|
Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost. | |||
23 December 2007
A2 sends:
The UDP 1026 (and 1027-1029) is almost certainly Windows Messenger service traffic, not covert government hack attempts. Since 2005 these ports have been used to directly attempt message notifications on a Windows host connected to the Internet. This does not mean that such activity could not also include covert hack attacks, and in fact, given the rise of traffic to the port since 2005, may provide good cover for actual penetration attempts. See also: http://www.linklogger.com/messenger_spam.htm Connectionless UDP makes spoofing source address trivial. Any apparent source address for these packets should be treated with skepticism.
23 December 2007
Related: nsa-ip-update14.htm + Regarding Corroboration of NSA IP Info December 23, 2007
A2 sends:
Subject: "Cryptome." Re: Regarding Corroboration of NSA IP InfoDate: Sun, 23 Dec 2007 07:11:56 -0800 For Cryptome: Sunday, 23 December, 2007 6:27:34 AM -0500 (EST) I got the IP addresses below directly from my firewall logs. For those who care about security I recommend reading firewall logs more closely -- because your computer may be being hacked. I prepared some IP info for best understanding of Cryptome readers below (some of these IP's are really from US military). The IP adresseses shown here try to obtain direct access to your computer by ports 1024-1030. This confirms that the information sent by the NSA IP source is legitmate and real (For those who still doubt that). Src: 46.177.105.133 SrcPort: 31114 DstPort: 1026 Src: 72.55.134.125 SrcPort:31114 DstPort: 1026 Src: 63.49.31.79 SrcPort:31114 DstPort: 1026 Src: 79.80.1.97 SrcPort: 31114 DstPort: 1026 Src: 211.244.64.119 SrcPort: 31114 DstPort: 1026 Src: 164.136.202.161 SrcPort: 31114 DstPort: 1026 =============================================================== Src: 130.74.127.240 SrcPort: 31114 DstPort: 1026 OrgName: University of Mississippi OrgID: UNIVER-325 Address: IT Network Management Baxter Hall City: University StateProv: MS PostalCode: 38677 Country: US NetType: Direct Assignment NameServer: NS1.OLEMISS.EDU NameServer: NS2.OLEMISS.EDU RTechHandle: ZU41-ARIN RTechName: University of Mississippi RTechPhone: +1-662-915-7206 RTechEmail: network@olemiss.edu =============================================================== 1717140 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 30.48.45.66 SrcPort: 31187 DstPort: 1026 <== MILITARY IP RANGE!!! No PTR Record OrgName: DoD Network Information Center OrgID: DNIC Address: 3990 E. Broad Street City: Columbus StateProv: OH PostalCode: 43218 Country: US OrgTechHandle: MIL-HSTMST-ARIN OrgTechName: Network DoD OrgTechPhone: +1-800-365-3642 OrgTechEmail: HOSTMASTER@nic.mil =============================================================== 121.111.81.220 - DstPort: 1026 netname: KDDI descr: KDDI CORPORATION descr: GARDEN AIR TOWER,3-10-10,Iidabashi,Chiyoda-ku,Tokyo country: JP source: APNIC =============================================================== 8.145.22.52 - DstPort: 1026 OrgName: Level 3 Communications, Inc. OrgID: LVLT Address: 1025 Eldorado Blvd. City: Broomfield StateProv: CO PostalCode: 80021 Country: US =============================================================== 139.221.112.220 - DstPort: 1026 [UNSPECIFIED] - Currently unassigned =============================================================== 1226812 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 221.208.208.97 SrcPort: 36825 DstPort: 1027 1226812 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 221.208.208.97 SrcPort: 36825 DstPort: 1026 221.208.208.86 - DstPort: 1026 and 1027 221.208.208.212 - DstPort: 1027 202.97.238.204 - DstPort: 1027 202.97.238.203 - DstPort: 1027 202.97.238.202 - DstPort: 1027 202.97.238.199 - DstPort: 1026 60.11.147.177 - DstPort: 1026 netname: CNCGROUP-HL descr: CNCGROUP Heilongjiang Province Network descr: China Network Communications Group Corporation descr: No.156,Fu-Xing-Men-Nei Street, descr: Beijing 100031 country: CN =============================================================== 307562 Packet DROPPED Proto: IP_UDP Flags: 0x0000000a Src: 101.206.185.186 SrcPort: 31187 DstPort: 1026 [UNSPECIFIED] - Currently unassigned =============================================================== 839718 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 55.213.253.207 SrcPort: 30534 DstPort: 1026 <== MILITARY IP RANGE!!! No PTR Record OrgName: Headquarters, USAAISC OrgID: HEADQU-3 Address: NETC-ANC CONUS TNOSC City: Fort Huachuca StateProv: AZ PostalCode: 85613-5000 Country: US NetRange: 55.0.0.0 - 55.255.255.255 CIDR: 55.0.0.0/8 NetName: ARMY-RCAS NetHandle: NET-55-0-0-0-1 Parent: NetType: Direct Allocation NameServer: NS01.ARMY.MIL NameServer: NS02.ARMY.MIL NameServer: NS03.ARMY.MIL =============================================================== 878828 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 189.94.162.116 SrcPort: 30534 DstPort: 1026 =============================================================== 928921 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 37.17.197.78 SrcPort: 30534 DstPort: 1026 996375 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 177.16.9.88 SrcPort: 30534 DstPort: 1026 1024125 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 216.203.245.215 SrcPort: 30534 DstPort: 1026 =============================================================== 1063562 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 171.233.249.134 SrcPort: 30534 DstPort: 1026 Bank of America - Source: http://www.maxmind.com/app/locate_ip =============================================================== 1117812 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 103.238.113.101 SrcPort: 30534 DstPort: 1026 1184593 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 161.146.220.213 SrcPort: 30534 DstPort: 1026 =============================================================== 1208062 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 28.23.157.147 SrcPort: 30534 DstPort: 1026 <== MILITARY IP RANGE!!! No PTR Record OrgName: DoD Network Information Center OrgID: DNIC Address: 3990 E. Broad Street City: Columbus StateProv: OH PostalCode: 43218 Country: US OrgTechHandle: MIL-HSTMST-ARIN OrgTechName: Network DoD OrgTechPhone: +1-800-365-3642 OrgTechEmail: HOSTMASTER@nic.mil =============================================================== 1247250 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 176.38.56.67 SrcPort: 30534 DstPort: 1026 =============================================================== 1308093 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 64.83.35.179 SrcPort: 30534 DstPort: 1026 1319906 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 41.29.135.239 SrcPort: 30534 DstPort: 1026 1372734 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 189.231.205. 9 SrcPort: 30534 DstPort: 1026 1391781 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 194. 5.50.86 SrcPort: 30534 DstPort: 1026 1431296 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 179.225.42.30 SrcPort: 30534 DstPort: 1026 =============================================================== 1497953 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 141.247.171.43 SrcPort: 30534 DstPort: 1026 OrgName: Sigma Aldrich Corporation OrgID: SAC-10 Address: 3050 Spruce City: St. Louis StateProv: MO PostalCode: 63103 Country: US NameServer: SIGMA.SIAL.COM NameServer: WUGATE.WUSTL.EDU =============================================================== 1561375 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 34.9.108.11 SrcPort: 30534 DstPort: 1026 =============================================================== 1575281 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 214.229.111.68 SrcPort: 30534 DstPort: 1026 <== MILITARY IP RANGE!!! OrgName: DoD Network Information Center OrgID: DNIC Address: 3990 E. Broad Street City: Columbus StateProv: OH PostalCode: 43218 Country: US NetType: Direct Allocation NameServer: CON1R.NIPR.MIL NameServer: CON2R.NIPR.MIL NameServer: EUR1R.NIPR.MIL NameServer: EUR2R.NIPR.MIL NameServer: PAC1R.NIPR.MIL NameServer: PAC2R.NIPR.MIL OrgTechHandle: MIL-HSTMST-ARIN OrgTechName: Network DoD OrgTechPhone: +1-800-365-3642 OrgTechEmail: HOSTMASTER@nic.mil =============================================================== 1615859 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 160.135.113.93 SrcPort: 30534 DstPort: 1026 <== MILITARY IP RANGE!!! OrgName: HHC, 1st Signal Brigade OrgID: 1SBU Address: HHC, 1st Signal Brigade Address: TNOSC-K City: APO StateProv: AP PostalCode: 96218 Country: US NetType: Direct Assignment NameServer: NS01.ARMY.MIL NameServer: NS02.ARMY.MIL NameServer: NS03.ARMY.MIL OrgTechHandle: GFS3-ARIN OrgTechName: Sullivan, George F OrgTechPhone: +1-82-053-470-3920 OrgTechEmail: GEORGE.SULLIVAN@us.army.mil =============================================================== 1686843 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 204.244.219.236 SrcPort: 30534 DstPort: 1026 1749359 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 104.225.151.215 SrcPort: 30534 DstPort: 1026 1759640 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 209.117.198.72 SrcPort: 30534 DstPort: 1026 1800015 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 63.64.199.34 SrcPort: 30534 DstPort: 1026 1877046 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 52.115.218.170 SrcPort: 30534 DstPort: 1026 1937281 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 186.45.202.144 SrcPort: 30534 DstPort: 1026 1943250 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 109.203.212.131 SrcPort: 30534 DstPort: 1026 1983375 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 161.216.192.48 SrcPort: 30534 DstPort: 1026 =============================================================== 2066562 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 152.58.152.254 SrcPort: 30534 DstPort: 1026 OrgName: North Carolina Research and Education Network OrgID: CNRT Address: PO Box 12889 Address: 3021 Cornwallis Rd. City: Research Triangle Park StateProv: NC PostalCode: 27709 Country: US =============================================================== 2125593 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 174.56.236.215 SrcPort: 30534 DstPort: 1026 =============================================================== 2126796 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 13.37.68.171 SrcPort: 30534 DstPort: 1026 OrgName: Xerox Palo Alto Research Center OrgID: XPARC Address: 3333 Coyote Hill Road City: Palo Alto StateProv: CA PostalCode: 94304 Country: US =============================================================== 2167640 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 196.253.119.162 SrcPort: 30534 DstPort: 1026 =============================================================== 2255921 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 53.80.230.115 SrcPort: 30534 DstPort: 1026 Mercedes Benz AG - DAIMLERCHRYSLER AG OrgName: cap debis ccs OrgID: CDC-6 Address: RRZ-S/K Address: c/o Mercedes Benz AG Address: Postfach 6002 02 Address: Mercedestr. 136 Address: 7000 Stuttgart 60 City: StateProv: PostalCode: Country: DE NameServer: NS1.SNS-FELB.DEBIS.COM NameServer: NS2.SNS-UT.DEBIS.COM RTechHandle: KW62-ARIN RTechName: Weiler, Klaus RTechPhone: 49-711-1753493 RTechEmail: dns@debis.de =============================================================== 2310703 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 118.57.69.132 SrcPort: 30534 DstPort: 1026 2313640 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 75.214.236.115 SrcPort: 30534 DstPort: 1026 2351765 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 198.161.217.23 SrcPort: 30534 DstPort: 1026 2445828 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 49.82.131.5 SrcPort: 30534 DstPort: 1026 2494593 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 80.7.81.216 SrcPort: 30534 DstPort: 1026 2501687 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 147.196.175.101 SrcPort: 30534 DstPort: 1026 2535437 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src: 211.236.250.129 SrcPort: 30534 DstPort: 1026