Are web sites attacking us even AFTER we disconnect from them?

Are web sites attacking us even AFTER we disconnect from them?

Can someone else verify (& perhaps explain) what's going on here?

My test:
1. Set PeerGuardian (PG2) freeware to "Block HTTP"
2. Point your browser to a suspect site such as www.onlyteenstgp.com
3. Do you see many blocks of "Beyond The Network America, Inc"?
4. Now press the PG2 "Allow HTTP" button (wait about ten or twenty seconds)
5. Then press "Block HTTP" and you'll again see the blocked connections
6. These blocked connections continue until you change your IP address
7. Only then do these blocked connections cease to arrive

My hypothesis:
- The bad guys target your IP even after all communications cease.
- I presume they are looking for weak ports.
- When I change my IP address, they lose me & that's why it stops.

My question:
What is going on?
Are web sites attacking us even AFTER we disconnect from them?
What are they trying to obtain from us?
Why didn't my firewall stop this (why does PG2 only stop this)?

Re: Are web sites attacking us even AFTER we disconnect from them?

On Sun, 9 Sep 2007 08:56:50 -0700, Andrea Otto wrote:
I skipped an important step which was to close your browser down.

1. Set PeerGuardian (PG2) freeware to "Block HTTP"
2. Point your browser to a suspect site such as www.onlyteenstgp.com
3. Do you see many blocks of "Beyond The Network America, Inc"?
4. Now press the PG2 "Allow HTTP" button (wait about ten or twenty seconds)
5. Then press "Block HTTP" and you'll again see the blocked connections
5.5 CLOSE YOUR BROWSER!
6. These blocked connections continue until you change your IP address
7. Only then do these blocked connections cease to arrive

Even with no browser running, the connections from them continue to be
blocked by PG2. The connections from them only cease when you change your
IP address.

What is going on?
Why didn't my firewall settings prevent this kind of attack?
Are rogue web sites mining your IP address and then "attacking" somehow?
Is there some other way to verify other than PG2 log files?

In summary,
Are web sites attacking us even AFTER we disconnect from them?

Re: Are web sites attacking us even AFTER we disconnect from them?

Post removed (X-No-Archive: yes)

Re: Are web sites attacking us even AFTER we disconnect from them?

On 9 sep, 17:56, Andrea Otto wrote:

>
> Can someone else verify (& perhaps explain) what's going on here?

> 2. Point your browser to a suspect site such aswww.onlytee..

Idiot.

--
Rodney

Re: Are web sites attacking us even AFTER we disconnect from them?

On Sun, 09 Sep 2007 16:03:03 GMT, Andrea Otto wrote:
> Are web sites attacking us even AFTER we disconnect from them?

Yes. Of course they are. I'm not an expert but no firewall can protect you
on the Internet and there is no freeware known to man that tracks the
connection attempts made to the thousands of ports to your computer.

Even legitimate sites do this all the time!

You can repeat your experiments with Disney or the NY Times or even
Newsweek and you'll see the same affect.

They "remember" your IP address and then send "things" your way even after
you've changed the browser connection.

It's just the way it is and you may as well sit back and enjoy it.

Re: Are web sites attacking us even AFTER we disconnect from them?

Andrea Otto wrote:

> Are web sites attacking us even AFTER we disconnect from them?
>
> Can someone else verify (& perhaps explain) what's going on here?
>
> My test:
> 1. Set PeerGuardian (PG2) freeware to "Block HTTP"


I cannot even install this shit on a test machine.

> 2. Point your browser to a suspect site such as www.onlyteenstgp.com


What exactly makes this site suspect?

> 3. Do you see many blocks of "Beyond The Network America, Inc"?


No. Anyway, why should I care?

> 4. Now press the PG2 "Allow HTTP" button (wait about ten or twenty seconds)
> 5. Then press "Block HTTP" and you'll again see the blocked connections
> 6. These blocked connections continue until you change your IP address
> 7. Only then do these blocked connections cease to arrive


Well, most likely this is due to HTTP being based on TCP, which is stateful.
If you incompetent fool simply drop the connection, you shouldn't wonder for
resent packets until the timeout drops in.

> My hypothesis:
> - The bad guys target your IP even after all communications cease.
> - I presume they are looking for weak ports.
> - When I change my IP address, they lose me & that's why it stops.


Your hypothesis is obviously bullshit.

> My question:
> What is going on?


An expected technical behaviour.

> Are web sites attacking us even AFTER we disconnect from them?


They don't attack you.

> What are they trying to obtain from us?


Nothing.

> Why didn't my firewall stop this (why does PG2 only stop this)?


Consider your deep lack of understanding about simply network protocols, and
having successfully infected your machine with the well-known malware
"PeerGuarding", I doubt that you have any working firewall concept.

Re: Are web sites attacking us even AFTER we disconnect from them?

Post removed (X-No-Archive: yes)

Re: Are web sites attacking us even AFTER we disconnect from them?

Casey wrote:


>> Yes. Of course they are. I'm not an expert but no firewall can protect you
>> on the Internet and there is no freeware known to man that tracks the
>> connection attempts made to the thousands of ports to your computer.
>>
> I would like to make one correction to your statements.
> Sygate Firewall has an outstanding Traffic Log. When your computer
> is on line, it lists the following:
> 1. All connections and attempted connections incoming and outgoing.
> 2. It lists local and remote IP numbers of these sites.
> 3. Specifies protocol ie, TCP, UDP, and ICMP.
> 4. List port numbers.
> 5. Lists software making your own outgoing connections.
> 6. Gives time/date.
> 7. Indicates allowed or blocked.
>
> If fact, there is not much else it could report.


Unless you'd consider packet content and state information as useful.

And unless you actually want to use that machine for anything but testing.
Why else would someone intentionally install this defective software?

Re: Are web sites attacking us even AFTER we disconnect from them?

On Sun, 09 Sep 2007 20:03:24 +0200, "Sebastian G." wrote:


>If you incompetent fool simply........

s/fo/to/
--
?¡aah, los gringos otra vez!?