# We're watching you



## Bogstandard (Jul 24, 2008)

During the last few days in the UK, it has been announced that the major broadband suppliers will be monitoring what you are uploading and downloading, and if it is illegal music or films or WHY, they will be sending you a warning letter to the effect that you must cease and desist.

My very good firewall is taking a beating at the moment, after about 10 at night it starts, but nothing has got thru yet, as far as I can see. Will this prevent them looking at what I am doing? or is it just a matter of time.
It is not the illegal downloads or uploads that is worrying me, it is the compromising of my privacy that has me annoyed.

What is the best way to stop them breaching my civil liberties, or is it just a matter of telling them where to stuff their spyware and move to one that isn't in the 'gang'.

John


----------



## Twinsquirrel (Jul 24, 2008)

Hi John, 

The firewall hits you are getting are alomost certainly NOT your ISP, that would be illegal. The ISP's are generally monitoring the traffic through specific ports as peer to peer file sharing sites generally require a specific port, this is how they get you.

There are free proxies out there which you can route all of your through, this has the effect that the connection from you to the remote machine is benine as far as the ISP is concerned and makes you much more immune to being traced. The big problem here is that unless you SSL encrypt all the traffic that passes through the proxy then that proxy can read EVERYTHING you send or recieve... Personally I trust my ISP more than a free "annonimzer" site somewhere in the former USSR. They do have their uses though I have used 1 or 2 for testing a video over IP CCTV system... here is a list that I just pulled up on google:http://www.freeproxy.ru/en/free_proxy/cgi-proxy.htm.

David


----------



## Twinsquirrel (Jul 24, 2008)

Sorry update John


> My very good firewall is taking a beating at the moment, after about 10 at night it starts, but nothing has got thru yet, as far as I can see. Will this prevent them looking at what I am doing? or is it just a matter of time.



Hackers have a tendancy to attack blocks of ip addresses over a period of a few evenings, ISP's are allocated a certain number of IP's and hackers will probe for open ports or other "exploits" on all the ip addresses in the block.


----------



## Bogstandard (Jul 24, 2008)

David,

Don't do peer to peer at all. No specific ports allocated to anything.

My main attacks seem to be coming from my router, 192.168.1.2, so I have no way of back tracing. Not that I know what I am doing anyway.

It usually starts after I log into somewhere like ebay.

John


----------



## malcolmt (Jul 24, 2008)

??? 
And for those of us whose first and only language is english............... Peer to peer isp poxy server  ;D

Sounds complimicated 

Malcolm


----------



## Twinsquirrel (Jul 24, 2008)

John,

Does your firewall give you any other more detailed info on the type of attack.. i.e the port or the program it is trying to access. Your router is your first point of defence against attack and that should filter out most things....

It is very likley that your firewall is missreporting a software updater like adobe updater as an attack... Would your firewall be zonealarm by any chance?

David


----------



## rake60 (Jul 24, 2008)

I was kicked off a broadband service once for having pirated software.

Damn Kids! 

It ended up in a messy privacy litigation that the ISP wasn't prepaired
to defend.

Let them watch.
My lawyers are BIGGER than theirs! 

Rick


----------



## shred (Jul 25, 2008)

Coming from 192.168.x.y means the traffic is internal, and 192.168.0.2 is probably the first thing hooked up to the router, since the router itself is probably using 192.168.0.1. Most every home router issues addresses in this range to devices on the local network. The address on the other side, ISP will probably be 10.x.y.z or so. You can probably find that in the router control and status pages if you look for the 'WAN IP'

For the non tech geeks, there are a number of IP addresses that are called 'non-routable' or 'private'. The most common set are 192.168.x.y and 10.x.y.z, although there are others. The idea is any data packet using those address won't go anywhere on the internet at-large; they can only run around on your local network, and you can assign them as you see fit-- the regular IP addresses are assigned and managed differently and pretty much, you can't get one for yourself-- all the ISPs own them. 

You can kind of think if it like mail addresses-- if you own a building, you can address packages internally to 'room 310' or 'box A' and they'll get there, but throw a letter with just 'box A' written on it into a public mailbox and it won't go anywhere. For that you need the public address like "321 Elm Street, Gooberville, PQ, 8675309".

What your router does is called 'NAT' or network-address-translation-- it acts as a mailroom go-between between your local addresses and the public one-- so if you have a packet to send out to the internet, you send it to the router, the router rewrites the address to one the internet knows and dumps it into the public network. When the internet replies, the router says 'I know who this goes to', and rewrites it going the other way so you end up with it and not Bob down the hall.

Often in the case of a residential ISP, your router is behind another layer of NAT at the ISP-- its like you're a small office inside a much larger office building, so your package addresses get rewritten twice or more before they hit the main internet.

The reason for all this fun is because there aren't enough 'real' IP addresses for every device out there. There are proposals (called 'IPv6') to fix this, but so far adoption has been very slow.

Anyway... back to Bogs' issue-- the only way your router can get to the outside internet is via your ISP. That's where they'll open and inspect your packets to see if you're being bad. The only way around that is to encrypt your packets or get a new ISP.


----------



## Cedge (Jul 25, 2008)

Being paranoid doesn't mean they aren't out to get you....LOL. Several years ago I accidentally wound up in the middle of an international hacker hunt. I was asked by a graphics software company to act as liaison for their alpha and beta testing teams. The company was located in Taiwan and used contract programmers for product development. 

I had recently installed my first firewall software, along with a physical firewall and it was all still new enough to warrant watching to see what it all did. It was entertaining to watch the activity that most net users never know is going on behind the scenes. 

I installed the Alpha version of the company's latest offering without much thought and opened it up for a first inspection. My firewall immediately chirped and I notice the software was trying to make a call out to a specific IP number. A little detective work placed the IP number in South Korea. That aroused some curiosity, so I did a bit more digging and found it was coming from a S.K government agency concerned with agriculture. By now the software is banging away at the firewall every .05 seconds like its life is at stake.

I checked around in the software and there was an option for auto registration, but it didn't want to call South Korea.... but was perfectly happy to take no for an answer for it's single attempt to call Taiwan. Blocking this option had zero effect on the other attempts to call out. I contacted the software company to let them know there might be a problem and they pretty much gave me the email version of shrugged shoulders and a mumbled "paranoid American".

I contacted several of the team testers and asked them to watch for what I'd been seeing. Sure enough, as each one installed and started the test package, they were greeted by similar firewall alarms, but aimed at IP's of other obscure government agencies in other far eastern countries, including Communist China.

We began monitoring things and noticed that we were all seeing attempts to contact our own computers from these same IP numbers. I then installed the software on another firewalled computer and let the beacon complete its call out. It connected for a few moments and then disconnected. At that point the call outs stopped and the firewall was quiet. I then blocked the call out on this computer and waited to see what happened. 24 hour later the outside IP tapped on the door again and the internal call out began chirping the firewall. Seems these two wanted to communicate badly. That is when I made a wrong move. I pinged the S.K. address. My firewall software lit up like a Christmas tree and stayed that way around the clock without breaks. 

I contacted my ISP and explained the problem to them. Luckily they had a talented young guy who grasped the situation immediately. He did a few checks from his end and let out a low whistle. It seems the IP in SK was no longer my villain. The new IP was now located 5 digits off my own IP number and supposedly originating from my ISP. Only one problem with that..... the IP number was not legally registered to my ISP. That little tidbit got Charter cable excited in no small way. 

The reassigned me to another IP number and made me promise not to go ping hunting the guy anymore.

Long story short.... over the next 30 days we tracked the guy all over Asia, eliminating probable locations. By now the software company is scared that they are the victims of industrial espionage and begin adding their own resources to the fray. With their contacts, and the tracking we'd already done, the beacon was eventually tracked down to the office of a junior programmer, working on contract within their own company. He was arrested and convicted on a number of charges. Later investigation showed evidence of him communicating details of new features to two different competing companies. The beacons were installed to allow him to forward test results to update them on changes the teams were making.

My one and only adventure in high stakes cyber-sleuthing, but it was a real life doosie. Quite an educational experience too. 

Steve


----------



## Bogstandard (Jul 29, 2008)

This seems a rather interesting report on my initial question

http://www.ispreview.co.uk/articles/p2p08/

Bogs


----------



## Circlip (Jul 29, 2008)

Never heard of GCHQ John?, I know of one possible "uncrackable" encryption programme, but what is the so called "normal" person ( I discount us cos muddle ingineers are not classed as normal anyway) frightened of? Civil liberties? Long gone.
 I find it really amusing that people think that they're running the gauntlet thinking that they can "get through" customs with contraband. Luck stopping the baddies? I think not. Only safe method for totally secure communications is face to face verbal.
 Regards Ian.


----------



## shred (Jul 29, 2008)

FWIW, at one point about 8-9 years ago, fully half of all internet traffic was Napster music "sharing" (aka: copying).


----------



## rake60 (Sep 6, 2008)

My ISP is comcast.

Seems they are in a bit of trouble these days.
They have have been terminating connections to certain peer to peer file 
sharing services based on file sizes.

The FCC has given them 72 hours to rectify that discrimination.

Big dogs bite back! 

Rick


----------

