XPost: alt.privacy.anon-server, comp.security.firewalls, alt.computer.security
In article
<
[email protected]>
Anonymous <
[email protected]> wrote:
On 08/17/2015 07:35 AM, Nomen Nescio wrote:
Caught these records that actually got an ACK and returned an OK:
103 2015-08-16
20:37:37.831756 198.15.216.135 me.net HTTP 274 5270 GET >> http://www.msftncsi.com/ncsi.txt HTTP/1.1
104 2015-08-16
Seq=1 Ack=221 Win=15544 Len=0
105 2015-08-16
20:37:37.832683 me.net 198.15.216.135 HTTP 1259 6583 HTTP/1.1 200
OK (text/html)
Went on the try a GET /HNAP1/ which I had already blocked. The
http://www.msftncsi.com/ncsi.txt is a Microsoft site that returns a
page containing this:
Microsoft NCSI
Explained here: http://blog.superuser.com/2011/05/16/windows-7-network-awareness/
-SEC3 Pinger
That was quite interesting. Looks like another way the MS can
track you. I set the value in the register to zero as suggested,
it was 1 - on.
I am not sure what is going on with such a hit, but it seems like
they actually used my Linux server to go to msftncsi.com.
I block this request from someone hitting my Linux server with
this request using these. Only one is probably necessary.
Both on single line:
iptables -I INPUT 1 -p tcp -m multiport --dports 80,443 -m string --
string "msftncsi"
--algo bm --to 300 -j DROP
iptables -I INPUT 2 -p tcp -m multiport --dports 80,443 -m string --
string "HNAP1"
--algo bm --to 300 -j DROP
No paranoia here.
"The TechNet webpage describing NCSI mentions:
IIS logs are stored on the server at www.msftncsi.com. These
logs contain the time of each access and the IP address recorded
for that access. These IP addresses are not used to identify
users."
Are you fucking insane or what?
AT&T has been happily volunteering your information to world
governments on every single pipe they own - without even being
asked. I don't care who you think you have for an ISP - AT&T is
providing the primary pipe.
Where is your objection to that behavior?
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)