If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
System Process network connection
I've just noticed something I've never seen before.
I posted a question in a network/web group, but it seems to be inactive so I thought I'd try he I've noticed in TCPView (sysinternals) that my firewall and HOSTS file are being bypassed by connections going through "System Process", typically ports approx. 1550-1700. The connections seem to be made by Pale Moon (Firefox) but are not even seen by the firewall. (Online Armor) Sample: [System Process]:0 TCP c2:1667 edge-star-shv-09-lga1.facebook.com:http TIME_WAIT Can anyone explain this? |
Ads |
#2
|
|||
|
|||
System Process network connection
Mayayana wrote:
I've just noticed something I've never seen before. I posted a question in a network/web group, but it seems to be inactive so I thought I'd try he I've noticed in TCPView (sysinternals) that my firewall and HOSTS file are being bypassed by connections going through "System Process", typically ports approx. 1550-1700. The connections seem to be made by Pale Moon (Firefox) but are not even seen by the firewall. (Online Armor) Sample: [System Process]:0 TCP c2:1667 edge-star-shv-09-lga1.facebook.com:http TIME_WAIT Can anyone explain this? http://forum.sysinternals.com/system...opic18712.html "This is a normal report for the TIME_WAIT state: "The TIME_WAIT state is a state that all the TCP connections enter into when the connection has been closed.". It's stopped being displayed against its original process, which might well have exited, and shows against PID 0." Is the originating process still running ? Or has it exited, with some connection info in the TCP tables now being inherited by process 0 ? Paul |
#3
|
|||
|
|||
System Process network connection
| http://forum.sysinternals.com/system...opic18712.html
| | "This is a normal report for the TIME_WAIT state: "The TIME_WAIT | state is a state that all the TCP connections enter into when the | connection has been closed.". It's stopped being displayed against | its original process, which might well have exited, and shows against PID 0." | | Is the originating process still running ? Or has it exited, with | some connection info in the TCP tables now being inherited by process 0 ? | Ah... Thanks. I'd never seen that before, but looking at the Acrylic DNS debug log I see that what they say seems to be true. Pale Moon didn't bypass the HOSTS file. It was stopped from going to specific domains, such as Akamai. It just looked like it was connected because the "system process" connection listed that URL. |
#4
|
|||
|
|||
System Process network connection
That all brings up another interesting detail:
I've tried to block Akamai because they host a great deal of content and I've read that they're now getting into the datamining business. But in many cases, it seems, there's no URL to an Akamai server in webpages. If I go to BBC News, for instance, Pale Moon ends up with numerous Akamai connections. The browser goes to bbc.co.uk, but that server somehow forwards the request to an Akamai server on their side. So there's apparently no way to stop back-end server tracking. |
#5
|
|||
|
|||
System Process network connection
Mayayana wrote:
That all brings up another interesting detail: I've tried to block Akamai because they host a great deal of content and I've read that they're now getting into the datamining business. But in many cases, it seems, there's no URL to an Akamai server in webpages. If I go to BBC News, for instance, Pale Moon ends up with numerous Akamai connections. The browser goes to bbc.co.uk, but that server somehow forwards the request to an Akamai server on their side. So there's apparently no way to stop back-end server tracking. Pale Moon is based on Firefox source. Firefox in turn, made a change to their design, to honor Internet Explorer security settings. It wasn't always that way, but it changed along the way. There may be an Internet Explorer security setting that prevents off-site redirections. Paul |
#6
|
|||
|
|||
System Process network connection
-- - "Paul" wrote in message ... | Mayayana wrote: | That all brings up another interesting detail: | I've tried to block Akamai because they host a | great deal of content and I've read that they're | now getting into the datamining business. But in | many cases, it seems, there's no URL to | an Akamai server in webpages. If I go to BBC News, | for instance, Pale Moon ends up with numerous | Akamai connections. The browser goes to bbc.co.uk, | but that server somehow forwards the request to | an Akamai server on their side. So there's apparently | no way to stop back-end server tracking. | | | Pale Moon is based on Firefox source. | | Firefox in turn, made a change to their design, to honor | Internet Explorer security settings. It wasn't always that | way, but it changed along the way. | | There may be an Internet Explorer security setting that prevents | off-site redirections. | It turns out there's a setting to control redirects. Unfortunately, a lot of things seem to break if it's set to zero. Redirects are apparently common. |
#7
|
|||
|
|||
System Process network connection
Mayayana wrote:
-- - "Paul" wrote in message ... Mayayana wrote: That all brings up another interesting detail: I've tried to block Akamai because they host a great deal of content and I've read that they're now getting into the datamining business. But in many cases, it seems, there's no URL to an Akamai server in webpages. If I go to BBC News, for instance, Pale Moon ends up with numerous Akamai connections. The browser goes to bbc.co.uk, but that server somehow forwards the request to an Akamai server on their side. So there's apparently no way to stop back-end server tracking. Pale Moon is based on Firefox source. Firefox in turn, made a change to their design, to honor Internet Explorer security settings. It wasn't always that way, but it changed along the way. There may be an Internet Explorer security setting that prevents off-site redirections. It turns out there's a setting to control redirects. Unfortunately, a lot of things seem to break if it's set to zero. Redirects are apparently common. Yet another sign of the times, I'm afraid. :-( And I think it's just going to get worse, and with increasing numbers of ads and adverts. It's kinda like TV, where you get about equal portions of ads and content these days. |
#8
|
|||
|
|||
System Process network connection
| Yet another sign of the times, I'm afraid. :-( And I think it's just
| going to get worse, and with increasing numbers of ads and adverts. It's | kinda like TV, where you get about equal portions of ads and content these | days. | Yes. I've been thinking of covering the bottom inches of my TV screen, as they've gradually been taken over by ads, previews and station identification. On the bright side, there's not much on TV that I want to see. But not being able to avoid Akamai is a different problem. It's like being forced to have cable TV. (Which thankfully I don't have.) In both cases, their business is basically to rent wires, but increasingly they're spying on the throughput to sell personal information. If Akamai delivers a large percentage of pages they become the ultimate tracker. Tracking from the likes of Google and Facebook can mostly be prevented, but tracking by Akamai only needs an IP address. Maybe we'll need to all use proxy services in order to stop the madness.... until we discover the proxy is selling IPs to Akamai in order to prevent having *their* IP blocked, and our history ends up in the hands of everyone from NSA to Proctor & Gamble, anyway. |
#9
|
|||
|
|||
System Process network connection
Mayayana wrote:
Yet another sign of the times, I'm afraid. :-( And I think it's just going to get worse, and with increasing numbers of ads and adverts. It's kinda like TV, where you get about equal portions of ads and content these days. Yes. I've been thinking of covering the bottom inches of my TV screen, as they've gradually been taken over by ads, previews and station identification. On the bright side, there's not much on TV that I want to see. But not being able to avoid Akamai is a different problem. It's like being forced to have cable TV. (Which thankfully I don't have.) In both cases, their business is basically to rent wires, but increasingly they're spying on the throughput to sell personal information. If Akamai delivers a large percentage of pages they become the ultimate tracker. Tracking from the likes of Google and Facebook can mostly be prevented, but tracking by Akamai only needs an IP address. But what exactly are they (or any of them for that matter) tracking? Just the sites we visit? I think you're saying they have access to our real personal information, but I'm not sure how - or what - they can get. Maybe we'll need to all use proxy services in order to stop the madness.... until we discover the proxy is selling IPs to Akamai in order to prevent having *their* IP blocked, and our history ends up in the hands of everyone from NSA to Proctor & Gamble, anyway. |
#10
|
|||
|
|||
System Process network connection
| But what exactly are they (or any of them for that matter) tracking?
Just | the sites we visit? I think you're saying they have access to our real | personal information, but I'm not sure how - or what - they can get. | They're tracking enough to be worth selling. There are repeated articles about that. There was one just the other day about phone metadata: http://webpolicy.org/2014/03/12/meta...hone-metadata/ That article's interesting in that it shows a number of examples of types of information that could be potentially problematic if exposed. There have also been articles and studies about how "anonymized" data can be easily de-anonymized. A well known example is he http://www.nytimes.com/2006/08/09/te...9aol.html?_r=0 (Note you'll have to allow the NYT to set a cookie and track you if you want to read the article.) Last week there was a 60 Minutes piece about selling dossiers of individuals. They're not talking about targetted ads using "anonymous" data. They're talking about knowing as much as possible about each individual, and selling that information to anyone who will pay for it. A number of large companies with names like Axciom are in the business of doing just that. Much of the tracking can be done via normal browser usage using web bugs, cookies, etc. You don't have to be logged into Google or Facebook. There are numerous 3rd-party connections on most commercial websites. If Google/Doubleclick has an ad on each site you visit, for instance, they can track you everywhere you go. Akamai can do the same thing by tracking IP addresses, even if you disable cookies, script and 3rd-party ads. The whole point of computers is to organize, manage and work with data easily. There's no such thing as anonymized data. There's just a growing body of collected facts being organized by companies and governments to know as much as possible about peoples' activities. Comcast actually applied for a patent some time ago for a mechanism to watch people watching TV, via their cable box, in order to better target ads. It goes on and on.... The information is out there for anyone concerned, but I think most people hold your view that it's not worth getting worked up about. |
#11
|
|||
|
|||
System Process network connection
Speak of the devil...
I just came across another interesting one. An interview with a woman who's written a book about increasing spying. http://www.alternet.org/civil-libert...current_page=1 One thing I hadn't really been aware of myself is that a lot of sites are actually set up with a datamining business model, with themes to draw people in to share information -- parents support, sharing medical experiences (the first example in the linked article), etc. |
Thread Tools | |
Display Modes | |
|
|