Results 1 to 7 of 7

Thread: ISP malicious behavior

  1. #1
    Junior Member mostafaxx's Avatar
    Join Date
    Jul 2010
    Location
    Egypt-damanhour
    Posts
    15

    Talking ISP malicious behavior

    Peace upon you every one,

    lately i've notice while surfing the web that i'm getting the following url while accessing google

    Code:
    http://netsweeper.gizasystems.local:8080/webadmin/deny/index.php?dpid=49&dpruleid=56&cat=28&ttl=-200&groupname=default&policyname=default&username=-&userip=41.237.232.135&connectionip=1.0.0.127&nsphostname=netsweeper.gizasystems.local&protocol=nsef&dplanguage=-&url=http%3a%2f%2fwww.google.com.eg%2f
    notice that the url have some fields attached like my ip :

    userip=41.237.232.135
    most of you knows that some web apps use the url to transmit data to/from clients and some would use to store high sensitive data like session id's.

    any way i was thinking that my home page is changed or some malware is poisoning my DNS cash.

    but later i found that it was a dominated phenomena here in Egypt other people reported the same thing





    now if you look to the sub domain you will find that http://netsweeper.gizasystems.local:8080
    gizasystem is a well known local co in monitoring and filtering

    Zain Vodafone - SS7 Monitoring Solution

    In a recent project, Giza Systems teamed upp with Zain Vodafone to implement the SS7 Monitoring Solution. The solution, which is being implemented for a joint venture between the Vodafone and Zain groups for the second mobile operator in Bahrain, will offer great benefits for the companies to improve their network efficiency. Giza Systems has already successfully completed the first phase of the project.

    Telecom Egypt – SS7 Monitoring System

    Giza Systems implemented Signaling System 7 (SS7) Monitoring System which was in this case integrated with the Revenue Assurance system provided to Telecom Egypt,. SS7 Monitoring feeds the Revenue Assurance System with Call Detail Records (CDRs) to be reconciled with the CDRs collected through the switch. SS7 monitors the links between Telecom Egypt network and the Mobile, International and Intelligent Network (IN) operators. This system provides Telecom Egypt with Quality of Service (QoS) reports about its interconnect traffic with other operators.
    any way some people was saying that the government is trying to Monitor the local intranet not "block" but to know the content.

    i've changed my DNS ip to google open dns and since then i didn't get the url that i got before.

    i wana talk with you people about that what it could be and are they really up to something???
    Decode the following to 8-Bit ASCII : 01001001 01110011 01101100 01100001 01101101 00100000 01101001 01110011 00100000 01110100 01101000 01100101 00100000 01110011 01101111 01101100 01110101 01110100 01101001 01101111 01101110

    [SIGPIC]http://www.opensuse.org/en/[/SIGPIC]

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Netsweeper is a content filter:

    http://www.netsweeper.com/

    I am sure that your ISP could provide the government with all of the info it needs, without having to resort to netsweeper. I am wondering if they are using it more for censorship than monitoring.




    01001010 01100101 01110011 01110101 01110011 00100000 01101001 01110011 00100000 01110100 01101000 01100101 00100000 01110011 01101111 01101100 01110101 01110100 01101001 01101111 01101110
    Last edited by westin; December 3rd, 2010 at 11:34 PM.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    Junior Member mostafaxx's Avatar
    Join Date
    Jul 2010
    Location
    Egypt-damanhour
    Posts
    15
    all that **** about internet filtering/monitoring gives me a real bad "jinx" feeling

    so you mean that the system that is installed by my ISP is produced by this company http://www.netsweeper.com/
    or you just giving example??

    I am sure that your ISP could provide the government with all of the info it needs
    Hell No
    there are proxy's highly encryption algorithm.....etc
    being a data transport doesn't mean you can know every thing
    Decode the following to 8-Bit ASCII : 01001001 01110011 01101100 01100001 01101101 00100000 01101001 01110011 00100000 01110100 01101000 01100101 00100000 01110011 01101111 01101100 01110101 01110100 01101001 01101111 01101110

    [SIGPIC]http://www.opensuse.org/en/[/SIGPIC]

  4. #4
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    This is the link you provided:

    http://netsweeper.gizasystems.local:8080/webadmin/deny/index.php?dpid=49&dpruleid=56&cat=28&ttl=-200&groupname=default&policyname=default&username=-&userip=41.237.232.135&connectionip=1.0.0.127&nsphostname=netsweeper.gizasystems.local&protocol=nsef&dplanguage=-&url=http%3a%2f%2fwww.google.com.eg%2f
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    there are proxy's highly encryption algorithm.....etc
    being a data transport doesn't mean you can know every thing
    They will know enough!!!..............you are drawing attention to yourself?

    Also, the instructions you send to a proxy have to go through your ISP first?

    And encryption will only work if the recipient has the key?

    Be careful my friend.............Egypt is a secular democracy in an area not noted for that sort of thing....................


  6. #6
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    "http://netsweeper.gizasystems.local:8080/webadmin/deny/index.php?dpid=49&dp...."?

    That looks like a proxy server in itself. Proxies are a common way to filter content.

    You might look at a commercial VPN service. Not sure what's available in your parts,
    but a VPN would definitely circumvent your ISP's proxy.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  7. #7
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    Isn't dot local an automatically configured domain name for your
    own machine/lan? This would suggest that it is an interprocess
    communication with a proxy installed on your own computer.
    I came in to the world with nothing. I still have most of it.

Similar Threads

  1. Video Game Violence Interview
    By The Grunt in forum AntiOnline's General Chit Chat
    Replies: 4
    Last Post: March 5th, 2005, 08:36 PM
  2. Using "Hot Spots" for Malicious Activity
    By ShagDevil in forum Wireless Security
    Replies: 23
    Last Post: January 28th, 2005, 05:10 PM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  4. Malicious 'newsletter' virus hits users in Germany
    By s0nIc in forum AntiVirus Discussions
    Replies: 9
    Last Post: February 26th, 2002, 01:31 AM
  5. how to tell if your kid is a malicious hacker?????
    By SilentTone in forum Non-Security Archives
    Replies: 15
    Last Post: December 30th, 2001, 10:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •