Sidney Dionysus Posted January 26, 2012 Share Posted January 26, 2012 Ok. I've been trying to determin why I"m making a mistake here, but I don't think I am. My comptuer is being port scanned by Linden labs. Why is this happening? It only happens while I'm on line with my toon, never any other time. I'm 90% this is not melicious, but... I can't think of any GOOD reason to for anyone to be poking at my firewall. Can anyone tell me why this might be happening? It's annoying and concerning. Link to comment Share on other sites More sharing options...
Innula Zenovka Posted January 26, 2012 Share Posted January 26, 2012 This, from the LL Privacy Policy, might explain it: If you install or use Second Life software, we collect and aggregate a variety of data to monitor system and simulation performance, and to verify your unique identity. This includes specific and general information about your computer hardware and Internet connection, which are stored together but are not personally identifiable. Link to comment Share on other sites More sharing options...
Sidney Dionysus Posted January 26, 2012 Author Share Posted January 26, 2012 Yes, but... Port scanning? I'm no expert, but the function of a post scan is to see if there are any openings to your system though which once computer have access to another computer without the owner of the 'victim' computer nessessarily even knowing it. Most people I know of consider port scanning an attack -- includeing me. Their software is free to LIMITED data, but I did NOT grant LL free and easy acess to my tax records and Quicken data! They need to stay off my computer. I suppose it could be argued that they are looking for weaknesses in my firewall so that can read my files and learn about my video cards, etc -- but just ask!!! I'm happy to provide any of that stuff. But don't try to trapse around my system uninvited and look for any damn thing you want. Not even remotely cool. Link to comment Share on other sites More sharing options...
Innula Zenovka Posted January 26, 2012 Share Posted January 26, 2012 As Wikipedia puts it, The information gathered by a port scan has many legitimate uses including network inventory and the verification of the security of a network. Port scanning can, however, also be used to compromise security. So I guess it depends on what you think LL are looking for and what they're doing with the information. Link to comment Share on other sites More sharing options...
Kristin Burner Posted January 27, 2012 Share Posted January 27, 2012 mew If you think they are committing an illegal act to compromise your systems security and steal sensitive information, you should contact the right law agency and have charges brought up against them then. Good luck with that I would suggest you cancel all your accounts to Link to comment Share on other sites More sharing options...
Sidney Dionysus Posted January 27, 2012 Author Share Posted January 27, 2012 Why am I getting attitude? Should I not be concnerned when my LEGEITMATE comercial firewall recommends I premantly ban that server? When emerald was doing funny stuff I dropped them like a hot potato. I don't know if that 'cancel all accounts' was supposed to be a threat, but it's a funny one because that is EXACTLY what I'll do if I don't hear a damn good reason to be attacked like this! Now somebody get serious and tell me what they hell they want to know so I can either provide it for them or pull the hell out of sl. Link to comment Share on other sites More sharing options...
Sidney Dionysus Posted January 27, 2012 Author Share Posted January 27, 2012 I'm sorry if I read those responses wrong. But I'm serious about this. I am DONE with sl if this keeps happening. A simple explanation may be enough to convince me it's ok, but right now i'm feeling violated and vulnerable. They in no way warned me this kind of thing might happen. Even terms of service made me feel they were protecting me. I'm not being unreasonable. I feel entitled to an explanation. Link to comment Share on other sites More sharing options...
leliel Mirihi Posted January 27, 2012 Share Posted January 27, 2012 Sidney Dionysus wrote: Yes, but... Port scanning? I'm no expert, but the function of a post scan is to see if there are any openings to your system though which once computer have access to another computer without the owner of the 'victim' computer nessessarily even knowing it. Most people I know of consider port scanning an attack -- includeing me. Their software is free to LIMITED data, but I did NOT grant LL free and easy acess to my tax records and Quicken data! They need to stay off my computer. I suppose it could be argued that they are looking for weaknesses in my firewall so that can read my files and learn about my video cards, etc -- but just ask!!! I'm happy to provide any of that stuff. But don't try to trapse around my system uninvited and look for any damn thing you want. Not even remotely cool. Talk about jumping to conclusions. Port scanning is the equivalent of standing on the sidewalk and taking note of where the doors and windows are on a house. Nobody said anything about LL trying to break into your computer and steal your tax records. What makes you so shure it even is a port scan? Last I checked the viewer and the grid had some pretty legitimate reasons to talk to each other and as you said yourself this only happens when you're logged in. There's no rule that says the viewer that has to initiate all communications. Link to comment Share on other sites More sharing options...
Sidney Dionysus Posted January 27, 2012 Author Share Posted January 27, 2012 I don't believe this! If it get port scanned from a server in Russia, everybody is scrambling to lock them out. But if it's in tennessee (where this server is located, I googled it) no harm no fowl. We all love second life, I'm not bad mouthing them. But if they are going to be doing this, they need to explain themselves! It may be nothing, or it may be a rogue employee that THEY would like to know about! Am I jumping to conclusion? Yes! Havn't been offered enough data to jump to anything else! Somebody set up a bunch of cameras on my doors and windows, offered no explantionan whatsoever, and when I ask what they are doing... I'm the unreasonable one? Really? Let me put it in perspective for you. If they are port scanning me, they are probably port scanning YOU. You might not have even known. Are you ok with that? Don't worry, they are going though your pockets and checking all your doors and windows to see if they are unlocked, but it's LL. So don't worry about it. It's just a huge organization of people who you don't know, hiring strangers THEY don't know, and giving them the keys to YOUR house. If that doesn't concern you, it certainly should! And I know they are doing it because Intego VirusBarrier X6 keeps catching them at it. Not once, but four times so far. A commercial product who recomends 'permanatly blocking' all traffic from that address. All I want is an expalnation. Maybe I should open a ticket, but I thought others might want look into this as well. Link to comment Share on other sites More sharing options...
Nalates Urriah Posted January 27, 2012 Share Posted January 27, 2012 What are you using to detect the port scan? The SL Viewer and servers use a number of ports. Port Protocol Used For 53 UDP and TCP DNS lookup 80 TCP Second Life web resources 443 TCP Second Life web resources/client authentication 3478 UDP Voice/STUN traffic 3479 UDP Voice/STUN traffic 5060 UDP Voice/SIP traffic 5062 UDP Voice/SIP traffic 12000-29999 UDP Voice/RTP traffic/Core protocol communication ** (see note below) 12043 UDP and TCP Capabilities/map services/simulator communication 12046 TCP Texture downloading 21002 TCP Voice signaling What checks have you made to assure someone is not spoofing you as LL? Microsoft on port scan detection - Telling the difference between malicious and normal port scans is not a simple thing. We also have had a bug increasing network trafic from servers. That has been corrected but I don't remember if it has made it to the grid. It make take another week or two. Whether that is what you are seeing or not I have no clue. The Lindens did not asy what the additional traffic consisted of... Also this is the forum where mostly SL users are going to respond to you. If you think something is really going on, call support. Link to comment Share on other sites More sharing options...
leliel Mirihi Posted January 27, 2012 Share Posted January 27, 2012 Sidney Dionysus wrote: Let me put it in perspective for you. If they are port scanning me, they are probably port scanning YOU. You might not have even known. Are you ok with that? As some one that knows how TCP/IP works and has done a few port scans themselves all I can say is so what? Port scans can be used for more than stealing your tax records. Read up on what nmap can do. Don't worry, they are going though your pockets and checking all your doors and windows to see if they are unlocked, but it's LL. So don't worry about it. It's just a huge organization of people who you don't know, hiring strangers THEY don't know, and giving them the keys to YOUR house. If that doesn't concern you, it certainly should! And I know they are doing it because Intego VirusBarrier X6 keeps catching them at it. Not once, but four times so far. A commercial product who recomends 'permanatly blocking' all traffic from that address. All I want is an expalnation. Maybe I should open a ticket, but I thought others might want look into this as well. How do you know that LL is trying to steal your tax records? How do you know they're trying to steal anything? So far all you know is that machines owned by LL are attempting to connect to your machine, nothing else. Have you used a packet sniffer to see what LL is sending? Or are you just jumping to conclusions and making up alarmist hyperbole? Link to comment Share on other sites More sharing options...
Sidney Dionysus Posted January 27, 2012 Author Share Posted January 27, 2012 THANK you. I only want to know what is going on. I'm really not on a 'crusade.' I love SL and don't want to leave, but this is new and scary. I've done little, letting my software do it. I'm really not sure its even coming from sl, but it does catch an IP address that when popped into google comes up as a Linden Labs server in Tennasee. I'm no expert, could someone be using that as a proxy or something? Also, it only seems to happen when my browswer is open and I think (I'm not 100% on this) but after I do a purchase on the web site then recieving it in sl. For all I know it's a perfectly normal function. But I don't know, so I asked. I'm using firestorm, because I have a MacBook Pro and that was the only browser that worked on this computer (I can give a more detail on that if you think it's relevant). Maybe LL is sensing something funky about the software. I was one of the ones who went though the 'Emerald' experience. (I hope that is not the case, the default browsers don't work with my graphic card.) Do you have any advice on how I might detect spoofing? (On a Mac.) Link to comment Share on other sites More sharing options...
Sidney Dionysus Posted January 27, 2012 Author Share Posted January 27, 2012 Leliel I don't think they are after my records. I don't know what they are after. That is kind of the point. I don't know, and when I asked, people got crappy with me. YOU got crappy with me. I don't really know why. Link to comment Share on other sites More sharing options...
leliel Mirihi Posted January 27, 2012 Share Posted January 27, 2012 Sorry but you kind of sounded like a little old lady calling the cops on some teenagers that were walking down the street just because they were dressed funny. Your first assumption probably shouldn't have been that LL was trying to hack your computer and steal all your info. Link to comment Share on other sites More sharing options...
Sidney Dionysus Posted January 27, 2012 Author Share Posted January 27, 2012 Well, I apologise for that. That was not my intent. It just once and I blew it off. The two more times in quick succession. While I was typing that message it happened a forth time. I didn't think I went off half cocked, there was a serious pattern by the time I posted. Link to comment Share on other sites More sharing options...
Triple Peccable Posted January 27, 2012 Share Posted January 27, 2012 I saw some really crazy stuff earlier this week becuase of the bug Natales mentioned. There was so much extra traffic being created by LL's servers that I had to clear my internet traffic log because of the HUGE increase in size. In fact, it was so bad that it would not surprise me if some equipment on LL's end thought there might have been some sort of attack going on. That, in turn, might have triggered something on their end that resulted in port scans, it is tough to say. The moral of this story is I would wait before I did anything if I were you. The bug has been fixed and rolled out, so it is quite possible the port scans will not reoccur. Don't make any decisions based on anything the grid did last week. Link to comment Share on other sites More sharing options...
CherryPie69 Juneberry Posted January 27, 2012 Share Posted January 27, 2012 Linden Lab can scan my ports anytime! (had to say it) :matte-motes-kiss: Link to comment Share on other sites More sharing options...
Sidney Dionysus Posted January 27, 2012 Author Share Posted January 27, 2012 That's what I'll do. It hasn't happened in over a day now. Must have been a one time thing. Link to comment Share on other sites More sharing options...
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now