Naviscope Spyware??

Discussion in 'privacy general' started by root, Jul 7, 2002.

Thread Status:
Not open for further replies.
  1. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
  2. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Man spyware people must hate packet sniffers eh? LOL
     
  3. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    One of our own members has a solution to this problem. Check out javacool's IDBlaster 1.0! I have both Naviscope and IDBlaster. :D


    http://www.wilderssecurity.com/showthread.php?t=2173;start=15

    That should help you get started! ;)
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    P_S - So, you're saying that as long as ID-B is started before Naviscope, that Naviscope doesn't know the correct ID # to use?

    Are you sure that Naviscope didn't record the correct ID # of the OS (if, indeed, that's what's actually going on) as soon as you installed it - and keeps it somewhere?

    Can someone with the actual know-how please use a sniffer on the naviscope packet, sort it out and tell us what, exactly , is being transmitted? Someone with a sniffer and a text-editor? (So that they'll be able to read in English whatever the heck is there?).

    I'd really like to be able to put this Naviscope thing to bed, one way or the other - wouldn't y'all? Pete
     
  5. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Will this work for you Pete? Bassbag got a reply.
    update on naviscope

    I posted on another newsgroup about naviscope and
    concers raised..I was given some info and a link

    http://groups.google.com/groups?oi=...corridor.net%3E

    It seems that that naviscope does send info back
    to ip address 216.157.91.36.Apparently it contains windows id key , and was
    used by naviscope (when it wasnt freeware) to check whether it was
    registered or not.I checked myeslf using debug feature in outpost firewall
    which among other things also shows packets sent.It showed packets being
    sent to that ip address.In view of this I am continuing to use naviscope as
    I think its an excellent programme but I have blocked 3 ip addresses using dmuts "blockpost"which
    are...
    212.100.224.102
    202.84.198.59
    216.157.91.36
    This has effectively stopped the packets being sent , and Im happy with that
    ,though on reflection I wont recommend naviscope in future unless the person
    is aware of how it behaves.
    me
     
  6. helpin

    helpin Guest

    i shut naviscope off completely when i realized all pages requested go through naviscope first. i don't trust anyone with my surfing habits. it's not just a ping, they have to get your page for you and direct it back. i don't think most naviscope users realize that. it's all done quickly, but it's not anything i want to do with. now with this - i really don't trust them.
     
  7. zappa

    zappa Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    176
    Location:
    Los Angeles, Ca.
    I just uninstaleed Naviscope and right after I hit, and hard, "remove" it tried to set something new in my startup.

    Not.
     
  8. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    was it in one of the "runonce" keys? If so, that is just to delete locked files at the next reboot. The added key will be removed after it is run once (coincedental eh) If all that is true, no worries. If it is something else then maybe concern is necessary.
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I thought that was the program, reporting back to NaviscopeHQ "Help! he's un-installing mEEEEEEEEEEEE..."

    Pete :D
     
  10. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) Hi Pete and everybuddy! I am working on becoming proficient in Packet Sniffing and Text Editing. Never done it before. This is how I have learned how to do stuff all my life. Jump in with both feet and never mind the rocks! I got Sniff 'em and NoteTab. Will put 'em to work on Naviscope. I have blocked the addresses as suggested by root. I suppose I'll have to unblock them to do the sniffing. Will keep you apprised. :D
     
  11. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Good show! keep us up to date. Packet sniffing can get boring after 1000 packets or so. Try to stay enthusiastic!
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    P_S - Thank you! Pete
     
  13. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :D I got about halfway through the config in about four hours with Sniff 'em! Aye! Joomp in wit' bot' feet! Aye! It's beginning to make sense now. Thought I'd provide the download link for it here. It appears you may not need a text editor with this program.

    http://www.sniff-em.com/

    or

    http://www.sniff-em.com/download.shtml

    The trial period is 100 days for the Outgoing Packets only version. It's 30 days for the full duplex. It is a pretty comprehensive, well-thoughtout app! ;)
     
  14. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :rolleyes: New problem! I believe that my ZA firewall is blocking the Packet Sniffer. It's no go. I suppose I'll have to turn it off but I'm reluctant to do that. There's no entry on the Programs Box. Now what? Suggestions are solicited.
     
  15. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :D It's not the firewall. Tried turning it off. Back to the Config Lists. :D
     
  16. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    PS,

    Keep going ;) You'll get to it in the end. And keep us posted :cool:.

    regards,

    paul
     
  17. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) Thank you Paul, sincerely, for the encouragement. I'll keep at it. In the deep past when I played Rugger (soccer with no rules) my team had a sure fire way to score. I grabbed the ball and no one could ever take it away from me. They just carried me over to the goal. Score! Course I had the crap kicked out of me but we rarely ever lost a match.

    I did some checking at D-Shield on the addresses given at the beginning of this topic. It adds an extra confirmation and reveals that one of the addresses (for RIPE) may be okay.

    IP Address: 216.157.91.36 (The address for Naviscope's messages.)
    HostName: northeasthomes.com
    DShield Profile:
    Country:   US   
    Contact E-mail:   arin-swip@maxim.net   
    Total Records against IP:   23   
    Number of targets:   16   
    Date Range:   2002-07-04 to 2002-07-04
       
    Whois:
    Web2010 Inc (NETBLK-WEB2010-BLK-1)
    20 Park Ave Suite B
    Apopka, 32703
    US

    IP Address: 212.100.224.102
    HostName: ra1.ultsearch.com
    DShield Profile:
    Country:   US   
    Contact E-mail:   pfroutan@rackspace.com   
    Total Records against IP: none      
    Number of targets: none      
    Date Range:   to    

    Whois:
    % This is the RIPE Whois server.
    % The objects are in RPSL format.
    % Please visit http://www.ripe.net/rpsl for more information.
    % Rights restricted by copyright.
    % See http://www.ripe.net/ripencc/pub-services/db/copyright.html

    inetnum: 212.100.224.0 - 212.100.231.255
    netname: RSPC-UK-NET-1
    descr: Rackspace.com
    descr: Outsourced Server Provider
    descr: Berkshire, UK
    country: US
    admin-c: SB9442-RIPE
    tech-c: PF3772-RIPE
    status: ASSIGNED PA
    notify: hostmaster@rackspace.com
    mnt-by: RIPE-NCC-NONE-MNT
    changed: hostmaster@ripe.net 20000524 source: RIPE


    IP Address: 202.84.198.59 HostName: 202.84.198.59
    DShield Profile:
    Country:   HK   
    Contact E-mail:   noc@hkt.net   
    Total Records against IP: none      
    Number of targets: none      
    Date Range:   to    

    Whois:

    % How to use the APNIC Whois Database www.apnic.net/db/
    % Upgrade to Whois v3 on 20 August 2002 www.apnic.net/whois-v3
    % Whois data copyright terms www.apnic.net/db/dbcopyright.html

    inetnum: 202.84.198.0 - 202.84.198.255
    netname: PINGAN-HK
    descr: Pingan.com Ltd
    descr: Rm 1302, CRC Protective Tower,
    descr: 38 Gloucester Rd,
    descr: Wanchai
    country: HK
    admin-c: PHNO1-AP
    tech-c: PHNO1-AP
    rev-srv: ns2.hkt.net
    rev-srv: ns1.hkt.net
    notify: dbmon@apnic.net
    mnt-by: MAINT-HKT
    changed: hostmaster@apnic.net 20010109
    source: APNIC

    role: PCCW HKT Network Operation Center
    address: 2/F Telecom House,
    address: 3 Gloucester Rd., Wanchai, Hong Kong.
    phone: +852-2888-2887
    fax-no: +852-2519-7233
    e-mail: noc@hkt.net
    admin-c: CN98-AP
    tech-c: CC318-AP
    tech-c: RK48-AP
    tech-c: NH28-AP
    nic-hdl: PHNO1-AP
    notify: carmenc@hkt.net
    mnt-by: MAINT-HKT
    changed: carmenc@hkt.net 20010109
    source: APNIC

    The address of 216.157.91.36 has not shown up in my ZoneLogs. I was wondering if ZA might block it, as an outgoing message??
     
  18. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hi, P_S!

    If you're running ZAP, you may be able to do that if you have super-configured ZAP in that respect - otherwise, if you simply have NS in there as an allowed app, it's just going to communicate since it has permission.

    Have you put anything in the 'Components' tab for your ZA regarding NS? (Don't use ZA-anything here, so I can't help you with that part, sorry). Pete
     
  19. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    Hi spy1/Pete! I have my ZA (freeware version) set on medium security for Intranet and High for Internet. Naviscope is listening on Port 81. See below:

    The Medium Security setting has the same stuff except it allows local network access to Windows services and shares and the computer is visible to the local network. (If I put the Intranet on High, everything stops working. I cannot connect to anything, so it's on medium.) I've had programs try to use ports that are available but the firewall blocks them--even pings from my Ethernet Program to my ISP.

    I wanted so much to check out the Naviscope with a sniffer. I am having a problem getting through my D-link Router. I've tried 3 different sniffer apps, each giving zero captures. :rolleyes: Any ideas guys? Can TDS-3 do sniffing? It can get through. Thanks.
     
  20. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) I was getting hits on Port 6346 from gnutella-svc (for the IP assigned by my ISP), so I had to reconfigure my Enternet Program. It has a Packet Recording feature! I enabled it. I'll then analyse the results with my sniffers. Will keep you posted, but I can see this might take quite awhile.
     
  21. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hats off, PS ;) You don't give up that easily, don't you?

    We have all the patience in the world :cool:

    regards.

    paul
     
  22. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    www.ethereal.com has a fine sniffer for free. It doesn't need permission from your firewall to do what it needs to do. I used it all the time behind a router, makes no difference. It requires the feared "raw socket" libraries of winPcap to function. The link is on the Etheral site.

    PM me if you need help setting it up
     
  23. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) Thanks for the Link, UNICRON! It really is a big help. More than I expected; what I'd hoped. Right now I am in the process of downloading what I need. Do I need all the rpm's or only the latest one? They're all the same size so I figured it would be just the most recent one (otherwise there is a lot to download there). Do you have any tips for a basic starting setup? I'd appreciate them. Thanks. :D

    In case you need to know: Win98se Celeron, 128 Mb Ram (I need and will get more), 700 Mhz, 20 Gb HD (65% free).
     
  24. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    make sure you download the window binary. RPM's are not likely to be of value to you.

    http://prdownloads.sourceforge.net/ethereal/ethereal-setup-0.9.5.exe

    is all you should need from there.

    then get:

    http://winpcap.mirror.ethereal.com/install/bin/WinPcap_2_3.exe

    run those two and go.
     
  25. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) Thanks! Got 'em. Now I can go 'kick some ahss!' It said to delete any packet.dll's before loading the Ethereal + WinPcap. My DLS Program has a packetlog.dll. Can't get rid of it as it belongs to my ISP's app. Hope it will be okay. I'll keep you informed. :D

    Nice, clean and fast links there. Most pleasureable! Thanks again. :)
     
Loading...
Thread Status:
Not open for further replies.