Tag Archives: pwn

Web Security

12 Saturday Feb 2011

Posted by in cyber war, Geek Horror

5 Comments

Tags

, , , , , ,

This was annoying.  I received an abuse letter (email) from Comcast, my ISP, last night.  For copyright infringement related to the illegal file sharing of some inane Kanye West song.  I’ve appended their email to the end of this blog.  The first thought that ran through my mind was, “Really, I have a Kanye West song?”  So my first action was to query my iTunes library of over 5000 songs and sure enough, I have exactly one Kanye West song – Gold Digger featuring Jamie Foxx.

I immediately suspected my tenants since they’re fairly young.  Although I knew it could also have been from Brittany – she always brings her MacBook whenever she comes home from college.  I doubt I could prove the source of the Gnutella file sharing.  I turned off my web filtering half a year ago when I was trying to install Lo-Jack on Brittany’s new laptop.  It required some call home function that my firewall was blocking.  Unless I’m specifically blocking something, my firewall won’t log the traffic.  It can, but I didn’t have it configured to do that either.  So the Kanye West download could have been from any computer in my house – or carriage house which I rent out.  The Comcast abuse letter only lists the IP address of my cable modem and it doesn’t provide the DHCP address from my home network(s).

My second action, after reviewing my iTunes, was to turn web filtering back on.  I have an old IBM Proventia FW that I have setup between my cable modem and my home LANs.  One network is for my tenants, and they have their own WiFi server.  I allow that LAN access to the Internet but not to my home office LAN (network 2) or my home LAN (network 3).  My home office network has access to all three networks in order to manage the WiFi servers.  With the web filtering running, I setup two FW rules to block traffic to the Gnutella service.  One rule for TCP ports 6346 to 6347 and another for UDP ports 6346-6347 – both at 202.0.0.0 with a 28 bit mask.  Then I asked my tenant if he was using Gnutella and informed him about the abuse letter and my new web filters.  He was pretty humble about it and apologized.

I’m relating this in my blog, and probably FaceBook, because it occurs to me many of my friends could use some advice on computer security.  I’ve been in this industry for a long time, and I just got in trouble from my ISP.  Maybe I should be embarrassed – I’m not.  I do appreciate the irony.  But I know that many of my friends have kids – with their own computers – whom run these illicit and dangerous file sharing applications.  The last link above shows you how to block some of the more nefarious sites.  Understand that I’m not judging.  I support some copyleft arguments as they juxtapose certain tenets of innovation against the precepts of copyright protection.  But these applications put your computer and home network at extreme risk of being compromised.  These apps are favorites of hackers and are as likely as visiting free porn sites to result in your machine becoming pwned into a botnet.  Forget fears of Comcast cutting off your access – be afraid of being pwned.

I’m serious.  I’d rather blog on my running themes, but you need to know this stuff.  My YouTube instructions on protecting your texting privacy was originally intended in jest when Tiger Woods got clubbed by his wife after she saw his text history.  I was just having fun, but it’s turned into one of my most watched YouTube episodes.  Likewise, my commentary on the Google vs China cyber story last year continues to receive 4 or 5 views a day based on people searching on the terms cyberwar and cyber warfare.  So I figure this is good information.  I hope so.  Or if not, I hope you get a chuckle from knowing that Comcast is on to me.

————————————————————————

Notice of Action under the Digital Millennium Copyright Act

Abuse Incident Number:      Not Applicable
Report Date/Time:           Thu, 10 Feb 2011 11:31:02 -0600

ED MAHONEY
1805 S COFFMAN ST
LONGMONT, CO  805047568

Dear Comcast High-Speed Internet Subscriber:

Comcast has received a notification by a copyright owner, or its authorized agent, reporting an alleged infringement of one or more copyrighted works made on or over Comcast’s High-Speed Internet service (the ‘Service’).  The copyright owner has identified the Internet Protocol (‘IP’) address associated with your Service account at the time as the source of the infringing works.  The works identified by the copyright owner in its notification are listed below.  Comcast reminds you that use of the Service (or any part of the Service) in any manner that constitutes an infringement of any copyrighted work is a violation of Comcast’s Acceptable Use Policy and may result in the suspension or termination of your Service account.

If you have any questions regarding this notice, you may direct them to Comcast in writing by sending a letter or e-mail to:

Comcast Customer Security Assurance
Comcast Cable Communications, LLC
1800 Bishops Gate Blvd., 3rd Floor East Wing
Mount Laurel, NJ 08054 U.S.A.
Phone: (888) 565-4329
Fax: (856) 324-2940

For more information regarding Comcast’s copyright infringement policy, procedures, and contact information, please read our Acceptable Use Policy by clicking on the Terms of Service link at http://www.comcast.net.

Sincerely,
Comcast Customer Security Assurance

Copyright work(s) identified in the notification of claimed infringement:

Infringing Work : Graduation
Filename : Kanye West – Graduation – Stronger.mp3=20
Filename : Kanye West – Graduation – Stronger.mp3=20
First found (UTC): 2011-02-10T12:21:17.61Z
Last found (UTC): 2011-02-10T12:21:17.61Z
Filesize  : 7583872 bytes=20
IP Address: 76.25.159.42
IP Port: 17677
Network: Gnutella
Protocol: Gnutella    =20