Phant0m Sig

Discussion in 'privacy general' started by JacK, Aug 16, 2003.

Thread Status:
Not open for further replies.
  1. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    Some posters are scared by the nice Phant0m sig...

    ...of course as already stated each poster see its own IP and no way to see other IP's :-D

    Idem her if you click here :

    http://amg.sytes.net/panneau3.php?idpano=81630


    - Since Phant0m's sig has since been changed, I edited this post to include the "image" that Phant0m has in his sig when this thread was first started - LWM
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    This is a good opportunity for everyone to learn a little bit about how such things are done, and to see just what your browser is capable of.

    The information contained in this type of browser display object is only being rendered (resolved and displayed) locally on your system within your own browser session. These objects are customized to each different person / system that views them because of how they are coded, but you might do best to think of them as a type of trick, if you will. (Though they certainly use perfectly valid browser functions, since most people rarely see them displayed like this, it's easier to think of them as tricks more than anything else.)

    If the information displayed in these objects is correct for your system, and it will be for most people, then what you need to understand is that this information is already within your own browser. Your browser has access to this information, which is perfectly normal, and it is merely displaying it in just some cute graphical form.

    Here is yet another of these browser display objects (you need to click this one to see it):

    http://www.auditmypc.com/myinfo.asp?t=nolk

    When you click on the above link, you'll get the same information as the others just in a different looking object. But, it works exactly the same way as the ones above.

    Note: If I wanted that image to actually display for everyone automatically in this post, I'd have put it into img tags instead of url tags.

    All this is to say that this really isn't a security problem. But, it might be worth discussing in more detail, here in this thread, how these things work to dispel any fears that people have.
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    One other piece of information that is displayed when you use Jack's and LWM's links is the users Host Name in addition to their IP. The host name is basically a reverse dns of the IP.

    Users should be aware that some ISP's assign unique rdns info to user accounts and as such is something that is unique to them even if their IP changes.

    Steve Gibson demonstrates and discusses this on his ShieldsUp! site.

    There has also been a previous discussion on this issue here:
    https://www.wilderssecurity.com/showthread.php?t=9303

    Regards,

    CrazyM
     
  5. Amerk_5

    Amerk_5 Registered Member

    Joined:
    May 22, 2003
    Posts:
    78
    Location:
    Dansville, NY
    Last edited by a moderator: Feb 19, 2005
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Ah yes, I've seen that BrowserSpy page before... Nice addition, thanks Amerk! :cool:

    All these pages, whether we're talking about the lengthy and detailed tabular informational pages like BrowserSpy, or these little graphical gimmicks, do what they do simply by displaying the information contained in a simple set of variables that most browsers support and provide freely to the web servers they contact.

    Of course, as might be expected, Internet Explorer provides more information than most other browsers, if you don't secure it beyond the defaults. ;)

    In any case, it's good for people to realize that their browsers have this information available and that these are not hacker tricks or exploits on their systems. It's all a part of normal World Wide Web use. There are some tools and services available to suppress or redirect some of this information, but people need to decide for themselves if it's worth doing.

    What can you do?

    You can not block your IP address, or its reverse DNS based host name (if your ISP supports this function), simply by running local software on your PC. Your IP address is part of every data packet sent from or to your PC, and it must be known to the sites and servers you connect to if you expect to get any data packets, webpages, email messages, etc. sent back to you.

    You see, your IP address is your end of a two way communication link. If you don't give the other site or server you communicate with your address, it can not reply to your connection. Period.

    Now, the only way to keep your IP address secret from a particular site you visit is to trust some other third party site to proxy your connection for you. If you use a good anonymous proxy server, and have it relay all your communications on your behalf, then a specific site you visit (through that proxy) will think your PC is at the IP address of the proxy server and not your real public IP address.

    Sounds good right? Well, guess what this involves... First, you must trust the proxy server site if you are going to do this. Since they must send back to your system all packets they are proxying for you, they must know your IP address. (Okay, so why exactly should we trust the proxy site instead of some other site we are visiting?) Secondly, good, stable, well-performing and free anonymous proxy sites are not easy to find. There are some pay services you could subscribe to if you are really concerned about this.

    Want to know more about anonymous proxy servers, just search for that term at Google. Also, here is an old thread here at Wilders about proxy usage.

    As for the other displayed information; i.e. your browser type, operating system, and other variables not seen above like referring webpage, etc.; well there are many privacy & security tools that will filter a lot of this information for you. Local proxy tools like Proxo or AdSubtract Pro, and many of the current personal software firewalls, will block several of these data elements. Again, if you really think these are necessary, search the Privacy forums here or on Google for local proxy and filtering tools.

    As to what I think, well, I use Internet Explorer v6.0 on Windows XP Home, and I do not use a remote proxy server or any local filtering applications. My browser, OS, referrer, IP address, etc. all flow freely like most web users, and I don't really think it's worth worrying about.

    But, people's opinions will vary on this. ;)
     
  7. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Hmm all these things think I have Mozilla instead of IE6 for somereason - and the browserspy thing could tell me most stuff but it could not find my hard drives or my cd drives... They are neat little things to poke around in though. Lotsa javascript errors when it tried to find my cd drives.
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I don't know how to get that "gemal".. site to test, i only see explanation what is should all be? Or should i lower all my security allow cookies and banners and popups and animations and must i add it to the trusted zone and lower more security before i get any output on screen?
    All the others do fine.
     
  9. Amerk_5

    Amerk_5 Registered Member

    Joined:
    May 22, 2003
    Posts:
    78
    Location:
    Dansville, NY
    All the IE user agent's start out with Mozilla. Here's a link I found that explains it. http://hotwired.lycos.com/webmonkey/99/02/index2a_page4.html?tw=authoring
     
  10. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    hm well that makes sense about Mozilla then but I figured it would eventually find IE6 - and it said IE undetectedo_O
     
  11. controler

    controler Guest

    Phant0m's Sig displaying IP addresses...

    Phamtom

    Whya re you posting IP addys here? Not many will think that is funny
    I thought they only did that on the Linux forum
    when has displaying members IP addys been accepted here at Wilders?

    con


    - Please note that this post and all below were moved here from a different thread, which is why the "subject lines" are different, and why the question and answers link back on to this thread - LWM ;)
     
  12. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re:Trojan Remover v6.0.4 Signatures *Update*

    OMG how you do that lol that looks like my temporary ip adress will one of them lol

    you better put that pick a way paul would most likely band you

    paul dont normaly band people but thats a hanging offinse right there lol

    by the way how did you do that all my security is maxed out

    including ie settings

    is it some kinda of a trick
     
  13. controler

    controler Guest

    Re:Trojan Remover v6.0.4 Signatures *Update*

    This person appears to be promoting this site?

    http://www.danasoft.com/
     
  14. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Re:Trojan Remover v6.0.4 Signatures *Update*

    The image your browser loads is actually script that loads first then imbeds it into an graphic, when browse the topics on forums your browser loads up all images available, in doing so you make direct connection to the server which automatically gives your real IP Informatics but not only that but the browser itself contains tags which retrievable by websites to fetch your IP Address.

    The image only show the IP Address of the current viewer, your IP address isn’t being seen by others as others sees their own IP Addresses too…

    Regards,
     
  15. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re:Trojan Remover v6.0.4 Signatures *Update*

    THATS PERTY COOL BUT WHY DOES MY FIRE WALL KEEP GOING OFF RIGHT NOW AFTER VIEWING THAT COOL PICK SAYS DOES NOT PLAY WELL WITH OTHERS MY FIREWALL IS GOING CRAZY

    damn caps lol

    keep geting packets from same adress so far 86 alerts
     
  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Re:Trojan Remover v6.0.4 Signatures *Update*


    Incoming or Outgoings?
     
  17. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re:Trojan Remover v6.0.4 Signatures *Update*

    so is there anyway to stop that i thought between hta sop worm gaurd and another million protection softwares runing in the background id be safe

    do i need to reconfig something?

    this difinitly has raisd my attintion maybe im not as secure as i thought i was
     
  18. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re:Trojan Remover v6.0.4 Signatures *Update*

    loooks like incomeing packets

    there all being blocked

    but still kinda anoying

    this is actualy kinda good with that pic thing maybe you can teach us how to stop something like that =)
     
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Re:Trojan Remover v6.0.4 Signatures *Update*

    Hey Mr.Blaze

    Well, for starts you could disable Image Loading of Authorized web-sites... :p
     
  20. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Re:Trojan Remover v6.0.4 Signatures *Update*

    I’m not sure why you would be receiving Inbound Packets from that server, could you paste us a packet line showing the blocking from Source IP with Source/Destination ports and IP Protocol usage…?
     
  21. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re:phant0m's Sig displaying IP addresses...

    311 acess atempts from damn its the same 2 or 4 digits in front and the rest keep changeing

    i have zap and i think it sucks i cant save my alerts to text
     
  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Re:phant0m's Sig displaying IP addresses...

    Thing is if your browser is Internet Explorer you have so much Information that’s retrievable by the remote sites that it’s just unbelievable. Nothing much you can really do about this situation unless you prevent Image Loading which should normally stop any connections to the image servers, this being a Forum and all you got Images being hosted all-around and this being case one could easily setup a server on their box and post an Image on this Forum and when any VIEWER views the topic and they load the image one can easily monitor all it’s connections. And this being the case this could easily be taking into someone’s advantage, but if you have properly configured Software Firewall which blocks ALL remotely generated packets regardless if it’s over IP & Non-IP or Other IP Protocols, then I wouldn’t worry. Most anyone could do is Packet Flood your butt offline, in the process frying your modems…
     
  23. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Blaze -

    It seems unlikely that you are getting those packets from the site linked in Phant0m's signature. It's probably just some unrelated traffic. You'll find the full Zone Alarm log file in:

    c:\windows\internet logs\zalog.txt

    If you post some of the samples here, we can figure it out.

    Edit: It was determined that all the activity Blaze was seeing was related to the various new worms that are probing everyone's systems lately and not the above sig. See this thread for more on that.
     
  24. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    The full explanation of how Phant0m's signature works is explain in the first few replies on the first page of this thread.

    If you see your IP address in Phant0m's signature it is because your browser is doing it locally on your own system. You can think of it as a trick or a gimmick.
     
  25. museheart

    museheart Registered Member

    Joined:
    Jan 3, 2003
    Posts:
    87
    Location:
    USA
    Ummmmmmm. That is reassuring.
     
Thread Status:
Not open for further replies.