HOW in the HELL did they FIND me?

Post removed (X-No-Archive: yes)

Re: HOW in the HELL did they FIND me?

In article , Chilly8 wrote:
>In the past hour or so, since my proxy appeared in some
>of the major lists, my server is been JUMPING with
>connections to my proxy, and many of them from
>corporate addresses ALL OVER the United States
>and Canada. From just ONE workplace, there have
>been DOZENS of connections going to my Tor entry
>proxy. I had 14 workers are one company, in New
>Hampshire, connecting to my proxy at once. This one
>company in NH that has a subscription online gaming
>service has 6 active connections to my proxy right now,
>as I am writing this.

Based upon your Subject, you appear to be a bit annoyed at this
mass use of your system resources. If so, then you should not be,
since you have made it clear that you consider use of network
resources without specific authorization to be valid and justified
and not a crime or punishable as long as no password was broken.
It was, in your framework, your fault for failing to lock down your
access sufficiently, not anyone's fault for taking advantage of
that insufficiency.

Re: HOW in the HELL did they FIND me?

Post removed (X-No-Archive: yes)

Re: HOW in the HELL did they FIND me?

Chilly8 wrote:
> My proxy was found by script-kiddies, using port scanning, and is
> now in a lot of public proxy lists.

Tough.


> I thought that by keeping my proxy AWAY from ports 80, 81, 1080, 3128,
> 8000, 8080, 8081, 8118, or 9050, someone using proxy scanner would
> NOT find my proxy.

Well now you know it's not true, don't you.


> I am only a Tor entry proxy, which allows people from any
> environment, where the machines are locked down, to
> be able to get onto the Tor network [...]

You're complaining about people (mis)using your connection's resources
when you actively enable other people to misuse their (corporate)
resources?

Doesn't that strike you as a little, um, hypocritical?
Chris

Re: HOW in the HELL did they FIND me?

Walter Roberson wrote, On 10/01/08 23:46:
> In article , Chilly8 wrote:
>> In the past hour or so, since my proxy appeared in some
>> of the major lists, my server is been JUMPING with
>> connections to my proxy, and many of them from


> Based upon your Subject, you appear to be a bit annoyed at this
> mass use of your system resources. If so, then you should not be,
> since you have made it clear that you consider use of network
> resources without specific authorization to be valid and justified
> and not a crime or punishable as long as no password was broken.
> It was, in your framework, your fault for failing to lock down your
> access sufficiently, not anyone's fault for taking advantage of
> that insufficiency.

Well, I hope it ups Chilly's internet charges.
--
Flash Gordon

Re: HOW in the HELL did they FIND me?

Post removed (X-No-Archive: yes)

Re: HOW in the HELL did they FIND me?

Post removed (X-No-Archive: yes)

Re: HOW in the HELL did they FIND me?

"Chilly8" writes:

> My proxy was found by script-kiddies, using port scanning, and is
> now in a lot of public proxy lists. While I advertise my proxy
> on my web site, I took great care to keep it OFF the myriad
> of public proxy lists, so I would not show up in any proxy
> blacklists. I thought that by keeping my proxy AWAY
> from ports 80, 81, 1080, 3128, 8000, 8080, 8081, 8118,
> or 9050, someone using proxy scanner would NOT find my
> proxy.

You were wrong. :-\

You've learned (the hard way) the security addage "Security through
obscurity is neither as secure nor as obscure as you'd like to
imagine."

> I always thought that the hacker toolz for that scanned for open
> proxies would ONLY use those afforementioned ports, and proxies on
> ports other than those, would NOT be found by the script kiddies.

Nope.

nmap -sV (as just one example) does service fingerprinting, poking at
the port with a variety of greetings looking for it to respond to one.

Surely someone has cut down such functionality to simply look for
things matching a proxy fingerprint and turned it loose on ip address
ranges and looking at all ports.

> I cannot figure out how my proxy could be found through
> scanning toolz, which I specifically keep it OFF the
> ports that proxies typically use, so that I will NOT be scanned,
> and appear in any of the proxy lists.

If you offer a service on a port publicly, it will be found. Without
restricting connections by IP, requiring authentication somehow, or
port-knocking to dynamicaly open it up, I'm not sure how you'll stay
off the lists. The cats kinda out of the bag, I'm afraid.


Best Regards,
--
Todd H.
http://www.toddh.net/

Re: HOW in the HELL did they FIND me?

Chilly8 wrote:

> They will see 300K from a server in France (I
> now have my server at a colocation facility
> in France), but will have no CLUE to what
> that person was doing.
..
..
The IT department at my work would be positively livid at that amount
of bandwidth being used outside of authorized FTP transfers. I can
guarantee that they would cut off internet access to that workstation
very quickly, and the employee doing so would have a second, and
possibly third asshole. Most likely fired, too. I could see warnings
about listening to music while doing work, but its hard to do work while
watching TV...

Re: HOW in the HELL did they FIND me?

On Jan 11, 8:26 am, "Chilly8" wrote:
> My proxy was found by script-kiddies, using port scanning, and is
> now in a lot of public proxy lists. While I advertise my proxy
> on my web site, I took great care to keep it OFF the myriad
> of public proxy lists, so I would not show up in any proxy
> blacklists. I thought that by keeping my proxy AWAY
> from ports 80, 81, 1080, 3128, 8000, 8080, 8081, 8118,
> or 9050, someone using proxy scanner would NOT find my
> proxy. I always thought that the hacker toolz for that scanned
> for open proxies would ONLY use those afforementioned
> ports, and proxies on ports other than those, would NOT be
> found by the script kiddies.

You have published on your web site. Just google for proxy and search
the results for URLs or similar and someone will find it. Or someone
accidentally found your web site and entered it manually. Or your IP
address (do you have a static or dynamic one) had been fully scanned
for open ports and after you know all open ports it is very easy to
identify the major services on those ports (HTTP/S, SMTP/S, POP/S,
IMAP/S, etc.)

[interesting things on traffic through proxy]

Sidenote: those things you have found out about the people who use
your proxy (and you could find out more about them) are exactly the
reason why in general proxies won't really help you with anonymity
unless you fully trust the person who runs the proxy. But we had this
discussion just a short while ago...

Gerald

Re: HOW in the HELL did they FIND me?

In article , chilly8@hotmail.com says...
> My proxy was found by script-kiddies, using port scanning, and is
> now in a lot of public proxy lists. While I advertise my proxy
> on my web site, I took great care to keep it OFF the myriad
> of public proxy lists, so I would not show up in any proxy
> blacklists. I thought that by keeping my proxy AWAY
> from ports 80, 81, 1080, 3128, 8000, 8080, 8081, 8118,
> or 9050, someone using proxy scanner would NOT find my
> proxy. I always thought that the hacker toolz for that scanned
> for open proxies would ONLY use those afforementioned
> ports, and proxies on ports other than those, would NOT be
> found by the script kiddies.

And we keep telling you that you don't know anything about networking,
don't know anything about security, don't know anything about anything
you post here about - but you won't listen to us.

It's simple to find anything running on a server/network, you're just
too stupid to be ethical and it's going to get you found every time.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: HOW in the HELL did they FIND me?

In article , chilly8@hotmail.com says...
> Its the fact that I will likely be placed in the proxy
> blacklists. The various proxy lists are where the blacklists are
> compiled from, and I will likely be blocked at many corporations
> within the next few days.

LOL, and you were already blocked by most corporations, as most of them
have properly secured networks.

So, for the numbers of companies that use block lists, you will now show
up on theirs too, but the sad part is that many companies don't lock
down their networks well enough.

I hope that the group that found you continues to scan for your services
(not that they care about you actually) and post it in block lists.

Network admins have a right to block content from their networks, and
you content is the best type to block.


--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: HOW in the HELL did they FIND me?

Post removed (X-No-Archive: yes)

Re: HOW in the HELL did they FIND me?

Hi,

Chilly8 schrieb:
> I thought that by keeping my proxy AWAY
> from ports 80, 81, 1080, 3128, 8000, 8080, 8081, 8118,
> or 9050, someone using proxy scanner would NOT find my
> proxy.

Wrong.


> I cannot figure out how my proxy could be found through
> scanning toolz, which I specifically keep it OFF the
> ports that proxies typically use, so that I will NOT be scanned,
> and appear in any of the proxy lists.

Easy.

scan over IP addresses
(for found IP-adresses) Scan over ports
(for open ports) analyse protocol signature

Cheers,
Jens

Re: HOW in the HELL did they FIND me?

On Fri, 11 Jan 2008, in the Usenet newsgroup comp.security.firewalls, in article
<0dqi55xrap.ln2@news.flash-gordon.me.uk>, Flash Gordon wrote:

>Walter Roberson wrote, On 10/01/08 23:46:

>> In article , Chilly8 wrote:

>>> In the past hour or so, since my proxy appeared in some
>>> of the major lists, my server is been JUMPING with
>>> connections to my proxy, and many of them from

but it's OK, because they're encrypted, and you and your imaginary
engineers will NEVER KNOW what's in the traffic - and will just
ignore it.

>> Based upon your Subject, you appear to be a bit annoyed at this
>> mass use of your system resources. If so, then you should not be,
>> since you have made it clear that you consider use of network
>> resources without specific authorization to be valid and justified
>> and not a crime or punishable as long as no password was broken.

Of course - now mommy is going to be angry with him, and might start
restricting his access to the computer - he won't be able to watch
those girl figure-skates who wear those short skirts so you can see
their legs when they spin, or stretch out and glide.

>> It was, in your framework, your fault for failing to lock down your
>> access sufficiently, not anyone's fault for taking advantage of
>> that insufficiency.

but it's all encrypted, and he has NO IDEA how to do anything about it.

>Well, I hope it ups Chilly's internet charges.

Yeah, his mommy is going to be really unhappy with him for that.
Well, there goes his imaginary Internet business.

Sheesh!

Old guy

Re: HOW in the HELL did they FIND me?

Post removed (X-No-Archive: yes)

Re: HOW in the HELL did they FIND me?

In article , chilly8@hotmail.com says...
> It is the fact
> that my proxy is now going to be on proxy blacklists.

Which is where it belongs, and it will remain on them for a long time.

Unethical actions lead to bad things - you deserve to be shut down for
your lack of ethics.


--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: HOW in the HELL did they FIND me?

Post removed (X-No-Archive: yes)

Re: HOW in the HELL did they FIND me?

In article , chilly8@hotmail.com says...
> X-No-Archive: Yes
>
> "Leythos" wrote in message
> news:MPG.21f1ee45cb00e3ac989972@Adfree.usenet.com...
> > In article , chilly8@hotmail.com says...
> >> It is the fact
> >> that my proxy is now going to be on proxy blacklists.
> >
> > Which is where it belongs, and it will remain on them for a long time.
> >
> > Unethical actions lead to bad things - you deserve to be shut down for
> > your lack of ethics.
>
> I will ONLY remain on the blacklists as long as I remain on the
> public proxy lists. Once the makers of the proxy blacklists tests
> my site, and finds my proxy not there, I will be dropped from the
> blacklists.

getting off takes a LOT longer than getting on.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: HOW in the HELL did they FIND me?

"Chilly8" writes:

> "Leythos" wrote in message
> news:MPG.21f1ee45cb00e3ac989972@Adfree.usenet.com...
> > In article , chilly8@hotmail.com says...
> >> It is the fact
> >> that my proxy is now going to be on proxy blacklists.
> >
> > Which is where it belongs, and it will remain on them for a long time.
> >
> > Unethical actions lead to bad things - you deserve to be shut down for
> > your lack of ethics.
>
> I will ONLY remain on the blacklists as long as I remain on the
> public proxy lists. Once the makers of the proxy blacklists tests
> my site, and finds my proxy not there, I will be dropped from the
> blacklists.

I'd file that assumption in the "suspect" bin along with your prior
assumption that they'd only be looking on usual ports.

You may find yourself blacklisted for longer than you assume.

--
Todd H.
http://www.toddh.net/

Re: HOW in the HELL did they FIND me?

Post removed (X-No-Archive: yes)

Re: HOW in the HELL did they FIND me?

> I am
> solving this, however, by turning off my proxy for a few days,
> until the public proxy lists (which test proxies regularly),
> see my proxy as no longer working, and drop me from the
> lists.

Again assumptions from your side.
Wanna bet, if these are any better than the one about how
to find a proxy?

>That proxy,
> unlike my Tor entry proxy, was NOT meant for public
> consumption.

Then see to it, that it is not accessible.
If you can't control your equipment properly, don't blame
anyone else or the unfairness of the universe or whatever.

Re: HOW in the HELL did they FIND me?

>I have DHCP server software, which
> allows all our machines to use our main server
> (now in France), instead of our ISP's DHCP
> server. I just have is specify an IP address
> manually. SimpleDNS has that capability, where
> you don't have your use your ISP's DHCP
> server, to get on the net, and it is way better
> than any NAT device (as long as you have
> enough IPs in your subscription to make it
> work).

Plain gibberish. What do you want to say?

Re: HOW in the HELL did they FIND me?

Post removed (X-No-Archive: yes)

Re: HOW in the HELL did they FIND me?

> so my server address is starting to dissapper from the
> proxy lists

You are doing IT like they do VooDoo.

It doesn't occur to you, that endusers are compiling
public proxy lists into their own favorites, removing
not really working proxies much faster than any blocker would do?

Secdondly: The endusers of open proxies do not use
blocking lists to find open proxies, but public proxy lists.

So you are measuring at the wrong end of the causality chain.

Cheers,
Jens