-
December 2nd, 2010, 05:37 AM
#1
Junior Member
ISP malicious behavior
Peace upon you every one,
lately i've notice while surfing the web that i'm getting the following url while accessing google
Code:
http://netsweeper.gizasystems.local:8080/webadmin/deny/index.php?dpid=49&dpruleid=56&cat=28&ttl=-200&groupname=default&policyname=default&username=-&userip=41.237.232.135&connectionip=1.0.0.127&nsphostname=netsweeper.gizasystems.local&protocol=nsef&dplanguage=-&url=http%3a%2f%2fwww.google.com.eg%2f
notice that the url have some fields attached like my ip :
userip=41.237.232.135
most of you knows that some web apps use the url to transmit data to/from clients and some would use to store high sensitive data like session id's.
any way i was thinking that my home page is changed or some malware is poisoning my DNS cash.
but later i found that it was a dominated phenomena here in Egypt other people reported the same thing
now if you look to the sub domain you will find that http://netsweeper.gizasystems.local:8080
gizasystem is a well known local co in monitoring and filtering
Zain Vodafone - SS7 Monitoring Solution
In a recent project, Giza Systems teamed upp with Zain Vodafone to implement the SS7 Monitoring Solution. The solution, which is being implemented for a joint venture between the Vodafone and Zain groups for the second mobile operator in Bahrain, will offer great benefits for the companies to improve their network efficiency. Giza Systems has already successfully completed the first phase of the project.
Telecom Egypt – SS7 Monitoring System
Giza Systems implemented Signaling System 7 (SS7) Monitoring System which was in this case integrated with the Revenue Assurance system provided to Telecom Egypt,. SS7 Monitoring feeds the Revenue Assurance System with Call Detail Records (CDRs) to be reconciled with the CDRs collected through the switch. SS7 monitors the links between Telecom Egypt network and the Mobile, International and Intelligent Network (IN) operators. This system provides Telecom Egypt with Quality of Service (QoS) reports about its interconnect traffic with other operators.
any way some people was saying that the government is trying to Monitor the local intranet not "block" but to know the content.
i've changed my DNS ip to google open dns and since then i didn't get the url that i got before.
i wana talk with you people about that what it could be and are they really up to something???
Decode the following to 8-Bit ASCII : 01001001 01110011 01101100 01100001 01101101 00100000 01101001 01110011 00100000 01110100 01101000 01100101 00100000 01110011 01101111 01101100 01110101 01110100 01101001 01101111 01101110
[SIGPIC] http://www.opensuse.org/en/[/SIGPIC]
-
December 3rd, 2010, 11:32 PM
#2
Netsweeper is a content filter:
http://www.netsweeper.com/
I am sure that your ISP could provide the government with all of the info it needs, without having to resort to netsweeper. I am wondering if they are using it more for censorship than monitoring.
01001010 01100101 01110011 01110101 01110011 00100000 01101001 01110011 00100000 01110100 01101000 01100101 00100000 01110011 01101111 01101100 01110101 01110100 01101001 01101111 01101110
Last edited by westin; December 3rd, 2010 at 11:34 PM.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
December 4th, 2010, 12:47 AM
#3
Junior Member
Decode the following to 8-Bit ASCII : 01001001 01110011 01101100 01100001 01101101 00100000 01101001 01110011 00100000 01110100 01101000 01100101 00100000 01110011 01101111 01101100 01110101 01110100 01101001 01101111 01101110
[SIGPIC] http://www.opensuse.org/en/[/SIGPIC]
-
December 4th, 2010, 04:18 AM
#4
This is the link you provided:
http://netsweeper.gizasystems.local:8080/webadmin/deny/index.php?dpid=49&dpruleid=56&cat=28&ttl=-200&groupname=default&policyname=default&username=-&userip=41.237.232.135&connectionip=1.0.0.127&nsphostname=netsweeper.gizasystems.local&protocol=nsef&dplanguage=-&url=http%3a%2f%2fwww.google.com.eg%2f
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
December 5th, 2010, 07:09 AM
#5
there are proxy's highly encryption algorithm.....etc
being a data transport doesn't mean you can know every thing
They will know enough!!!..............you are drawing attention to yourself?
Also, the instructions you send to a proxy have to go through your ISP first?
And encryption will only work if the recipient has the key?
Be careful my friend.............Egypt is a secular democracy in an area not noted for that sort of thing....................
-
December 6th, 2010, 03:55 AM
#6
"http://netsweeper.gizasystems.local:8080/webadmin/deny/index.php?dpid=49&dp...."?
That looks like a proxy server in itself. Proxies are a common way to filter content.
You might look at a commercial VPN service. Not sure what's available in your parts,
but a VPN would definitely circumvent your ISP's proxy.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
December 7th, 2010, 11:50 PM
#7
Isn't dot local an automatically configured domain name for your
own machine/lan? This would suggest that it is an interprocess
communication with a proxy installed on your own computer.
I came in to the world with nothing. I still have most of it.
Similar Threads
-
By The Grunt in forum AntiOnline's General Chit Chat
Replies: 4
Last Post: March 5th, 2005, 08:36 PM
-
By ShagDevil in forum Wireless Security
Replies: 23
Last Post: January 28th, 2005, 05:10 PM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By s0nIc in forum AntiVirus Discussions
Replies: 9
Last Post: February 26th, 2002, 01:31 AM
-
By SilentTone in forum Non-Security Archives
Replies: 15
Last Post: December 30th, 2001, 10:19 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|