P (02-20-2005 @ 10:13:01

Thanks for the tip ukbobboy01

__________________
The Forum Search is easy to use
Upper right of this page between f.a.q. and home

WindowsXP MCE sp2
P4 3.0 Ghz HT
4 Gb DDR2 @ 533 Mhz

Installing PeerGuardian now

__________________
1.1GHz PIII
256Megs
512Kbps
250GB

Anyone got a link for PeerGuardian? I googled it but got confusing results. As in didn't see any that were free.

Here is the link. http://www.methlabs.org/methlabs.htm

Just chose the one for your operating system.

__________________
The Forum Search is easy to use
Upper right of this page between f.a.q. and home

WindowsXP MCE sp2
P4 3.0 Ghz HT
4 Gb DDR2 @ 533 Mhz

I can't seem to find/pull up perr guardian.

Try Peerguardian (click on link) FREE Download

I would say that most of those reports are false alarms. Most of the time those agencies aren't actually trying to connect to your computer. It's probably mostly just port scanning. It is someone on a PG blacklisted IP range ping-sweeping the IP range you are on. It seems that the purpose of that would be to se all of the computers that have port 6346 open. Take a look at this to keep track of what ports are active on your machine. As long as you have a good firewall (ZoneAlarm, Black Ice, Sygate...), PeerGaurdian, and the Active Ports tool you should be safe from prying eyes. Just remember, don't get too alarmed over what you see on the logs of ZoneAlarm or PeerGaurdian. Good luck.

deepblue

__________________


"THEY WHO WOULD GIVE UP AN ESSENTIAL LIBERTY FOR TEMPORARY SECURITY, DESERVE NEITHER LIBERTY OR SECURITY."
--Benjamin Franklin

deepblue

What you have just said has a certain ring of truth and I would like to believe that all these foreign government agencies, local/city authorities, colleges, etc. are just port scanning my IP address (or scanning a range of IP addresses).

However, just seeing if you have port 6346 open doesn't seem to tell the whole story because if my port is open then what business is it of theirs? It seems to me that the reason for port scanning is just not only to see if ports are open but to look for vulnerable PCs to infect with a Trojan, that way your activities can be monitored and a report sent back to the Trojan's originator.

Port scanning for port scanning sake makes no real sense for statistical purposes only, therefore I feel that there must be some other motive behind their constant port scanning activities.

Finally, I will take your advice and not get too alarmed by what my various logs tell me, now that I have PeerGuardian.




UK Bob

Yes there is. They port scan to find IP addresses with port 6346 open. Any computer that returns a SYN/ACK or ACK packet (or an RST, PSH, or FIN packet depending on the type of scanning they are using) gets thier IP address added to a list. From there it can be used for just about anything. The agencies can use it see how many files you are sharing, and what they are. Or they can use the open port to deliver advertisments, spyware, or even gain unauthorized access to your computer. The job of a firewall and PG are to close/monitor open ports, and block all incoming TCP packets from prying agencies. I hope this helps.

deepblue

__________________


"THEY WHO WOULD GIVE UP AN ESSENTIAL LIBERTY FOR TEMPORARY SECURITY, DESERVE NEITHER LIBERTY OR SECURITY."
--Benjamin Franklin

Dear All

Over the past few days (21, 22 April) the PeerGuardian block list server was down, at the time I did not realise this and started my usual (early) weekend P2P-ing

Friday morning I noticed that MS AntiSpyware found five instances of NS Keylogger on my PC, two of those instances I now believe were false positives (uninstallers):

C:\Program Files\PeerGuardian2\unins000.exe
C:\Program Files\SpywareBlaster\unins000.exe

However, the other three instances cannot be dismissed as easily, leading me to suspect that one of those "agencies" that are constantly crawling down the 6346 port, and are usually kept out by PG2, probably planted this keylogger.

I believe I made a silly mistake in not realising that the block lists that my copy of PG2 used were solely online, so when the PeerGuardian server went offline, a window of vulnerability opened on my PC.

I have now nailed this window shut, and in order to protect my PC, by updating my PG2 with locally installed block lists (from Blocklist.org) now I am no longer dependant on the online lists as I was (unknowingly) before.





UK Bob

Hi
Peerguardian sounds interesting but a question ? can I use it alongside my McAfee Firewall.
Your help would be appreciated.

hitbit

Hitbit

I use PeerGuardian along side Norton Personal Firewall 2005 so there should be no problem with McAfee or any other Firewall.



UK Bob