Skip navigation

Clan War 5/29 8 East/5 Pacific/12 GMT

Forum NavigationHome > Forum Index > Tread Marks > Clan War 5/29 8 East/5 Pacific/12 GMT
Level 13 Human gamer
Alignment: Chaotic
Posted on May 25, 2011 at 6:38 am

Sunday the 29th, 8pm East, 5pm Pacific, 12am GMT

Team Colors:
Black = BWL (Black Widow Lance)
Blue = DNX (Dianetix Dominion)
Gold = DOG (Death or Glory Boys)
Green = LWA (Lonewolf Alliance)
Red = ZE / TC (Ze and Temporal Chaos)
White = GA (Gold Ants)
Orange = CAT (Cat Clan)
Silver = MOD (Team Modulus)

File you need: http://www.hallsted.org/org-downloads/Tm-20-teams-pack.zip

File you probably want:
http://www.hallsted.org/org-downloads/clan_team_flags.zip

Level 13 Human bookkeeper
Alignment: True neutral
Location: Sacramento, CA, USA
Posted on May 28, 2011 at 4:31 am

back to the top with this one :)

toodles,
harmless

Level 13 Human gamer
Alignment: Lawful evil
Location: Edinburgh, Schotland!
Posted on May 28, 2011 at 4:39 am

Got to be in it to... kick some Catbutt!!

Level 13 Human gamer
Alignment: Lawful evil
Location: Edinburgh, Schotland!
Posted on May 29, 2011 at 5:21 pm

Ok I tried connecting to the server to test and I was getting a very very slow connection and is taking minutes to sync up at the start. I had this problem the last time yet I could connect to th eDDM server ok. Any ideas as to why I can't connect? If not then I'll be out of this Clan DDM and any foreseeable ones in the future which sucks.

Level 13 Human Shadow
Alignment: Chaotic good
Location: Earth Orbit, Preparing to Attack
Posted on May 29, 2011 at 7:19 pm

Can;t make it tonight :( - doing stuff with family.


Ni:
Well, they are on the same physical machine. Most likely some sort of traffic shaping done by your ISP giving you low bandwidth on that port.

KV:
Looking at the port number for the clan DDMs, it is a port heavily used by malware and trojans, almost exclusively. Maybe we should try changing ports for Ni next time in case his ISP is saying "malicious port" and giving low transmission on it?

Level 13 Human bookkeeper
Alignment: True neutral
Location: Sacramento, CA, USA
Posted on May 30, 2011 at 12:52 am

pics are in
clan war may 29th 2011

toodles,
harmless
:)

Level 13 Human gamer
Alignment: Lawful evil
Location: Edinburgh, Schotland!
Posted on May 30, 2011 at 3:40 pm

RC that sounds plausible and if KV wants to test that with me and other people before the next clan DDM, I'm willing and able.

Level 13 Human gamer
Alignment: Lawful evil
Location: Edinburgh, Schotland!
Posted on May 30, 2011 at 4:22 pm

Also RC, is it worth me running a couple of deep malware scans in case it's that? If you say that's a port used by malware and trojans, it might be affecting me particularly. I've been a bit lazy of late and not run some security scans other than McAfee for a while though I'd rather try that than KV have to make any changes needlessly.

Level 13 Human Shadow
Alignment: Chaotic good
Location: Earth Orbit, Preparing to Attack
Posted on May 30, 2011 at 10:05 pm

Ni, doubt it would be your computer, more likely general network bandwidth shaping due to the high presence of malware on that port. I'll email you a link to a list of the malware on that port.

Level 9 Human gamer
Alignment: Lawful
Location: Berkeley, CA
Posted on May 31, 2011 at 12:35 am

Yeah, my bro, harmless, just helped me out with some spyware that took over my computer. Harmless is good with that if you need to ask him.

Level 13 Human gamer
Alignment: Lawful evil
Location: Edinburgh, Schotland!
Posted on May 31, 2011 at 4:46 pm

Well I've been suspicious of something on my comp for a few days as something unidentified had been maxing out my upload bandwidth every so often. Not experienced it since I ran the scans though my suspicions were piqued when my firewall recognised something called 'Spigot' was trying to gain access and after doing a bit of research, it turned out to be an undesirable program. I've still to run a deep scan with a-squared and if I get the bandwidth maxing again, I'll be running ComboFix as a last resort.

Anyhoo, I digress, RC if you think it's not mein comp, I hope changing the port works.

Level 13 Human Shadow
Alignment: Chaotic good
Location: Earth Orbit, Preparing to Attack
Posted on May 31, 2011 at 9:47 pm

Well I've been suspicious of something on my comp for a few days as something unidentified had been maxing out my upload bandwidth every so often. Not experienced it since I ran the scans though my suspicions were piqued when my firewall recognised something called 'Spigot' was trying to gain access and after doing a bit of research, it turned out to be an undesirable program. I've still to run a deep scan with a-squared and if I get the bandwidth maxing again, I'll be running ComboFix as a last resort.

Ni:

Go to http://technet.microsoft.com/en-us/sysinternals/bb545021 and download and run ProcessExplorer or ProcessMonitor (depending on which OS you have). Look for any suspicious programs. Google the name of the exec if you don't know it. Right click for properties on anything unknown to get the actual executable name.

Then download (same site) and run RootKitRevealer. There ARE rootkits that Microsoft needs there, so don't just delete things arbitrarily when found. Instead Google the item to find out if it is malware.

On a 2nd system, download NMAP - http://nmap.org/

Run "nmap -sS -p 1-1000 [your_computer's_ip]". Repeat with 1001-2000, all the way up to 65535. Might actually want to start with port 12345 and see if anything is already on it. Don't do them all at once as it takes for ever and you don't get feedback along the way beyond statistics. Look at the ports and see if any look odd. Google the port http://isc.sans.org/port.html

I'll post more in a bit.

Level 13 Human Shadow
Alignment: Chaotic good
Location: Earth Orbit, Preparing to Attack
Posted on May 31, 2011 at 11:07 pm

For NMAP, you want your local IP, not the one the ISP provides you (it will be 192.168.xxx.xxx or 10.xxx.xxx.xxx). The idea of nmap is to see what ports are open on your computer. You will have some ports open - for instance my Windows VM has port 80 (HTTP), port 139 (Microsoft's Netbios), and port 445 (Microsoft DS). You may have more or less depending on what you have turned on and what apps you have installed.

If -sS won't let you do it, do -sT which is the "connect and drop" method, which isn't as good but doesn't require root on Linux.

Finally, the last thing you should do to be 100% sure is run, on your windows box via command line: "netstat -a -b -n"

This will show you all opening listening ports on your computer, and what application is connected to them. I recommend a fresh reboot before doing that command as it can give you tons and tons of garbage for various internet connections opened by apps you run. Look for anything unusual in terms of app names. Note that a malicious app may be in the Windows DIR, so Google any app you don't know what it is to find out functionality (ie, is it part of the system and normally has network ports open?).

This is the "complete check" that you don't have any hidden malware.

Level 12 Human Cyb0rg tank pil0t:|@- ҉҈҉҈҉-§¹Ç--҉҈҉-
Alignment: Chaotic good
Location: Standby In Winters's North
Posted on June 1, 2011 at 4:39 pm

sorry i missed it

but if nobody here knows, my birthday was may 25th, and i had the party last weekend, to busy with my friends and family to attend


lol see you at the next one :)

Level 13 Human bookkeeper
Alignment: True neutral
Location: Sacramento, CA, USA
Posted on June 2, 2011 at 12:57 am

hey RC, is there a windows equivalent to the mac program "little snitch" ?
if there is, that might help Ni figure out what is going on.

and Ni, if you want a 3rd opinion about what might be lurking on your computer,
the program malwarebytes is a good bet.
there's a free version which you can leave installed on your computer
since any scan it does has to be done manually. the paid version allows
scheduling and realtime scanning, otherwise the free and paid versions are the same.
malwarebytes is good stuff!

good luck with it.
harmless

Level 13 Human gamer
Alignment: Lawful evil
Location: Edinburgh, Schotland!
Posted on June 3, 2011 at 12:54 pm

RC I tried the NMAP and came up with '12345/tcp closed netbus'. I tried the firs step but there were literally hundres if not thousands of lines to look through. I squickly scrolled down and couldn't find anything unusual. All in all, it's a bit technical for me and tried running that command line too but couldn't find anything listening to 12345.

Harmless, I'll try that too, thanks!

Level 13 Human Shadow
Alignment: Chaotic good
Location: Earth Orbit, Preparing to Attack
Posted on June 4, 2011 at 12:23 am

Harmless: Don't know. I mostly work on Macs and Linux. My Windows knowledge is a few years old at this point.

Ni: Sounds good! You probably don't have anything, but it's always hard to be sure.