Please Help, I think my computer is being monitored

Please Help, I think my computer is being monitored
Links: home · search · speed test · login · more ·

Links: Reply New Topic
Forums » Security » Security » Please Help, I think my computer is being monitored
page: 1 · 2 · 3
JosephL @ 6th Nov 11:10PM:
Please Help, I think my computer is being monitored

Recently, I'd say within the last few weeks I have begun noticing through TcpView that my computer seems to be periodically connecting to a site called "objectsciences.com". The connections take place in both Firefox/IE and even Yahoo IM. They appear as for exp.- "host4.objectsciences.com" "host50.objectsciences.com" etc. and so on. I have scanned my computer and it appears clean. The thing that worries me though is that after searching for info on this site, I have found that it apparently resolves to a company called SAIC which apparently is a large contractor for NSA, FBI, CIA, Homeland Security, DOD and whomever else I really dont know.

I am just a typical novice home computer user and have honestly not done anything illegal. Can someone possibly offer any info on what this all may be? What is this site? Should I inquire with my ISP? Should I contact a lawyer? Should I expect that the FBI or something is going to come to my door? Assuming I am in fact for whatever reason somehow being monitored, is that even Legal then for them to do?

I really am in desperate need of some help or advice or any info here. Please can anyone help me?

Thank you
reply

The Snowman @ 7th Nov 02:10AM:
Re: Please Help, I think my computer is being monitored

A "whois" of that name did not show up anything.........

Block the site with your firewall or router an relax. You should also consider using a Hosts file.

reply

anon @ 7th Nov 03:14AM:
msg deleted

deleted by a moderator
reply

NetFixer @ 7th Nov 04:28AM:
Re: Please Help, I think my computer is being monitored

said by The Snowman :

A "whois" of that name did not show up anything.........

I don't know what you are using for your "whois", but....

--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson
reply

NetFixer @ 7th Nov 04:33AM:
Re: Please Help, I think my computer is being monitored

What process does TCPview show is making the connections in question?

If it is the ubiquitous "System" process, you might want to try using Process Explorer to better pinpoint the source.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson
reply

Full Power @ 7th Nov 05:00AM:
Re: Please Help, I think my computer is being monitored

said by JosephL :

Recently, I'd say within the last few weeks I have begun noticing through TcpView that my computer seems to be periodically connecting to a site called "objectsciences.com".

You have most likely installed a program or service that is connected to them. Why not call 1-877-999-7242 and ask them what it might be ?

Edit - It is unlikely that a company who registerd their name in the year 1989 is up to anything very nefarious today.
reply

Blackbird @ 7th Nov 11:07AM:
Re: Please Help, I think my computer is being monitored

(post deleted by author)
reply

DownTheShore @ 7th Nov 02:07PM:
Re: Please Help, I think my computer is being monitored

Are you involved with any kind of distributed network project? Perhaps they are legitimately receiving information as a part of that project.
reply

Anav @ 7th Nov 03:04PM:
Re: Please Help, I think my computer is being monitored

How did you find information on this company as others have shown/researched to indicate your information is bogus??

reply

NetFixer @ 7th Nov 03:22PM:
Re: Please Help, I think my computer is being monitored

said by Anav :

How did you find information on this company as others have shown/researched to indicate your information is bogus??

Exactly what part of the information in this thread do you find to be bogus (not counting the bogus claim that "whois" did not return any information)?

Snapped 2009-11-07 15:20:07

»investors.saic.com/releasedetail···D=315256

Is your

broken?
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson
reply

anon @ 7th Nov 05:03PM:
msg deleted

deleted by a moderator
reply

anon @ 7th Nov 05:40PM:
msg deleted

deleted by a moderator
reply

anon @ 7th Nov 05:47PM:
msg deleted

deleted by a moderator
reply

anon @ 7th Nov 07:46PM:
msg deleted

deleted by a moderator
reply

anon @ 7th Nov 08:05PM:
msg deleted

deleted by a moderator
reply

caffeinator @ 7th Nov 09:09PM:
Re: Please Help, I think my computer is being monitored

Some info on the company: »washington.bizjournals.com/washi···y28.html

--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages
reply

anon @ 7th Nov 10:17PM:
msg deleted

deleted by a moderator
reply

JosephL @ 7th Nov 11:19PM:
Re: Please Help, I think my computer is being monitored

Thank you everyone for the advice and help, I really appreciate it.

The processes associated with this appear to be primarily my browsers, both Firefox and IE from what I can tell.

To the best of my memory, the only programs I had recently installed and now since deleted were ArcSoft Video Downloader, Flvsoft YouTube FLV Downloader and Erightsoft Super Video Converter.

Arcsoft was part of software with a Phillips Mp3 player I had recently purchased and came in the form of a Firefox browser add-on. I don't know much about this company so I can't conclusively say if it necessarily contained any malware, although I am noticing an "ArcSoft Connect Daemon - ACService.exe" entry in Hijack this even despite uninstalling it.
The Arcsoft privacy policy does seem to mention something relating to information collection however.

I also have read some debate on the safeness of Super video converter. But I dont even know what remaining files it may have left after uninstall.

I am however unfortunately noticing the connection still randomly appearing upon arriving at whatever various legit webpages and also when I go to try to login to Hotmail or Yahoo mail.

I may just end up re-installing Windows. Although I have scanned the system directory with Avira, and Malwarebytes even in safe mode and both found nothing.

For the record I do beleive the Whois for this site is accurate.
I don't know much of anything about this Corporation but it seems quite large and kinda scary.

Maybe I am just being paranoid, as someone suggested this company may also have other, however more hopefully seemingly benign "Scientific" or otherwise less evil data mining type stuff associated with it but who really knows. I doubt I will end up calling them on the phone to ask.

reply

fatness @ 7th Nov 11:26PM:
Re: Please Help, I think my computer is being monitored

I found this: »www.tv-cards.com/messageboard/vi···id=15361

It seems the Arcsoft thing may be running as a service, which you would need to turn off.
»forums.techguy.org/all-other-sof···ain.html
»www.arcsoft.com/Forum/forum_post···84f3b49e
--
"I cannot teach him. The boy has no pants."
reply

La Luna @ 7th Nov 11:33PM:
Re: Please Help, I think my computer is being monitored

I (and many, many others) have use SUPER for a long time without issues. When the updater asks to connect to the internet, I deny it. I doubt it was the cause of your problem.
reply

anon @ 8th Nov 12:18AM:
msg deleted

deleted by a moderator
reply

caffeinator @ 8th Nov 10:18AM:
Re: Please Help, I think my computer is being monitored

said by La Luna :

I (and many, many others) have use SUPER for a long time without issues. When the updater asks to connect to the internet, I deny it. I doubt it was the cause of your problem.

+1 to that. I use Super and ALL2AVI all the time and have no such processes....perhaps it's one of those dodgey divx sites eh?
--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages
reply

EGeezer @ 8th Nov 12:43PM:
Re: Please Help, I think my computer is being monitored

If it were my system, I think I'd want to find out what's initiating those connections too -

Objectsciences article;

said by article :

Science Applications International Corp. has completed another local acquisition, paying an undisclosed sum for Object Sciences in Alexandria.

The San Diego-based company says Object Sciences will become part of its Operational Intelligence Solutions Business unit. Object Sciences, which has 133 employees, specializes in systems integration and analysis for government intelligence agencies. ...

»washington.bizjournals.com/washi···y28.html

SAIC company profile -partial, read the rest at the link;

SAIC, Inc. provides scientific, engineering, systems integration, and technical services and solutions to various branches of the U.S. military, agencies of the U.S. Department of Defense, the intelligence community, the U.S. Department of Homeland Security and other U.S. government civil agencies, state and local government agencies, foreign governments, and customers in select commercial markets ...

»finance.yahoo.com/q/pr?s=SAI

When I did a lookup and a PING for the specific hostnames, host4.objectsciences.com host50.objectsciences.com but I get no IP address resolved for them. That makes me wonder if your Hosts file might have something in them.

One thing that would be helpful would be to PING from that computer and post what IP address it resolves to. Another would be to look in your HOSTS files to see if there's an entry in it for the host names. If they're in your hosts file and resolve to 127.0.0.1, you're good :) If the names are in the hosts file and resolve to other addresses, document the entry information and delete the entries.

Note that connections to 127.0.0.x may display the first name listed for that address. That entry is usually (and should be)

127.0.0.1 localhost

netstat -b will also show the application name associated with the connection, but I don't think it shows the underlying process. As NetFixer indicated, Process Explorer from »technet.microsoft.com/en-us/sysi···653.aspx will go deeper.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
reply

The Snowman @ 8th Nov 02:31PM:
Re: Please Help, I think my computer is being monitored

EGeezer said:

When I did a lookup and a PING for the specific hostnames, host4.objectsciences.com host50.objectsciences.com but I get no IP address resolved for them. That makes me wonder if your Hosts file might have something in them. "

________________________________

EG,

That was the same results I had as well. Thanks for posting that information.
It should be interesting to see just where that Server is located.
An like you I agree that if I were the OP I would not rest until this was resolved.
It will also be interesting if we ever learn what the OP has installed that is calling out that way.......kindda makes a person wonder.

reply

EGeezer @ 8th Nov 02:47PM:
Re: Please Help, I think my computer is being monitored

said by The Snowman :

... kindda makes a person wonder. ...

If it's what I mentioned with the host files, it could be a legit app simply opening a pipe with address of 127.0.0.1 and displaying the host names instead of or ina addition to the address.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
reply

The Snowman @ 8th Nov 02:58PM:
Re: Please Help, I think my computer is being monitored

EG,

I just did an online Whois on that url an had the same results............online lookup would it be effected by a Hosts File ?
reply

ironwalker @ 8th Nov 04:22PM:
Re: Please Help, I think my computer is being monitored

Ok, I noticed today several deleted replies, one of which suggested to block the address block of the offending saic site.
I went and added this in my router, should I remove it now....why was that reply deleted?
reply

NetFixer @ 8th Nov 04:33PM:
Re: Please Help, I think my computer is being monitored

said by ironwalker :

Ok, I noticed today several deleted replies, one of which suggested to block the address block of the offending saic site.
I went and added this in my router, should I remove it now....why was that reply deleted?

Don't ask, don't tell. :hmm:
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson
reply

ironwalker @ 8th Nov 04:35PM:
Re: Please Help, I think my computer is being monitored

Understood, but, still doesn't help me.
reply

NetFixer @ 8th Nov 04:44PM:
Re: Please Help, I think my computer is being monitored

said by ironwalker :

Understood, but, still doesn't help me.

The answer is quite simple, and also personal. If you have a router or other gateway firewall device that is capable of blocking domain names and/or IP address ranges, you are legally and morally entitled to block access to anything you wish.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson
reply

anon @ 8th Nov 05:01PM:
msg deleted

deleted by a moderator
reply

JosephL @ 8th Nov 06:59PM:
Re: Please Help, I think my computer is being monitored

My Hosts file apparently was created by SPybot. There are no entries listing any specific IP address. The majority are formatted such as "127.0.0.1 www.007guard.com" and so on, thus blocking these websites from accessing my computer if I understand it correctly.

I have now gone in in notepad and added several name servers I have found relating to this site in my hosts file. I have placed these at the top of the file and listed the apparent main SAIC servers first , followed by most others listed sequentially. I'm not sure how many "host1, host2. servers they have, so I listed as many as I reasonably could" most info I have discovered from this site - »www.robtex.com/dns/objectsciences.com.html

I have also disabled my DNS Client in Services.

So far I have not noticed any more connections appearing in TCPView. SO I hope this problem is somehow now however much resolved?

When I open my command window and ping "objectsciences.com " or any other entry from my Hosts list, all now list "Ping statistics for 127.0.0.1 :
Packets sent = 4, Recieved = 4, Lost = 0 ,
Approximate Round Trip times in milliseconds :
Minimum = 0ms , Maximum = 0ms, Avergae = 0ms

Again, I am a novice to all this with using Hosts file to block sites if as I believe I now understand it correctly to do. I appreciate any advice. I should mention - I am on a router sharing the connection with other computers in the home. I have not attempted to block anything by configuring the router in any way, I have only done just this modification to my hosts file on my machine.
I will list the first portion of my hosts file with my modifications below -

127.0.0.1 localhost

# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 cpes1.saic.com
127.0.0.1 mcles1.saic.com
127.0.0.1 mail.objectsciences.com
127.0.0.1 ns1.objectsciences.com
127.0.0.1 ns2.objectsciences.com
127.0.0.1 ns2.objectsciences.com
127.0.0.1 superclass.objectsciences.com
127.0.0.1 class.objectsciences.com
127.0.0.1 www.objectsciences.com
127.0.0.1 objectsciences.com
127.0.0.1 host1.objectsciences.com
127.0.0.1 host2.objectsciences.com
127.0.0.1 host3.objectsciences.com
127.0.0.1 host4.objectsciences.com
127.0.0.1 host5.objectsciences.com
127.0.0.1 host6.objectsciences.com
127.0.0.1 host7.objectsciences.com
127.0.0.1 host8.objectsciences.com
127.0.0.1 host9.objectsciences.com
127.0.0.1 host10.objectsciences.com
127.0.0.1 host11.objectsciences.com
127.0.0.1 host12.objectsciences.com
127.0.0.1 host13.objectsciences.com
127.0.0.1 host14.objectsciences.com
127.0.0.1 host15.objectsciences.com
127.0.0.1 host16.objectsciences.com
127.0.0.1 host17.objectsciences.com
127.0.0.1 host18.objectsciences.com
127.0.0.1 host19.objectsciences.com
127.0.0.1 host20.objectsciences.com
127.0.0.1 host21.objectsciences.com
127.0.0.1 host22.objectsciences.com
127.0.0.1 host23.objectsciences.com
127.0.0.1 host24.objectsciences.com
127.0.0.1 host25.objectsciences.com
127.0.0.1 host26.objectsciences.com
127.0.0.1 host27.objectsciences.com
127.0.0.1 host28.objectsciences.com
127.0.0.1 host29.objectsciences.com
127.0.0.1 host30.objectsciences.com
127.0.0.1 host31.objectsciences.com
127.0.0.1 host32.objectsciences.com
127.0.0.1 host33.objectsciences.com
127.0.0.1 host34.objectsciences.com
127.0.0.1 host35.objectsciences.com
127.0.0.1 host36.objectsciences.com
127.0.0.1 host37.objectsciences.com
127.0.0.1 host38.objectsciences.com
127.0.0.1 host39.objectsciences.com
127.0.0.1 host40.objectsciences.com
127.0.0.1 host41.objectsciences.com
127.0.0.1 host42.objectsciences.com
127.0.0.1 host43.objectsciences.com
127.0.0.1 host44.objectsciences.com
127.0.0.1 host45.objectsciences.com
127.0.0.1 host46.objectsciences.com
127.0.0.1 host47.objectsciences.com
127.0.0.1 host48.objectsciences.com
127.0.0.1 host49.objectsciences.com
127.0.0.1 host50.objectsciences.com
127.0.0.1 host51.objectsciences.com
127.0.0.1 host52.objectsciences.com
127.0.0.1 host53.objectsciences.com
127.0.0.1 host54.objectsciences.com
127.0.0.1 host55.objectsciences.com
127.0.0.1 host56.objectsciences.com
127.0.0.1 host57.objectsciences.com
127.0.0.1 host58.objectsciences.com
127.0.0.1 host59.objectsciences.com
127.0.0.1 host60.objectsciences.com
127.0.0.1 host61.objectsciences.com
127.0.0.1 host62.objectsciences.com
127.0.0.1 host63.objectsciences.com
127.0.0.1 host64.objectsciences.com
127.0.0.1 host65.objectsciences.com
reply

Full Power @ 8th Nov 11:34PM:
Re: Please Help, I think my computer is being monitored

If it were my computer I would either find out what it was or I would erase and start over.
reply

JosephL @ 10th Nov 12:04PM:
Re: Please Help, I think my computer is being monitored

Sorry, duplicate post.
reply

JosephL @ 10th Nov 12:04PM:
Re: Please Help, I think my computer is being monitored

Last night I decided to re-install Win XP. I believe it was a clean install , I just installed it/reformatted right over drive C: where it was before, erasing everything from before.

This morning as soon as I start up Yahoo IM, suddenly I see the same type of connections as before all over again.
YahooMessenger.exe:880: host25.objectsciences.com

Next, I click on the link inside YIM settings to read about their privacy policy. After I open default browser IE , I see even more various host#.objectsciences.com connections now in IE.

I haven't seen them in Firefox yet, but I suspect its just a matter of time now again.

I don't know if this has anything to do with Yahoo maybe?
I read about their some sort of affiliated ad info collection thing, maybe this has something to do it ?
»www.networkadvertising.org/manag···_out.asp

I even tried to ping "host25.objectsciences.com" for example but I get nothing, no response. I don't understand how TCPView can show these connections, but when I try to ping them , it comes back as as no server being there etc.

I don't know what to do anymore, I thought this would all be over now.
reply

Robotics @ 10th Nov 12:41PM:
Re: Please Help, I think my computer is being monitored

Get this program (for firefox) it blocks that one you mentioned, and a crap load of others flawlessly.

»www.ghostery.com/

Once installed, go through the program and make sure "block all" is selected. It also tells you what all is happening in the upper right of your screen. I think you will like the program. I personally think its great.

Hope this helps.

**edit...forgot to mention, I no longer have the problem you are having at the moment**
--
Long you live and high you fly and Smiles you'll give and tears you'll cry
and all you touch and all you see, is all your life will ever be.
reply

JosephL @ 10th Nov 03:25PM:
Re: Please Help, I think my computer is being monitored

Thanks maybe I will check out Ghostery.

Question for anyone here:

I found this page now - »www.robtex.com/cnet/65.222.174.html

It lists most of the "objectsciences.com" addresses along with this IP block - 65.222.174.0

Can someone please tell me what that IP has to do with any of this?

When I click on that IP the information lists :

MCI Communications Services, Inc. d/b/a Verizon Business UUNET65 (NET-65-192-0-0-1)
65.192.0.0 - 65.223.255.255
WS/Akamai Technologies/Akamai Technologies UU-65-222-174-D3 (NET-65-222-174-0-1)
65.222.174.0 - 65.222.174.255

My ISP is Verizon.

reply

NetFixer @ 10th Nov 07:12PM:
Re: Please Help, I think my computer is being monitored

What this means is that if you had supplied us with IP addresses in the first place instead of using hostnames, this "mystery" could have been resolved rather quickly.

Briefly, UUNET/MCI originally was assigned that IP address block, and they subsequently sublet a portion of it to Object Sciences. Verizon is the current owner of UUNET/MCI. What you are seeing is old PTR (AKA rDNS) records that still point to objectsciences.com even though they are no longer using that IP address block. It would appear that Akamai is now using that IP address block.

Your ISP is Verizon, so it is not really unexpected that you may have open sessions with Verizon IP addresses. Akamai Technologies provides content services for almost every major internet player, and it is not unexpected to find open sessions to Akamai IP addresses.

Here are whois queries that show a similar situation, except that Object Sciences is still listed as sub leasing this IP address block from UUNET/Verizon:

whois -h whois.arin.net n Object Sciences Corporation CustName:   OBJECT SCIENCES CORPORATIONAddress:    6359 WALKER LN STE 100City:       AlexandriaStateProv:  VAPostalCode: 22310Country:    USRegDate:    2004-03-18Updated:    2004-03-18 NetRange:   65.196.131.240 - 65.196.131.247CIDR:       65.196.131.240/29NetName:    UU-65-196-131-240-D4NetHandle:  NET-65-196-131-240-1Parent:     NET-65-192-0-0-1NetType:    ReassignedComment:    Addresses within this block are non-portable.RegDate:    2004-03-18Updated:    2004-03-18 RTechHandle: OA12-ARINRTechName:   UUnet Technologies, Inc., TechnologiesRTechPhone:  +1-800-900-0241RTechEmail:  help4u@verizonbusiness.com OrgAbuseHandle: ABUSE3-ARINOrgAbuseName:   abuseOrgAbusePhone:  +1-800-900-0241OrgAbuseEmail:  abuse-mail@verizonbusiness.com OrgNOCHandle: OA12-ARINOrgNOCName:   UUnet Technologies, Inc., TechnologiesOrgNOCPhone:  +1-800-900-0241OrgNOCEmail:  help4u@verizonbusiness.com OrgTechHandle: SWIPP-ARINOrgTechName:   swipperOrgTechPhone:  +1-800-900-0241OrgTechEmail:  swipper@verizonbusiness.com OrgTechHandle: JHU140-ARINOrgTechName:   Huffines, JodyOrgTechPhone:  +1-703-886-6093OrgTechEmail:  Jody.Huffines@verizonbusiness.com # ARIN WHOIS database, last updated 2009-11-07 20:00# Enter ? for additional hints on searching ARIN's WHOIS database. ------------------------------------------------------------------ whois 65.196.131.240MCI Communications Services, Inc. d/b/a Verizon Business UUNET65 (NET-65-192-0-0-1)                                  65.192.0.0 - 65.223.255.255OBJECT SCIENCES CORPORATION UU-65-196-131-240-D4 (NET-65-196-131-240-1)                                  65.196.131.240 - 65.196.131.247 # ARIN WHOIS database, last updated 2009-11-09 20:00# Enter ? for additional hints on searching ARIN's WHOIS database.

To head off what is probably the next question, the PTR/rDNS records are likely still pointing to objectsciences.com because of a simple oversight. There are no standards or requirements for PTR/rDNS records, and in fact many IP addresses do not even have PTR/rDNS records.

For the super paranoid among us, yes it is possible that Object Sciences decided to farm out whatever those IP addresses are used for to Akamai. However, if that were the case, I would think that a company with as much experience in covert operations as Object Sciences would have covered their tracks a bit better and removed the old PTR/rDNS records.

And for the record, it is definitely an Akamai server:

[att=1]

--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson

JosephL @ 10th Nov 11:59PM:
Re: Please Help, I think my computer is being monitored

I appreciate this explantion very much, thank you Netfixer.
Perhaps I was being somewhat paranoid. But it concerned me when I saw how objectsciences is now part of SAIC. I think it was last year when a bill named HR 604? something was passed by the US Government giving total legal immunity to violate constitutional privacy rights of anyone.

I think I am beginning to better understand things now.

I should maybe explain though also that I only found this page »www.robtex.com/cnet/65.222.174.html
by chance through a Google search for "objectsciences"
Which is how the entries appear in TCPVIew , host1 , host2.objectsciences etc. I never could find any IP associated with it until I came across that link.

All this which if I understand is basically due to MCI, now Verizon, who only formerly offered IP blocks to Objectsciences , who is now part of SAIC. And this lease has apparently since discontinued.

So essentially the reason my TCpView displays "objectsciences.com" instead of anything else is because Verizon still owns this block, but the DNS info has not been updated to display anything different.

Although I do wonder why I had never seen this entry before in TCPVIew until recently and nobody else had either.

But so hopefully the NSA/FBI is not after my computer after all then.

It does seem curious though that MCI or any other former major communications corporation for that matter, would be however much in bed so to speak with whomever objectsciences or any other similar company apparently involved with federal intelligence agencies. But nowadays Telecom/ISP corporations probably have an even greater relationship with these agencies. Something which they probably have had already for several decades anyways.

Thank you again for the info.

reply

tempnexus @ 11th Nov 12:13AM:
Re: Please Help, I think my computer is being monitored

Pfft if NSA/FBI/MOM/DAD/SIS/BRO are after your computer then they will probably get it.

I would not start freaking out about it unless you have a real reason to freak out (aka you just sold 3939393 pounds of pure white cocaine to a dude named bob).
reply

NetFixer @ 11th Nov 12:14AM:
Re: Please Help, I think my computer is being monitored

TCPView (and most network diagnostic tools) can be configured to either resolve addresses or not.

[att=1]

[att=2]

I generally never configure such tools to resolve IP addresses for reasons such as what happened in this thread.

As Henry David Thoreau said, "Simplify, simplify simplify!".

Albert Einstein said it slightly differently, but the reasoning was the same: "Everything should be made as simple as possible, but not simpler."

As for who is/was in bed with whom, UUNET/MCI was just an ISP. Are you saying that some organizations should not be allowed to have internet service based on their political affiliation? Talk such as that might indeed put you in someone's gunsights.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson

tempnexus @ 11th Nov 12:16AM:
Re: Please Help, I think my computer is being monitored

Nice quote:
I personally like this one by him:

"A question that sometimes drives me hazy: am I or are the others crazy? "
reply

anon @ 11th Nov 11:16AM:
msg deleted

deleted by a moderator
reply

tempnexus @ 11th Nov 01:00PM:
Re: Please Help, I think my computer is being monitored

Oops forgot to mention.
If you do not want to bother with a host file and if your router does not support site blocking.
Then you can always use OpenDNS...albeit not as reliable but it still works.
For example I block googleanalytics in OPENDNS and set OpenDNS in my router as a default DNS and then set the DNS IP in my Pc's on my network to my router IP.
That way all my PC's behind my router are benefiting from the domain blocks.
reply

NetFixer @ 11th Nov 04:52PM:
Re: Please Help, I think my computer is being monitored

said by tempnexus :

Oops forgot to mention.
If you do not want to bother with a host file and if your router does not support site blocking.
Then you can always use OpenDNS...albeit not as reliable but it still works.
For example I block googleanalytics in OPENDNS and set OpenDNS in my router as a default DNS and then set the DNS IP in my Pc's on my network to my router IP.
That way all my PC's behind my router are benefiting from the domain blocks.

In the OP's case, only local firewall blocking by IP address would have stopped access. Most likely those Akamai servers were either being directly accessed using an IP address or by using an Akamai hostname. Blocking *.objectsciences.com (either directly in a firewall, or indirectly with DNS) would not have stopped the access of the servers in question.

The "whatever.objectsciences.com" hostname resolution was coming from TCPView being configured to do rDNS resolution, and Verizon/UUNET still leaving ancient objectsciences.com PTR records in place for the IP addresses in question. There was likely never any actual attempt to connect to an objectsciences.com server, so blocking that domain name would not have stopped anything.

The screenshot below shows what a connection to http://65.222.174.5 in Internet Explorer looks like with TCPView configured to do rDNS resolution. I already posted the information in a previous post to show that IP address does actually point to an Akamai server.

[att=1]
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson

ironwalker @ 11th Nov 05:22PM:
Re: Please Help, I think my computer is being monitored

If the said saic and object science sites are monitoring, and collecting data building profiles on people, why would he go to opendns to block when some feel OpenDNS is or will be doing the samething weather for the govt or marketing agencies to make some money for there hard work.
Opendns is too damn popular, I gave it up long ago.
Sorry to switch topic a bit but I had to ask about that advice given.

I also do not let tcpview resolve address' nor does outpost firewall.
--
Live Free or Die!
www.sidux.com
www.chronixradio.com

reply

NetFixer @ 12th Nov 11:53AM:
Re: Please Help, I think my computer is being monitored

said by ironwalker :

If the said saic and object science sites are monitoring, and collecting data building profiles on people, why would he go to opendns to block when some feel OpenDNS is or will be doing the samething weather for the govt or marketing agencies to make some money for there hard work..

The operative word is the first word in your post: (If).

There is no evidence that this actually occurred. This entire thread was based on a misinterpretation of the information presented by TCPView. There was no traffic to or from SAIC or Object Sciences to block, and any kind of DNS based blocking (OpenDNS or otherwise) would have blocked nothing anyway since neither of those domains were actually involved.

Of course one could block Akamai (the actual operator of the servers at the IP addresses referenced in this thread) using either DNS or firewall blocking, but doing so would likely disable a large portion of that person's access to the internet since Akamai is so deeply imbedded in content delivery for so many companies.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson
reply

pog @ 12th Nov 05:31PM:
Re: Please Help, I think my computer is being monitored

These connections might have something to do with an add-on you have in your browser? My impression (based on the snippets from a google search) is that objectsciences, among other things, develops/hosts servlets for all kinds of things.

Try starting firefox in safemode... do these connections still occur? »kb.mozillazine.org/Safe_mode
--
My Site
reply

Name Game @ 12th Nov 07:25PM:
Re: Please Help, I think my computer is being monitored

In the past, I also trusted TCPView to resolve the IP until it gave we erroneous info in the names...Now I check them all myself and just let it list the IP.

"TCPView Professional has an internal table for translating many port numbers to their names. Select the resolve addresses button or the Options|Resolve Addresses menu entry to toggle name resolution. When name resolution is enabled TCPView Professional performs IP address name lookup operations in the background, updating the static and dynamic views as translations complete. In many cases IP addresses do not have corresponding names, and so are always shown numerically. If a name lookup fails for some reason, TCPView Professional re-attempts the lookup ten seconds later if the address is referenced by new entries in the static or dynamic views, or if you toggle name resolution off and then on again. Tip: You can quickly see what IP address corresponds to the name shown in an entry or vice versa by selecting the entry and then toggling name resolution with the Ctrl+R hotkey sequence."
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

reply

ironwalker @ 12th Nov 07:28PM:
Re: Please Help, I think my computer is being monitored

I own diamonds port explorer which was way better, but, since diamond ditched there old customers I cannot ever get my lifetime key back.
I liked it better than TCPView, more options and control.
reply

anon @ 15th Nov 07:27AM:
msg deleted

deleted by a moderator
reply

tempnexus @ 16th Nov 12:37AM:
Re: Please Help, I think my computer is being monitored

said by ironwalker :

I own diamonds port explorer which was way better, but, since diamond ditched there old customers I cannot ever get my lifetime key back.
I liked it better than TCPView, more options and control.

Indeed a real shame from a former great company, I mean their PortExplorer, TDS-3, ProcessGuard and WormGuard were ahead of their time.
Too bad that Wayne is a duche.

You know that you can get the "free versions" of their lifetime.

After all if you have the lic, then it's not stealing. :)

I have the lic for TDS-3, ProcessGuard and PortExplorer. TDS-3 is useless (not updated since 2005 if I recall correctly). PG and PE are still ok...albeit many other great freeware out there that surpasses PG.

God damn I should really proof read...sometimes my mind races ahead of my typing and I seem to write Engrish.
reply