Second Life Forums Archive - Linden lab Netowrk intrusion?

Wes Chen

Registered User

Join date: 30 Dec 2003

Posts: 34

01-24-2004 16:45

there is about 3thousand lines of that within 30 seconds.. what's going on linden labs?

and why do half of you files ends up being

-> 11BACDCh extra bytes found, starting at offset 8E00h.

That means that:
The file contains 18590940 bytes of extra data.
Stub size is approximately 35 KB.

-> 1335BEh extra bytes found, starting at offset 12000h.

That means that:
The file contains 1258942 bytes of extra data.
Stub size is approximately 72 KB.

what's the need for extra bytes and stub linden corp?

Carnildo Greenacre

Flight Engineer

Join date: 15 Nov 2003

Posts: 1,044

01-24-2004 17:28

It means you've got an overly paranoid intrusion detector.

_____________________

perl -le '$_ = 1; (1 x $_) !~ /^(11+)\1+$/ && print while $_++;'

si Money

The nice demon.

Join date: 21 May 2003

Posts: 477

01-24-2004 19:53

*sighs*

Please don't run IDS monitors if you don't understand what they do.

None of that is anything to worry about.

_____________________

Like a soul without a mind
In a body without a heart
I'm missing every part

-- Progress --
Catherine Omega: Yes, but lots of stuff isn't listed. "Making UI harder to use than ever" and "removing all the necessary status icons" things.... there's nothing like that in the release notes.

Garoad Kuroda

Prophet of Muppetry

Join date: 5 Sep 2003

Posts: 2,989

01-24-2004 20:49

From: someone

Originally posted by si Money
*sighs*

Please don't run IDS monitors if you don't understand what they do.

None of that is anything to worry about.

Why shouldn't he? Gotta learn about the stuff somehow!

_____________________

BTW

WTF is C3PO supposed to be USEFUL for anyway, besides whining? Stupid piece of scrap metal would be more useful recycled as a toaster. But even that would suck, because who would want to listen to a whining wussy toaster? Is he gold plated? If that's the case he should just be melted down into gold ingots. Help the economy some, and stop being so damn useless you stupid bucket of bolts! R2 is 1,000 times more useful than your tin man ass, and he's shaped like a salt and pepper shaker FFS!

Drathor Kothari

Elder Dragon

Join date: 14 Nov 2003

Posts: 84

01-26-2004 12:17

Totally offtopic, but I used to run an ISP back when IDS programs first made an appearance. Everyone used modems then, no such thing as DSL or cable.

What would happen is person X would dial up get assigned an IP address and start an FTP transfer or some such. They they would get disconnected for some reason, and a minute later person Y dialed up and got teh same Ip address, and the FTP server would still be sending ARE-YOU-THERE? packets at them.

Their IDS systems would start screaming about all these unwanted packets, and we got a phone call from a scared customer saying they were being attacked.

Or worse, someone on a different ISP would download from our server, get disconnected, and we would get threatining emails saying, "STOOOP HACKING MY MODEM YOU CREEP!" when the next person logged in with that IP.

Bah.

si Money

The nice demon.

Join date: 21 May 2003

Posts: 477

01-26-2004 12:33

From: someone

Originally posted by Drathor Kothari
Totally offtopic, but I used to run an ISP back when IDS programs first made an appearance. Everyone used modems then, no such thing as DSL or cable.

What would happen is person X would dial up get assigned an IP address and start an FTP transfer or some such. They they would get disconnected for some reason, and a minute later person Y dialed up and got teh same Ip address, and the FTP server would still be sending ARE-YOU-THERE? packets at them.

Their IDS systems would start screaming about all these unwanted packets, and we got a phone call from a scared customer saying they were being attacked.

Or worse, someone on a different ISP would download from our server, get disconnected, and we would get threatining emails saying, "STOOOP HACKING MY MODEM YOU CREEP!" when the next person logged in with that IP.

Bah.

My favorite were the people who insisted we were portscanning them from our nameservers on port 53.

It got so bad at one point we had to actually make a policy that we would not offer support to anyone who was running a personal network monitoring software (BlackIce, etc).

_____________________

Like a soul without a mind
In a body without a heart
I'm missing every part

-- Progress --
Catherine Omega: Yes, but lots of stuff isn't listed. "Making UI harder to use than ever" and "removing all the necessary status icons" things.... there's nothing like that in the release notes.

Darwin Appleby

I Was Beaten With Satan

Join date: 14 Mar 2003

Posts: 2,779

01-26-2004 13:35

LMAO!

_____________________

Touche.

Mark Linden

Funky Linden Monkey

Join date: 20 Nov 2002

Posts: 179

01-26-2004 14:39

Wes:

ICMP unreachable messages are deep dark parts of the Internet Protocol; they are non-harmful, and necessary. If you want to know what they are and what they are used for, I recommend Steven's TCP/IP, or reading some/all of the sources listed at (which has Steven's as the first reference, actually) http://www.faqs.org/faqs/internet/tcp-ip/resource-list/index.html

Although you didn't specify which files your IDS thinks are broken, I'd guess that the "extra bytes" are actually our installer. It works by putting a small stub EXE in front of the actually compressed installation data, just like a self-extracting zip file. This is also completely harmless, and I'm not sure why your IDS would complain about it.

Linden lab Netowrk intrusion?
Wes Chen Registered User Join date: 30 Dec 2003 Posts: 34	01-24-2004 16:45 there is about 3thousand lines of that within 30 seconds.. what's going on linden labs? and why do half of you files ends up being -> 11BACDCh extra bytes found, starting at offset 8E00h. That means that: The file contains 18590940 bytes of extra data. Stub size is approximately 35 KB. -> 1335BEh extra bytes found, starting at offset 12000h. That means that: The file contains 1258942 bytes of extra data. Stub size is approximately 72 KB. what's the need for extra bytes and stub linden corp?
Carnildo Greenacre Flight Engineer Join date: 15 Nov 2003 Posts: 1,044	01-24-2004 17:28 It means you've got an overly paranoid intrusion detector. _____________________ perl -le '$_ = 1; (1 x $_) !~ /^(11+)\1+$/ && print while $_++;'
si Money The nice demon. Join date: 21 May 2003 Posts: 477	01-24-2004 19:53 sighs Please don't run IDS monitors if you don't understand what they do. None of that is anything to worry about. _____________________ Like a soul without a mind In a body without a heart I'm missing every part -- Progress -- Catherine Omega: Yes, but lots of stuff isn't listed. "Making UI harder to use than ever" and "removing all the necessary status icons" things.... there's nothing like that in the release notes.
Garoad Kuroda Prophet of Muppetry Join date: 5 Sep 2003 Posts: 2,989	01-24-2004 20:49 From: someone Originally posted by si Money sighs Please don't run IDS monitors if you don't understand what they do. None of that is anything to worry about. Why shouldn't he? Gotta learn about the stuff somehow! _____________________ BTW WTF is C3PO supposed to be USEFUL for anyway, besides whining? Stupid piece of scrap metal would be more useful recycled as a toaster. But even that would suck, because who would want to listen to a whining wussy toaster? Is he gold plated? If that's the case he should just be melted down into gold ingots. Help the economy some, and stop being so damn useless you stupid bucket of bolts! R2 is 1,000 times more useful than your tin man ass, and he's shaped like a salt and pepper shaker FFS!
Drathor Kothari Elder Dragon Join date: 14 Nov 2003 Posts: 84	01-26-2004 12:17 Totally offtopic, but I used to run an ISP back when IDS programs first made an appearance. Everyone used modems then, no such thing as DSL or cable. What would happen is person X would dial up get assigned an IP address and start an FTP transfer or some such. They they would get disconnected for some reason, and a minute later person Y dialed up and got teh same Ip address, and the FTP server would still be sending ARE-YOU-THERE? packets at them. Their IDS systems would start screaming about all these unwanted packets, and we got a phone call from a scared customer saying they were being attacked. Or worse, someone on a different ISP would download from our server, get disconnected, and we would get threatining emails saying, "STOOOP HACKING MY MODEM YOU CREEP!" when the next person logged in with that IP. Bah.
si Money The nice demon. Join date: 21 May 2003 Posts: 477	01-26-2004 12:33 From: someone Originally posted by Drathor Kothari Totally offtopic, but I used to run an ISP back when IDS programs first made an appearance. Everyone used modems then, no such thing as DSL or cable. What would happen is person X would dial up get assigned an IP address and start an FTP transfer or some such. They they would get disconnected for some reason, and a minute later person Y dialed up and got teh same Ip address, and the FTP server would still be sending ARE-YOU-THERE? packets at them. Their IDS systems would start screaming about all these unwanted packets, and we got a phone call from a scared customer saying they were being attacked. Or worse, someone on a different ISP would download from our server, get disconnected, and we would get threatining emails saying, "STOOOP HACKING MY MODEM YOU CREEP!" when the next person logged in with that IP. Bah. My favorite were the people who insisted we were portscanning them from our nameservers on port 53. It got so bad at one point we had to actually make a policy that we would not offer support to anyone who was running a personal network monitoring software (BlackIce, etc). _____________________ Like a soul without a mind In a body without a heart I'm missing every part -- Progress -- Catherine Omega: Yes, but lots of stuff isn't listed. "Making UI harder to use than ever" and "removing all the necessary status icons" things.... there's nothing like that in the release notes.
Darwin Appleby I Was Beaten With Satan Join date: 14 Mar 2003 Posts: 2,779	01-26-2004 13:35 LMAO! _____________________ Touche.
Mark Linden Funky Linden Monkey Join date: 20 Nov 2002 Posts: 179	01-26-2004 14:39 Wes: ICMP unreachable messages are deep dark parts of the Internet Protocol; they are non-harmful, and necessary. If you want to know what they are and what they are used for, I recommend Steven's TCP/IP, or reading some/all of the sources listed at (which has Steven's as the first reference, actually) http://www.faqs.org/faqs/internet/tcp-ip/resource-list/index.html Although you didn't specify which files your IDS thinks are broken, I'd guess that the "extra bytes" are actually our installer. It works by putting a small stub EXE in front of the actually compressed installation data, just like a self-extracting zip file. This is also completely harmless, and I'm not sure why your IDS would complain about it.

Welcome to the Second Life Forums Archive

Linden lab Netowrk intrusion?