Phant0m Sig

JacK · Aug 16, 2003

Hello,

Some posters are scared by the nice Phant0m sig...

http://www.danasoft.com/vipersig.jpg
Click to expand...

...of course as already stated each poster see its own IP and no way to see other IP's :-D

Idem her if you click here :

http://amg.sytes.net/panneau3.php?idpano=81630

- Since Phant0m's sig has since been changed, I edited this post to include the "image" that Phant0m has in his sig when this thread was first started - LWM

Phant0m · Aug 16, 2003

quoting: JacK link=board=22;threadid=12527;start=0#msg80547 date=1061067866]
Hello,

Some posters are scared by the nice Phant0m sig of course as already stated each poster see its own IP and no way to see other IP's :-D

Idem her if you click here :

http://amg.sytes.net/panneau3.php?idpano=81630
Click to expand...

LOL....

WE KNOW WHO YOU ARE!!!!!!!!
http://amg.sytes.net/panneau3.php?idpano=81630

LowWaterMark · Aug 16, 2003

This is a good opportunity for everyone to learn a little bit about how such things are done, and to see just what your browser is capable of.

The information contained in this type of browser display object is only being rendered (resolved and displayed) locally on your system within your own browser session. These objects are customized to each different person / system that views them because of how they are coded, but you might do best to think of them as a type of trick, if you will. (Though they certainly use perfectly valid browser functions, since most people rarely see them displayed like this, it's easier to think of them as tricks more than anything else.)

If the information displayed in these objects is correct for your system, and it will be for most people, then what you need to understand is that this information is already within your own browser. Your browser has access to this information, which is perfectly normal, and it is merely displaying it in just some cute graphical form.

Here is yet another of these browser display objects (you need to click this one to see it):

http://www.auditmypc.com/myinfo.asp?t=nolk

When you click on the above link, you'll get the same information as the others just in a different looking object. But, it works exactly the same way as the ones above.

Note: If I wanted that image to actually display for everyone automatically in this post, I'd have put it into img tags instead of url tags.

All this is to say that this really isn't a security problem. But, it might be worth discussing in more detail, here in this thread, how these things work to dispel any fears that people have.

CrazyM · Aug 16, 2003

One other piece of information that is displayed when you use Jack's and LWM's links is the users Host Name in addition to their IP. The host name is basically a reverse dns of the IP.

Users should be aware that some ISP's assign unique rdns info to user accounts and as such is something that is unique to them even if their IP changes.

Steve Gibson demonstrates and discusses this on his ShieldsUp! site.

There has also been a previous discussion on this issue here:
https://www.wilderssecurity.com/showthread.php?t=9303

Regards,

CrazyM

Amerk_5 · Feb 19, 2005

Here a couple more links. I really like the first link because there are a lot more things that you'll be shown about your computer besides just your browser & IP info. Especially if you're using IE.

[http://gemal.dk/browserspy/ ]

http://gemal.dk/browserspy/basic.html

http://www.essex1.com/people/timothy/js-detec.htm

LowWaterMark · Aug 16, 2003

Ah yes, I've seen that BrowserSpy page before... Nice addition, thanks Amerk!

All these pages, whether we're talking about the lengthy and detailed tabular informational pages like BrowserSpy, or these little graphical gimmicks, do what they do simply by displaying the information contained in a simple set of variables that most browsers support and provide freely to the web servers they contact.

Of course, as might be expected, Internet Explorer provides more information than most other browsers, if you don't secure it beyond the defaults.

In any case, it's good for people to realize that their browsers have this information available and that these are not hacker tricks or exploits on their systems. It's all a part of normal World Wide Web use. There are some tools and services available to suppress or redirect some of this information, but people need to decide for themselves if it's worth doing.

What can you do?

You can not block your IP address, or its reverse DNS based host name (if your ISP supports this function), simply by running local software on your PC. Your IP address is part of every data packet sent from or to your PC, and it must be known to the sites and servers you connect to if you expect to get any data packets, webpages, email messages, etc. sent back to you.

You see, your IP address is your end of a two way communication link. If you don't give the other site or server you communicate with your address, it can not reply to your connection. Period.

Now, the only way to keep your IP address secret from a particular site you visit is to trust some other third party site to proxy your connection for you. If you use a good anonymous proxy server, and have it relay all your communications on your behalf, then a specific site you visit (through that proxy) will think your PC is at the IP address of the proxy server and not your real public IP address.

Sounds good right? Well, guess what this involves... First, you must trust the proxy server site if you are going to do this. Since they must send back to your system all packets they are proxying for you, they must know your IP address. (Okay, so why exactly should we trust the proxy site instead of some other site we are visiting?) Secondly, good, stable, well-performing and free anonymous proxy sites are not easy to find. There are some pay services you could subscribe to if you are really concerned about this.

Want to know more about anonymous proxy servers, just search for that term at Google. Also, here is an old thread here at Wilders about proxy usage.

As for the other displayed information; i.e. your browser type, operating system, and other variables not seen above like referring webpage, etc.; well there are many privacy & security tools that will filter a lot of this information for you. Local proxy tools like Proxo or AdSubtract Pro, and many of the current personal software firewalls, will block several of these data elements. Again, if you really think these are necessary, search the Privacy forums here or on Google for local proxy and filtering tools.

As to what I think, well, I use Internet Explorer v6.0 on Windows XP Home, and I do not use a remote proxy server or any local filtering applications. My browser, OS, referrer, IP address, etc. all flow freely like most web users, and I don't really think it's worth worrying about.

But, people's opinions will vary on this.

Detox · Aug 17, 2003

Hmm all these things think I have Mozilla instead of IE6 for somereason - and the browserspy thing could tell me most stuff but it could not find my hard drives or my cd drives... They are neat little things to poke around in though. Lotsa javascript errors when it tried to find my cd drives.

Jooske · Aug 17, 2003

I don't know how to get that "gemal".. site to test, i only see explanation what is should all be? Or should i lower all my security allow cookies and banners and popups and animations and must i add it to the trusted zone and lower more security before i get any output on screen?
All the others do fine.

Amerk_5 · Aug 17, 2003

All the IE user agent's start out with Mozilla. Here's a link I found that explains it. http://hotwired.lycos.com/webmonkey/99/02/index2a_page4.html?tw=authoring

Detox · Aug 17, 2003

hm well that makes sense about Mozilla then but I figured it would eventually find IE6 - and it said IE undetected

controler · Aug 26, 2003

Phant0m's Sig displaying IP addresses...

Phamtom

Whya re you posting IP addys here? Not many will think that is funny
I thought they only did that on the Linux forum
when has displaying members IP addys been accepted here at Wilders?

con

- Please note that this post and all below were moved here from a different thread, which is why the "subject lines" are different, and why the question and answers link back on to this thread - LWM

Mr.Blaze · Aug 26, 2003

Re:Trojan Remover v6.0.4 Signatures *Update*

OMG how you do that lol that looks like my temporary ip adress will one of them lol

you better put that pick a way paul would most likely band you

paul dont normaly band people but thats a hanging offinse right there lol

by the way how did you do that all my security is maxed out

including ie settings

is it some kinda of a trick

controler · Aug 26, 2003

Re:Trojan Remover v6.0.4 Signatures *Update*

This person appears to be promoting this site?

http://www.danasoft.com/

Phant0m · Aug 26, 2003

Re:Trojan Remover v6.0.4 Signatures *Update*

The image your browser loads is actually script that loads first then imbeds it into an graphic, when browse the topics on forums your browser loads up all images available, in doing so you make direct connection to the server which automatically gives your real IP Informatics but not only that but the browser itself contains tags which retrievable by websites to fetch your IP Address.

The image only show the IP Address of the current viewer, your IP address isn’t being seen by others as others sees their own IP Addresses too…

Regards,

Mr.Blaze · Aug 26, 2003

Re:Trojan Remover v6.0.4 Signatures *Update*

THATS PERTY COOL BUT WHY DOES MY FIRE WALL KEEP GOING OFF RIGHT NOW AFTER VIEWING THAT COOL PICK SAYS DOES NOT PLAY WELL WITH OTHERS MY FIREWALL IS GOING CRAZY

damn caps lol

keep geting packets from same adress so far 86 alerts

Phant0m · Aug 26, 2003

Re:Trojan Remover v6.0.4 Signatures *Update*

quoting: Mr.Blaze link=board=26;threadid=12920;start=0#msg82976 date=1061946489]
THATS PERTY COOL BUT WHY DOES MY FIRE WALL KEEP GOING OFF RIGHT NOW AFTER VIEWING THAT COOL PICK SAYS DOES NOT PLAY WELL WITH OTHERS MY FIREWALL IS GOING CRAZY

damn caps lol

keep geting packets from same adress so far 86 alerts
Click to expand...

Incoming or Outgoings?

Mr.Blaze · Aug 26, 2003

Re:Trojan Remover v6.0.4 Signatures *Update*

so is there anyway to stop that i thought between hta sop worm gaurd and another million protection softwares runing in the background id be safe

do i need to reconfig something?

this difinitly has raisd my attintion maybe im not as secure as i thought i was

Mr.Blaze · Aug 26, 2003

Re:Trojan Remover v6.0.4 Signatures *Update*

loooks like incomeing packets

there all being blocked

but still kinda anoying

this is actualy kinda good with that pic thing maybe you can teach us how to stop something like that =)

Phant0m · Aug 26, 2003

Re:Trojan Remover v6.0.4 Signatures *Update*

quoting: Mr.Blaze link=board=26;threadid=12920;start=0#msg82978 date=1061946703]
so is there anyway to stop that i thought between hta sop worm gaurd and another million protection softwares runing in the background id be safe

do i need to reconfig something?

this difinitly has raisd my attintion maybe im not as secure as i thought i was
Click to expand...

Hey Mr.Blaze

Well, for starts you could disable Image Loading of Authorized web-sites...

Phant0m · Aug 26, 2003

Re:Trojan Remover v6.0.4 Signatures *Update*

quoting: Mr.Blaze link=board=26;threadid=12920;start=0#msg82980 date=1061946808]
loooks like incomeing packets

there all being blocked

but still kinda anoying

this is actualy kinda good with that pic thing maybe you can teach us how to stop something like that =)
Click to expand...

I’m not sure why you would be receiving Inbound Packets from that server, could you paste us a packet line showing the blocking from Source IP with Source/Destination ports and IP Protocol usage…?

Mr.Blaze · Aug 26, 2003

Rehant0m's Sig displaying IP addresses...

311 acess atempts from damn its the same 2 or 4 digits in front and the rest keep changeing

i have zap and i think it sucks i cant save my alerts to text

Phant0m · Aug 26, 2003

Rehant0m's Sig displaying IP addresses...

quoting: Mr.Blaze link=board=22;threadid=12527;start=15#msg82988 date=1061947581]
311 acess atempts from damn its the same 2 or 4 digits in front and the rest keep changeing

i have zap and i think it sucks i cant save my alerts to text
Click to expand...

Thing is if your browser is Internet Explorer you have so much Information that’s retrievable by the remote sites that it’s just unbelievable. Nothing much you can really do about this situation unless you prevent Image Loading which should normally stop any connections to the image servers, this being a Forum and all you got Images being hosted all-around and this being case one could easily setup a server on their box and post an Image on this Forum and when any VIEWER views the topic and they load the image one can easily monitor all it’s connections. And this being the case this could easily be taking into someone’s advantage, but if you have properly configured Software Firewall which blocks ALL remotely generated packets regardless if it’s over IP & Non-IP or Other IP Protocols, then I wouldn’t worry. Most anyone could do is Packet Flood your butt offline, in the process frying your modems…

LowWaterMark · Aug 26, 2003

Blaze -

It seems unlikely that you are getting those packets from the site linked in Phant0m's signature. It's probably just some unrelated traffic. You'll find the full Zone Alarm log file in:

c:\windows\internet logs\zalog.txt

If you post some of the samples here, we can figure it out.

Edit: It was determined that all the activity Blaze was seeing was related to the various new worms that are probing everyone's systems lately and not the above sig. See this thread for more on that.

LowWaterMark · Aug 26, 2003

The full explanation of how Phant0m's signature works is explain in the first few replies on the first page of this thread.

If you see your IP address in Phant0m's signature it is because your browser is doing it locally on your own system. You can think of it as a trick or a gimmick.

museheart · Sep 2, 2003

quoting: LowWaterMark link=board=22;threadid=12527;start=15#msg82991 date=1061948453]
The full explanation of how Phant0m's signature works is explain in the first few replies on the first page of this thread.

If you see your IP address in Phant0m's signature it is because your browser is doing it locally on your own system. You can think of it as a trick or a gimmick.
Click to expand...

Ummmmmmm. That is reassuring.

Log in or Sign up

Phant0m Sig

JacK Registered Member

Phant0m Registered Member

LowWaterMark Administrator

CrazyM Firewall Expert

Amerk_5 Registered Member

LowWaterMark Administrator

Detox Retired Moderator

Jooske Registered Member

Amerk_5 Registered Member

Detox Retired Moderator

controler Guest

Mr.Blaze The Newbie Welcome Wagon

controler Guest

Phant0m Registered Member

Mr.Blaze The Newbie Welcome Wagon

Phant0m Registered Member

Mr.Blaze The Newbie Welcome Wagon

Mr.Blaze The Newbie Welcome Wagon

Phant0m Registered Member

Phant0m Registered Member

Mr.Blaze The Newbie Welcome Wagon

Phant0m Registered Member

LowWaterMark Administrator

LowWaterMark Administrator

museheart Registered Member

Log in or Sign up

Phant0m Sig

JacK Registered Member

Phant0m Registered Member

LowWaterMark Administrator

CrazyM Firewall Expert

Amerk_5 Registered Member

LowWaterMark Administrator

Detox Retired Moderator

Jooske Registered Member

Amerk_5 Registered Member

Detox Retired Moderator

controler Guest

Mr.Blaze The Newbie Welcome Wagon

controler Guest

Phant0m Registered Member

Mr.Blaze The Newbie Welcome Wagon

Phant0m Registered Member

Mr.Blaze The Newbie Welcome Wagon

Mr.Blaze The Newbie Welcome Wagon

Phant0m Registered Member

Phant0m Registered Member

Mr.Blaze The Newbie Welcome Wagon

Phant0m Registered Member

LowWaterMark Administrator

LowWaterMark Administrator

museheart Registered Member

Useful Searches