Who's Been Sleeping in My Bed?
December 5, 2012 7:10 AM Subscribe
I installed PeerBlock recently, and am amazed how much it is blocking. Who are these guys, how did they get in my computer, and what can I do about it?
The list includes, but is not limited to:
The list includes, but is not limited to:
- IPredator VPN
- Sony Network Taiwan
- Trident Mediaguard
- Chunghwa Telecom
- DTAPS Copenhagen
- Savvis
- WINSTAR
- OVH SAS
- Evidenzia GmbH
- China Daqing of Technology Network
- Detected AP2P on True Internet
- Detected AP2P on Smart Broadband
Security Essentials efficacy may have waned. It was the only AV to fail a recent independent test.
Get MalwareBytes, scan regularly.
HijackThis is another good free option for tracking changes to your computer.
... anyway, there are tons of software and Windows solutions in response to "what can I do about it" but I'll let someone more informed take it.
I'd guess most of those Chinese publishers are bs security software or some sort of foistware, but I'm not familiar with most of them. The Sony thing is clearly from one of their bullshit DVDs or Cds or games, I guess.
posted by mrgrimm at 7:21 AM on December 5, 2012 [1 favorite]
Get MalwareBytes, scan regularly.
HijackThis is another good free option for tracking changes to your computer.
... anyway, there are tons of software and Windows solutions in response to "what can I do about it" but I'll let someone more informed take it.
I'd guess most of those Chinese publishers are bs security software or some sort of foistware, but I'm not familiar with most of them. The Sony thing is clearly from one of their bullshit DVDs or Cds or games, I guess.
posted by mrgrimm at 7:21 AM on December 5, 2012 [1 favorite]
PeerBlock comes from the torrent world and was conceived as a way to torrent without the "bad guys" seeing you, the "bad guys" being media and government entities that could potentially sue or prosecute you for downloading/uploading illegal content. As a result it has a kitchen sink approach to blocking. If it even has a whiff of being "bad" it gets tossed in. Hence Halliburton and even totally innocuous stuff like Savvis, which is a backbone Internet provider.
As for why you're connecting to these, either you're running a torrent program or your computer is infected as part of a botnet or something and connecting to a LOT of IPs around the world.
posted by zsazsa at 7:43 AM on December 5, 2012 [2 favorites]
As for why you're connecting to these, either you're running a torrent program or your computer is infected as part of a botnet or something and connecting to a LOT of IPs around the world.
posted by zsazsa at 7:43 AM on December 5, 2012 [2 favorites]
Response by poster: Yes, running a torrent. —whistles innocently—
posted by ubiquity at 7:51 AM on December 5, 2012 [1 favorite]
posted by ubiquity at 7:51 AM on December 5, 2012 [1 favorite]
Who are these guys, how did they get in my computer, and what can I do about it?
They are not "in" your computer; someone using their network is attempting to connect to you/your torrent program. You are already doing the thing you can be doing about it; blocking their attempts to connect. However, some of the ones you listed, e.g. ipredator are probably nonthreatening.
posted by beerbajay at 7:54 AM on December 5, 2012 [7 favorites]
They are not "in" your computer; someone using their network is attempting to connect to you/your torrent program. You are already doing the thing you can be doing about it; blocking their attempts to connect. However, some of the ones you listed, e.g. ipredator are probably nonthreatening.
posted by beerbajay at 7:54 AM on December 5, 2012 [7 favorites]
If you're running a torrent, you're setting your computer to potentially connect to any other computer on the network that requests the same files that you do. Trident Mediaguard and Evidenzia are a concern, they certainly don't have your interests in mind. Chunghwa Telecom is just an ISP and probably harmless. Same with Sarvvis.
My recommendation is to kill the torrent and see what connections you're making without it. That will narrow down things to see if your computer is infected with some malware.
posted by demiurge at 8:07 AM on December 5, 2012
My recommendation is to kill the torrent and see what connections you're making without it. That will narrow down things to see if your computer is infected with some malware.
posted by demiurge at 8:07 AM on December 5, 2012
Who are these guys
It can be pretty much anyone. The blacklists for PeerBlock and similar programs are notoriously inaccurate. The idea is to block any sort of organization that is trying to disrupt or monitor your P2P sharing, but since the blacklist relies mainly on guesswork you will get a lot of false positives and false negatives.
how did they get in my computer
When you download and seed a torrent on a public torrent tracker, anyone else on the internet can join the swarm for that torrent and interact with your computer. By default you will download from anyone who advertises having the file, and upload to anyone who wants the data you've downloaded. The main point of something like PeerBlock is to ensure that you don't accidentally upload data to an organization that is going to use that information against you in a lawsuit or complaint to your ISP. This does not really work though because in most cases those organizations are lazy and just count all of the IP addresses listed in the swarm as infringing without actually connecting to any of them (for example, in one research study they posted an IP address of a networked printer to a public tracker, which would of course never transferred any data and would block all BitTorrent traffic, and they still received dozens of infringement notices for that IP address). At any rate these blocked requests are almost certainly not doing anything to your computer.
what can I do about it?
If you don't want a lot of random people connecting to your computer, stop using public trackers. Although there will always be weird requests that you'll see (usually blocked by your firewall) that will be from things like port scans for open SSH servers and whatnot. It's called Internet Background Noise. In general if you have a virus scanner, a decent firewall, and up-to-date software, you're not at much risk. If you use public trackers for downloading copyrighted with your home IP address and don't want your ISP to get infringement notices you are pretty much SOL though, you're going to get caught by somebody at some point.
posted by burnmp3s at 8:37 AM on December 5, 2012 [7 favorites]
It can be pretty much anyone. The blacklists for PeerBlock and similar programs are notoriously inaccurate. The idea is to block any sort of organization that is trying to disrupt or monitor your P2P sharing, but since the blacklist relies mainly on guesswork you will get a lot of false positives and false negatives.
how did they get in my computer
When you download and seed a torrent on a public torrent tracker, anyone else on the internet can join the swarm for that torrent and interact with your computer. By default you will download from anyone who advertises having the file, and upload to anyone who wants the data you've downloaded. The main point of something like PeerBlock is to ensure that you don't accidentally upload data to an organization that is going to use that information against you in a lawsuit or complaint to your ISP. This does not really work though because in most cases those organizations are lazy and just count all of the IP addresses listed in the swarm as infringing without actually connecting to any of them (for example, in one research study they posted an IP address of a networked printer to a public tracker, which would of course never transferred any data and would block all BitTorrent traffic, and they still received dozens of infringement notices for that IP address). At any rate these blocked requests are almost certainly not doing anything to your computer.
what can I do about it?
If you don't want a lot of random people connecting to your computer, stop using public trackers. Although there will always be weird requests that you'll see (usually blocked by your firewall) that will be from things like port scans for open SSH servers and whatnot. It's called Internet Background Noise. In general if you have a virus scanner, a decent firewall, and up-to-date software, you're not at much risk. If you use public trackers for downloading copyrighted with your home IP address and don't want your ISP to get infringement notices you are pretty much SOL though, you're going to get caught by somebody at some point.
posted by burnmp3s at 8:37 AM on December 5, 2012 [7 favorites]
If you don't want a lot of random people connecting to your computer, stop using public trackers.
THIS. A million times over. Research private trackers to find one that you are interested in. Or better yet, go with Usenet.
posted by kuanes at 9:16 AM on December 5, 2012
THIS. A million times over. Research private trackers to find one that you are interested in. Or better yet, go with Usenet.
posted by kuanes at 9:16 AM on December 5, 2012
« Older How much extra safety would a crash helmet offer a... | Source of Mark Twain quotation Newer »
This thread is closed to new comments.
posted by ubiquity at 7:12 AM on December 5, 2012 [1 favorite]