It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Question or Perhaps Warning About Positive Exploit

page: 1
7

log in

join
share:

posted on Dec, 2 2013 @ 08:23 AM
link   
Why is it every time our IDS interacts with abovetopsecret.com a positive dynamic DNS exploit is attempted from 173.193.40.5 ?
This is abovetopsecret.com www.urlvoid.com...

This means that any DNS requests made to abovetopsecret.com after a successful execution ends up at malicious DNS servers. (Honey Pot Tested & Confirmed)

Why...?

No other site out of thousands monitored set of this positive alarm. Only abovetopsecret.com @
173.193.40.5 Every Single Time !!!



posted on Dec, 2 2013 @ 08:33 AM
link   

Opspeculate
Why is it every time our IDS interacts with abovetopsecret.com a positive dynamic DNS exploit is attempted from 173.193.40.5 ?
This is abovetopsecret.com www.urlvoid.com...


care to provide any info about that 'positive dynamic DNS exploit'? also, are you certain that it comes from that IP, or does it just occur WHEN A REQUEST has been made to resolve abovetopsecret.com, so perhaps you get malformed (exploit attempt) reply with that IP address, while the reply itself may come from whatever dns server you're using (which is certainly NOT at that IP address)?


Opspeculate
This means that any DNS requests made to abovetopsecret.com after a successful execution ends up at malicious DNS servers. (Honey Pot Tested & Confirmed)


mumbo-jumbo. perhaps the dns server you're using, returns malicious reply in response to request for IP address of abovetopsecret.com? that has nothing to do with ATS itself, if that's the case - the problem sits at the dns server you're using. all you're saying doesn't make a lot of sense, and it's rather clear you have very little understanding of the way dns servers work.


Opspeculate
Why...?

No other site out of thousands monitored set of this positive alarm. Only abovetopsecret.com @
173.193.40.5 Every Single Time !!!


have you tried to change the dns server you're using?

consider this: thousands of people are using ATS, and noone reported such issue so far. the most likely answer is that either the software you're using that rises such alarm (what is it?) shows a false positive, or the dns server you're using (it is set in your tcp/ip configuration, unless configured automatically via dhcp) has been compromised and it is either a coincidence or someone tries to attack only those that visit ATS. that still doesn't say that ATS is to blame - quite the oposite.

do your research before making claims like that.

and btw:
'Honey Pot Tested & Confirmed'
'thousands monitored'
post the exact procedures you've used that backup such claims, or it's all just BS.
edit on 2-12-2013 by jedi_hamster because: (no reason given)



posted on Dec, 2 2013 @ 08:35 AM
link   
reply to post by jedi_hamster
 


BRAVO!!!!

Perfect

(UP)



posted on Dec, 2 2013 @ 08:42 AM
link   
Happens from all 4 corners of the planet using different isp''s routes, OS's, hardware.. Every single time...
This is abovetopsecret.com www.urlvoid.com...

Just wondering why...? It only happens with abovetopsevret.com nothing else... ever...




posted on Dec, 2 2013 @ 08:44 AM
link   
reply to post by jedi_hamster
 


1 reason no one else might have noticed it is because most of us would have no idea what hes even talking about.

To the OP can you dumb down for us computards what your OP is about?



posted on Dec, 2 2013 @ 08:47 AM
link   
reply to post by Opspeculate
 


read my post again.
provide exact procedures you've used that backup your claims.
provide software name and version (possibly with url to its website) that rises such alarm.
provide exact error message (logs and/or screenshot).

so far you're just repeating yourself, making claims that look like nothing but fairytales, so as for now it just looks like you're trying to discredit ATS using lies.



posted on Dec, 2 2013 @ 08:49 AM
link   
reply to post by IkNOwSTuff
 


no need to know. people are usually running some firewall with integrated IDS, so assuming he's using something popular, tons of people would rise alarm - unless, as i've said, it's not ATS server that is 'attacking' him, but the dns server he's using - if that's the case, the whole issue may be very localized and perhaps he's the only one affected - but then it's the dns server he's using that is to blame, not ATS.



posted on Dec, 2 2013 @ 09:11 AM
link   

jedi_hamster
reply to post by IkNOwSTuff
 


no need to know. people are usually running some firewall with integrated IDS, so assuming he's using something popular, tons of people would rise alarm - unless, as i've said, it's not ATS server that is 'attacking' him, but the dns server he's using - if that's the case, the whole issue may be very localized and perhaps he's the only one affected - but then it's the dns server he's using that is to blame, not ATS.


Ahhhhhh....

Is that what he meant

But what about the scuttle exemplifying the DHL strings to block the programs firewalls from extrapolating?

The above sentence makes as much sense to me as yours does.

I have no idea what any of it means, can you try to REALLY dumb it down pls, I hate not knowing whats going on LOL



posted on Dec, 2 2013 @ 09:28 AM
link   
reply to post by IkNOwSTuff
 


he makes claims that it looks like even he doesn't fully understand - throwing out some mumbo-jumbo just so it looks technical enough to confuse - and perhaps scare - people. no confirmation whatsoever, no name and version of the software rising said alarm (IDS - Intrusion Detection System - usually a part of firewall software), nothing. he claims that ATS server attacks him whenever dns request (a question to dns servers to translate abovetopsecret.com to its IP address so that the website can be opened by connecting to the ATS server - all servers are accessed via IP addresses) is made to resolve abovetopsecret.com - but that request goes to whatever dns server he's using, and the IP of abovetopsecret.com comes back in a reply - there should be no reply from ATS server whatsoever regarding the dns - and there is none i guess. you can ask whatever dns server about the address of abovetopsecret.com, when the answer is known (cached), it comes back, if not - that dns server asks other servers, down to ATS dns servers when needed - but even in that case you get the reply from the dns server you've asked, that's one thing. second thing is, ATS dns servers (dns servers responsible for storing the configuration of abovetopsecret.com domain) are NOT on said IP - that's the IP of the server hosting ATS website. dns servers responsible for abovetopsecret.com are different, and there are five of those:


abovetopsecret.com nameserver = ns1.dnsmadeeasy.com
abovetopsecret.com nameserver = ns2.dnsmadeeasy.com
abovetopsecret.com nameserver = ns0.dnsmadeeasy.com
abovetopsecret.com nameserver = ns4.dnsmadeeasy.com
abovetopsecret.com nameserver = ns3.dnsmadeeasy.com
ns0.dnsmadeeasy.com internet address = 208.94.148.2
ns1.dnsmadeeasy.com internet address = 208.80.124.2
ns2.dnsmadeeasy.com internet address = 208.80.126.2
ns3.dnsmadeeasy.com internet address = 208.80.125.2
ns3.dnsmadeeasy.com AAAA IPv6 address = 2600:1801:3::1
ns4.dnsmadeeasy.com internet address = 208.80.127.2
ns4.dnsmadeeasy.com AAAA IPv6 address = 2600:1802:4::1



posted on Dec, 2 2013 @ 09:29 AM
link   

Opspeculate
Happens from all 4 corners of the planet using different isp''s routes, OS's, hardware.. Every single time...
This is abovetopsecret.com www.urlvoid.com...

Just wondering why...? It only happens with abovetopsevret.com nothing else... ever...



clicked on the website ..

Results are clean ..



posted on Dec, 2 2013 @ 09:42 AM
link   
reply to post by IkNOwSTuff
 


one possible other explanation of what he meant, is that ATS webserver tries to attack him (whenever the website gets opened) with some dns exploit, so that further dns requests to resolve abovetopsecret.com go to malicious dns servers - that's how i understand his post after reading it again. still, it makes little sense, because one is rarely running a dns server locally, so any dns-related attack on the client itself is kinda pointless, imho. besides, such exploit would have to run with root (admin) privileges on the ATS server, so it's extremely unlikely to be possible at all - and if he suggests that perhaps ATS owners are behind it, that's even more silly, because one attacks dns servers to redirect some website to malicious site - there's no point in redirecting ATS website to some other address when you have direct control over the web server hosting it - and he claims that those attacks come from that exact web server hosting ATS website.

as you can see, it makes no sense at all.
edit on 2-12-2013 by jedi_hamster because: (no reason given)



posted on Dec, 2 2013 @ 09:51 AM
link   


This means that any DNS requests made to abovetopsecret.com after a successful execution ends up at malicious DNS servers.


Why would a DNS request be made to ATS? Are you talking about DNS lookups?



posted on Dec, 2 2013 @ 10:47 AM
link   
an OP with fancy terms but no substance, and a link that shows nothing....

Even the Board Business forum is now suffering the same fate as most other forums on this site.



posted on Dec, 2 2013 @ 10:51 AM
link   
reply to post by Opspeculate
 


We don't, nor have we ever used Dynamic DNS.



posted on Dec, 2 2013 @ 11:46 PM
link   
reply to post by Opspeculate
 


No threats my way also....

You may have a virus of some sorts.

Chrome has been acting up lately... But it does that at times. No mess ups on chrome with ATS within the last couple days.

Good luck on fixing your registry.



posted on Dec, 3 2013 @ 12:28 AM
link   
reply to post by ChuckNasty
 


INDEED. Chrome would hang interminably on some threads on ATS earlier . . . I mostly gave up and went to FireFox.

On other ATS threads there would be absolutely no problem.

I could not detect a commonality on the threads that Chrome hung on nor any commonality on the threads that it did not hang on.

Nor did it seem to be a number of windows opened issue.

FWIW.



posted on Dec, 3 2013 @ 02:41 AM
link   
I'm not nearly net savvy enough to get involved in the convo, but wanted to say that very frequently my anti-virus tells me it has blocked attempted attacks or whatever they say. This ONLY happens on ATS.

As of about two months ago I have a totally brand new build for my computer, one of the first sites i went to upon getting my machine up and running was ATS. Attack attempt over and over again.

It's happened on several other people's computers I've used. ATS also eats up a ton of my CPU when browsing and even more when posting. Happened on both my old an new computer, nothing was shared between the two comps.

Just seems a little odd SO many people are having issues with ATS in this manner, as am I, and NEVER on ANY other sites, just ATS.

I'm obviously not worried enough about it to stop coming here but it seems strange.



posted on Dec, 3 2013 @ 03:57 AM
link   
reply to post by James1982
 


so many?
SO many?

like how many? you and who?
do you realize how many people visit ATS daily?
do you realize that you have provided absolutely NO evidence to backup your claims whatsoever, just like the author of this thread?

to all those being 'attacked' while visiting ATS:
- post your firewall/antivirus/IDS software name and version
- post logs from that software related to the attack you claim happened
- post screenshot of that software displaying alert related to the attack you claim happened

or it did not happen. period.



posted on Dec, 3 2013 @ 08:10 AM
link   

James1982
Just seems a little odd SO many people are having issues with ATS in this manner, as am I, and NEVER on ANY other sites, just ATS.

Why do you never alert me or other staff about this?

I don't believe you… you are either lying or you keep doing the same thing over and over that results in your computer being infected in some other manner.

Our entire site is scanned daily.

Each ad that runs on the site is pre-scanned. There are the occasional ads for which we receive alerts, but it's been an average of two per month, and the alerts let us know that the ads have either been pulled or corrected by the advertisers.



new topics

top topics



 
7

log in

join