Ultraviolet Posted May 18, 2004 I'm running Symantec Firewall. I just visited Planetdoom for some screenshot or whatever, and I got this notification that my firewall had just blocked an intrusion it named "ASP_ActivePerl_Overflow" (I think, I kinda closed the dialogue already). Not cool. Anybody else fine Gamespy sites screwing them over in more than the usual ways? 0 Share this post Link to post
Sharessa Posted May 18, 2004 Well, aside from the fact that they have a 2-page form to fill out if you want to register with the site, I havent found any kinds of invasions from them. 0 Share this post Link to post
Quasar Posted May 19, 2004 Every time I visit any site even remotely connected to their network, my browser blocks about 15 different beacons and cookies. Not to mention how a lot of the stuff it shows as accepted has all kinds of information in the URL and is being sent to server-side scripts for storage into databases. I'd like to know exactly how much they know about me just from my IP address. 0 Share this post Link to post
SyntherAugustus Posted May 19, 2004 Ultraviolet said:I'm running Symantec Firewall. I just visited Planetdoom for some screenshot or whatever, and I got this notification that my firewall had just blocked an intrusion it named "ASP_ActivePerl_Overflow" (I think, I kinda closed the dialogue already). Not cool. Anybody else fine Gamespy sites screwing them over in more than the usual ways? Maybe that explains why 99% of the asp pages there don't work. Guess I figured that out. 0 Share this post Link to post
Ultraviolet Posted May 19, 2004 Quasar said:I'd like to know exactly how much they know about me just from my IP address. I know you can determine someone's ISP and thus their approximate geographic location, assuming they aren't spoofing, but what else does an IP address give away? Is the fact that my (software) firewall detected something Gamespy was doing as an intrusion relevant here? Is it more likely that it just misread the exchange of data as an intrusion when it in fact was not? EDIT: And should I inform Gamespy that I believe their advertisers may be up to no good because of this? It may actually be them, but informing them that it may have actually been ad content could prompt them to review their advertisers' material for malware, whereas they might be unlikely to change anything that is on their end. 0 Share this post Link to post
gatewatcher Posted May 19, 2004 Ultraviolet said:I know you can determine someone's ISP and thus their approximate geographic location, assuming they aren't spoofing, but what else does an IP address give away? That's pretty much it. And even an "exact" geographic location as you put it, is still pretty broad, you can never get pin-point locoation out of it afaik. So, you don't need to worry about gamespy coming to your house =P And with the firewall, it tends to breed paranoia if you're new to it. Pretty much the only Notron alerts you would want to pay attention to are trojan blockings and portscans. If you get any other alerts, you may just want to adjust you're settings to something lower, I myself have everything on medium, I have to allow anything and everything (cookies, java). 0 Share this post Link to post
Ichor Posted May 19, 2004 If medium setting allows anything and everything, I'd hate to see the low setting. 0 Share this post Link to post
Ultraviolet Posted May 19, 2004 It's not quite how he describes it. Mine seldom reports intrusions to me, and I have few problems with mysteriously undelivered content online or failures to connect, etc. Gatewatcher, please re-read my post. I didn't say "exact." In fact, I said something quite the opposite. I used "approximate." [EDIT: You even quoted me as saying "approximate," and yet still acted as if I had said "exact." :P] However, "exact" physical location could be determined somehow I'm sure over connections via phone lines, but it should take a bit more than an IP address. An active connection, some route tracing, and reading routing information and logs of switch activity will eventually yield a result within one city block, unless I'm interpreting the technology incorrectly. Probably abstracting it wrong... I don't know too much about networking, but the term "packet switching" seems to indicate that each packet contains the necessary information to tell each switch it encounters where it needs to be sent. Then, of course, there's always the getting ISP's records, which probably implies a lot less networking overhead needed to track a person down, and could even be easier depending on the ISP. I'm not new to the Symantec Client Firewall. While I might not be familiar with all its features yet anyway, I certainly am not paranoid about it. I don't have my error reporting cranked up to the point of telling me about every time someone on the Internet farts, so it was out of the ordinary (but not a surprise) when I was alerted that Gamespy (most likely its ad content, more specifically) was doing something that looks like it's probably some kind of Windows network or browser code exploit. (My reasoning there is that the intrusion report was described as a forced "overflow" of some sort, which is something I have noticed is often said to be commonly found while debugging software, or probably even more commonly, intentionally bugging it. If you search the MS security problem records, the word "overflow" probably turns up a lot.) I'm posting in a hazy mental state right now. Forgive the digression and unclarity if you find any. 0 Share this post Link to post
gatewatcher Posted May 19, 2004 Ichor said:If medium setting allows anything and everything, I'd hate to see the low setting. *I have to* allow anything and everything, meaning if a website wants to use a cookie, I can just block it. I works like that for everything. 0 Share this post Link to post
boris Posted May 19, 2004 Heh, malware in a server-sided language would be pretty self-destructing :P 0 Share this post Link to post
Piezo Posted May 19, 2004 Ultraviolet said:I know you can determine someone's ISP and thus their approximate geographic location, assuming they aren't spoofing, but what else does an IP address give away? I remember I was online on my mom's PC and a pop-up came up that read something in the nature of You have spyware on your PC! Your name:<my mom's full name!?> Your address:<her home address alright> Your browser: Internet Explorer 6 Your IP address:<her IP address> Now the last two I learned can be obtained using "simple java script." The rest though I thought was pretty scary. I showed my mom and I don't think she did anything about it. A while later she installed anti-spyware software I think. This was almost two years ago and I think it was just after she got cable internet. I never saw that pop-up ever again. 0 Share this post Link to post
Mordeth Posted May 24, 2004 Piezo said: You have spyware on your PC! Your name: Your address: Your browser: Internet Explorer 6 Your IP address: Ten to one that this pop-up is just an ad, using data obtained from running a simple javascript. Of course, clicking the ad will install "a helpfull program" which is actually spyware/malware :) 0 Share this post Link to post
DooMBoy Posted May 24, 2004 Quasar said:I'd like to know exactly how much they know about me just from my IP address. EVERYTHING MUWHAHAHAHA 0 Share this post Link to post
insertwackynamehere Posted May 24, 2004 boris said:Heh, malware in a server-sided language would be pretty self-destructing :P Not if it sets a cookie, refreshes, chacks for the cookie, finds it, redirects to forced download and it all goes downhill from there :P 0 Share this post Link to post