Someone at WTS hacking me?

by Amazing 31 Replies latest jw friends

  • Jourles
    Jourles

    So which ports were sniffed? That alone could tell you what they were looking for.

    SF: I'm not sure where that IP resolution came from for guardtower.com, because I get 209.247.118.25, which does not have any services running as of yet.

  • Wendy
    Wendy

    It happened again. And all I was doing was attempting to watch their videos

    The firewall has blocked Internet access to your computer (UDP Port 6970) from www.watchtower.org (130.94.149.224) (UDP Port 22854).

    I am writing this post here, so those who already paranoid, are not more paranoid when this happens to your computer. I am sooo computer illiterate that I also was shocked when it happened to me the first time. I went running to JanH and asked 100 questions Of course I hated to be a leach so I did some internet research as well concerning ports and uses etc. The above example will set off an alarm, but it a normal procedure in order for you to watch videos on their site, there is some computer mumble jumbo involved others can explain better than I. The trick is they attempted to open a UDP port, not a TCP port. Can anyone else explaion this better? It is really harmless, I suggest that ALL of you with firewalls try this. I just ask that you record the port numbers for future reference. I have a theory I am working on haha.

    wendy

  • Nowhere
    Nowhere

    The trick is they attempted to open a UDP port, not a TCP port. Can anyone else explaion this better?

    In my opinion, that is not very strange.

    UDP (User Datagram Protocol), is a member in the TCP/IP protocol suite (defined by Postel RCF 768).

    UDP adds a mechanism that distinguishes among destinations within a given host, allowing multiple application programs executing on a given computer to send and receive datagrams independently. In multitasking systems (windows) a process is the ultimate destination for a message. But, because processes are created and destroyed dynamically, senders seldom know enough to identify a process on another machine. And we would like to be able to replace processes that receive that datagrams without informing the sender. Third, we need to identify destinations from functions they implement without knowing the process that implements the function.

    Therefor, instead of thinking of a process as the ultimate destination, we will imagine that each machine contains a set of abstract destinations points, called protocol ports.

    The sender needs to know both the IP address of the destination machine and the protocol number of the destination within that machine.

    UDP uses IP to transport messages between machines. IP carries the message, and UDP adds ability to distinguish among multiple destinations within a given host computer.

    TCP adds even more functionality to the UDP, and in implementation, TCP is also substantially more complex.

    UDP is used by many programs where reliable stream service isn't needed (which is implemented in TCP)

    You asked about port 6970, well see for youself:

    6970-7170

    udp Real Audio (inclusive) for incoming traffic only

    Main point is, don't worry! Firewalls often gives false alerts.

  • Wendy
    Wendy

    Nowhere

    Thank you! That was why I posted that. It is really a neccessary process and the "hacking" may be a wrong term. I wanted everyone who was worried to actually try it though, to show that some firewalls will alert you. I don't have my firewall activity screen up, so I don't always know when it has been triggered. I also have a list of port numbers and this helps to answer what the alerts are regarding. 1214 and 1433 are always hit and sometimes I have more than 200 just for those ports lol

    The reason I didn't want to mention anything publicly is because if there are monitors here, they would be very interested in a thread with this title. But I also feel compelled to help those who may be worried needlessly. As for the email from Joel Gott, that is a whole different thing. That is why I suggested Amazing contact him. Have I confused anyone yet? lol

    Happy hunting all

    wendy(learning more and more everday)

  • Amazing
    Amazing

    Nowhere: Thanks for the clarification. Very interesting and helpful comments.

    Wendy: I am glad you addressed this, and that your comments resulted in "Nowhere" providing some answers. I hope the following will also help everyone know what happened to me. You noted,

    It is really a neccessary process and the "hacking" may be a wrong term.

    My system Alarm tells me several things:

    First, I have constructed rules, some are automatic and some I chose specific to certain needs, that allow certain activities on the Net without tripping alarms. Were I not to do this, everytime I posted on JWD I would get an alarm.

    Second, the alarms happen, not when I am visiting a site, but when someone at another location attempts to hack into my system. Although I have rules for blocking Trojans, worms, viruses, etc., I do not have these alarmed, otherwise, I would be clearing alarms all day long. I generally get unwanted hits about 200 to 500 times per day.

    Third, I only get alarms when hacking attempts are made. I can go two or three days with NO hacking attempts. Then when they do happen, they are incidents that are merely coincidental, and will happen once or twice, or maybe three times. Then, once in a while, I get multiple hits in a 20 to 30 minute period, and as many as 20 to 30 hacking attempts by the same party ... THAT indicates that the hacker is not a random coincidence, but is targeting my system for some specific reason.

    Fourth, I was not doing anything on the Watchtower site. I did earlier scan their jw-media.org to scan for any news articles related to Dateline. I accessed the JW-media site via a "link" on the "Watchtower.org" site. The attack came from "Watchtowr.net" ... an important distinction. None of this would cause any echo or feedback that would have triggered a hacking notice. My constructed rules allow me to visit any Internet site without any alarm. Later on, after I left their media site, the hacking alarm started and was repeated. When I ran the trace, it showed 26 events involving my PC ... during a very short period of time. So, my inclination is to believe that it is more likely than not that someone connected with them was attempting to get into my system. BUT ... I don't know that for a fact, and that is why my post was stated in question form. Only when I get a hacking alarm do I ever see the IP number, and then can instruct a trace program to find the source. I did not know the Watchtower IP until this alarm happened. Not did I know that in addition to Watchtower.org that there was a Watchtower.net. I shared it in case other people get an alarm with this IP, but do not have tracing capability ... at least they will know if the IP they get is the WTS or not.

    I very much appreciate your caution to everyone to not get paranoid. My reporting this on JWD could be taken incorrectly and cause some to get overly concerned. That was not my goal. I have been warned in the past by active JWs, ex-JWs, and never-JWs to be careful regarding the Watchtower Society. Because of certain events in my past that commenced during my exit process, I was advised to keep a low profile, keeping my identity and location a secret ... but in recent months, I have finally relaxed on this and come out into the open.

    ... while I don't want to cause undue concern, I do have some reason to believe that the WTS could have me hacked, though I have no proof other than the recent alarm.

    SYN: My Firewall stated that a hacking attempt was made on an unused port. I will check tomorrow in the event log and see what ports it noted. That is all I have at the moment.

    Edited by - Amazing on 23 June 2002 14:57:36

  • sf
    sf

    1997 post from Usenet:

    http://groups.google.com/groups?q=+%22joel+gott%22&hl=en&as_qdr=all&selm=rnewman-ya02408000R1004971050490001%40snews2.zippo.com&rnum=1

    Search Result 1
    From: Ron Newman ([email protected])
    Subject: [email protected] is a forgery - confirmation
    Newsgroups: ne.transportation, misc.transport.urban-transit, alt.planning.urban
    View: (This is the only article in this thread) | Original Format
    Date: 1997/04/10

    I hope we can now close the book on this sorry troller. Once again, I offer my deepest apologies to the Jehovah's Witnesses and to watchtower.org for my intemperate words over the last few days. ------------------- Received: from watchtower.org (www.watchtower.org [192.41.19.137]) by kalypso.cybercom.net (8.8.5/8.8.5) with ESMTP id KAA16436 for < [email protected]>; Thu, 10 Apr 1997 10:34:53 -0400 (EDT) Received: from JGOTT by watchtower.org; Thu, 10 Apr 1997 08:36:24 -0600 (MDT) Message-Id: < [email protected]> Comments: Authenticated sender is < [email protected]> From: "Joel Gott" < [email protected]> Organization: WTBTS Communications To: [email protected] Date: Thu, 10 Apr 1997 10:34:57 -0500 Subject: Re: Is Daniel Cameron < [email protected]> for real? Reply-to: [email protected] CC: [email protected] On 9 Apr 97 at 17:32, Ron Newman wrote: > Subject: Is Daniel Cameron < [email protected]> for real? > I'm trying to write to this guy, but my mail is being returned. Can > you tell me if he has a real account at watchtower.org? Dear Mr. Newman, Thank you for your inquiry regarding Daniel Cameron. Mr. Cameron is not a member of the Watchtower Bible & Tract Society. His email address in the newsgroup posting is fraudulent. Thank you for taking the time to check the validity of this person. Joel Gott Watchtower Bible & Tract Society -- Ron Newman [email protected] Web: http://www.cybercom.net/~rnewman/home.html

    Edited by - Simon on 23 June 2002 18:18:51

  • Amazing
    Amazing

    Just a Highlight: The difference, as I noted above in my previous post reply, is that the main Watchtower web site is "Watchtower.org," whereas, the hack attempt I received came from "Watchtower.net," a site that I have "never" visited. Both the "Watchtower.net " and "Watchtower.org" sites are legitimate addresses.

  • sf
    sf

    Good morning Amazing,

    Click this on:

    www.watchtower.net

    It will RE-DIRECT you to watchtower.org.

    It is the SAME site.

    I also noticed your story on the top of Randy's 'topics' section on www.freeminds.org front page...

    (HI TEDDY!! He really is 'simply amazing'. We love him. And we KNOW you don't...thus your obsession with his "JUSTICE FILES". You better load up oN the 'Depends Diapers' JACKEROFF JARACZ, cause SHIT IS ABOUT TO HIT YOU SQUARE IN THE FACE, which will cause the shit in you to stir and LEAK OUT. Awake! you bastUrd!!...(sKally starts humming lynard skynards 'oooooo ooo that SMELL, cantcha smell THAT SMELL...the SMELL OF DEATH SURROUNDS YOU'))

    {{{{hugs Amazing}}}}

    sKally

  • teenyuck
    teenyuck

    I have been getting over 100 e-mails for the last few days, only from people on this board. I recognize all the names and e-mail addresses.

    I am deleting them without opening.

    Why is this happening? I don't want to lock anyone out, however, this is a pain.

    Any ideas?

  • Southland
    Southland

    Puffsrule,

    Most likely you are getting klez virus-infected emails from these people.

Share this

Google+
Pinterest
Reddit