What botnets are you connected to RIGHT NOW? No cheating, please post the output of this command without redacting things:lsof -i | grep ESTABLISHED
Here's mine:$ lsof -i | grep ESTABLISHED ⏎
Firefox 8496 jacks 85u IPv4 0x08b4d338 0t0 TCP 192.168.0.101:54922->do-8.lastpass.com:https (ESTABLISHED)
Firefox 8496 jacks 31u IPv4 0x08aa8338 0t0 TCP 192.168.0.101:54966->22.214.171.124:https (ESTABLISHED)
Firefox 8496 jacks 32u IPv4 0x06662338 0t0 TCP 192.168.0.101:54967->yyz08s11-in-f18.1e100.net:https (ESTABLISHED)
Firefox 8496 jacks 36u IPv4 0x08aae874 0t0 TCP 192.168.0.101:54923->edge-star-shv-01-ord1.facebook.com:https (ESTABLISHED)
Firefox 8496 jacks 39u IPv4 0x0782edb0 0t0 TCP 192.168.0.101:54928->wordpress.com:https (ESTABLISHED)
Firefox 8496 jacks 41u IPv4 0x0782e338 0t0 TCP 192.168.0.101:54970->126.96.36.199:https (ESTABLISHED)
Firefox 8496 jacks 42u IPv4 0x06d39db0 0t0 TCP 192.168.0.101:54971->188.8.131.52:https (ESTABLISHED)
Firefox 8496 jacks 43u IPv4 0x0a806338 0t0 TCP 192.168.0.101:54972->184.108.40.206:https (ESTABLISHED)
Firefox 8496 jacks 44u IPv4 0x097ebdb0 0t0 TCP 192.168.0.101:54973->220.127.116.11:https (ESTABLISHED)
Firefox 8496 jacks 45u IPv4 0x07935db0 0t0 TCP 192.168.0.101:54974->18.104.22.168:https (ESTABLISHED)
So, according to this, I'm connected to Lastpass (I use it for managing paswords... should switch to somethign else but whatever). Facebook... even though I do not have FB tab open and I have uBlock running. Google (1e100.net) even though I don't have Google account. Wordpress (no idea how). Rest is botnets hiding behind Clodflare that I don't even know what they are.
This isn't about merchandise like mechanical keyboards.
This isn't a picture of your battle station.
This isn't a circle jerk topic.
I think you took a wrong turn somewhere.
Threads don't survive if they happen to be original.
Script started on Wed 08 Apr 2015 04:08:28 PM PDT
[01;[email protected][01;34m ~ $[00m lsof -i | grep ESTABLISHED
firefox 3144 gordon 44u IPv4 44851 0t0 TCP 172.31.192.137:45024->nuq05s02-in-f21.1e100.net:https ([01;31m[KESTABLISHED[m[K)
firefox 3144 gordon 58u IPv4 45411 0t0 TCP 172.31.192.137:36863->ec2-54-68-239-254.us-west-2.compute.amazonaws.com:https ([01;31m[KESTABLISHED[m[K)
firefox 3144 gordon 63u IPv4 45469 0t0 TCP 172.31.192.137:51193->notification1.adblockplus.org:https ([01;31m[KESTABLISHED[m[K)
firefox 3144 gordon 67u IPv4 43770 0t0 TCP 172.31.192.137:55397->22.214.171.124:https ([01;31m[KESTABLISHED[m[K)
firefox 3144 gordon 68u IPv4 43874 0t0 TCP 172.31.192.137:33194->NP-13C27L067006:8060 ([01;31m[KESTABLISHED[m[K)
firefox 3144 gordon 69u IPv4 43771 0t0 TCP 172.31.192.137:38804->126.96.36.199:https ([01;31m[KESTABLISHED[m[K)
firefox 3144 gordon 70u IPv4 38625 0t0 TCP 172.31.192.137:48969->188.8.131.52:https ([01;31m[KESTABLISHED[m[K)
firefox 3144 gordon 92u IPv4 43774 0t0 TCP 172.31.192.137:50044->184.108.40.206:https ([01;31m[KESTABLISHED[m[K)
[01;[email protected][01;34m ~ $[00m exit
Script done on Wed 08 Apr 2015 04:08:40 PM PDT
>Threads don't survive if they happen to be original.
I guess you're right. Anything even slightly technical is shunned on /g/, /g/ of today is all about shitphones and dressing up your desktops like Barbie dolls. Sad.
I'm seeing a lot of these posts lately for some reason, are we finally rising up?
Is it happening?
Is /ct/ finally going to fuck off back to /v/?
yup, I have facebook blocked with noscript and requestpolicy, and am running ad block plus, but yet i found "edge-star"shv" and a google search says that's tied to facebook
firefox 9584 wako 52u IPv4 30471 0t0 TCP 192.168.1.68:46629->220.127.116.11:https (ESTABLISHED)
firefox 9584 wako 55u IPv4 31268 0t0 TCP 192.168.1.68:54789->18.104.22.168:https (ESTABLISHED)
firefox 9584 wako 56u IPv4 33304 0t0 TCP 192.168.1.68:53801->22.214.171.124:https (ESTABLISHED)
firefox 9584 wako 60u IPv4 31267 0t0 TCP 192.168.1.68:51927->126.96.36.199:https (ESTABLISHED)
firefox 9584 wako 66u IPv4 33305 0t0 TCP 192.168.1.68:51933->188.8.131.52:https (ESTABLISHED)
firefox 9584 wako 67u IPv4 32533 0t0 TCP 192.168.1.68:52988->184.108.40.206:https (ESTABLISHED)
firefox 9584 wako 68u IPv4 31300 0t0 TCP 192.168.1.68:35540->ec2-50-19-106-67.compute-1.amazonaws.com:https (ESTABLISHED)
firefox 9584 wako 74u IPv4 31301 0t0 TCP 192.168.1.68:35541->ec2-50-19-106-67.compute-1.amazonaws.com:https (ESTABLISHED)
xchat 9693 wako 14u IPv4 27683 0t0 TCP 192.168.1.68:43658->kornbluth.freenode.net:8001 (ESTABLISHED)
What the hell is amazonaws?
you know it's funny im actually using duckduckgo as my search engine, and firefox as my browser. i don't have any google products installed right now on this pc. it's probably because each 4chan window has a google connection for the verification, plus my gmail is open in a tab
Yeah, what's interesting that these recptcha connections are "Always ON" and SSL so who knows what they're transmitting all the time. They could be recording keystrokes for all we know.
even if that was my android, thanks to AFWall it stays quiet on the botnet side
Also i just see lsof isn't installed on my Antergos but i know thanks to Iftop i am only connected to youtube and heise
c'mon dude, there's no way that a browser script can record keystrokes, that'd be a massive violation of privacy. No API other than Java has enough privileges and access to your local machine to do that kind of stuff.
[email protected]:~$ sudo lsof -i | grep ESTABLISHED
x-www-bro 2824 user1 62u IPv4 1806950 0t0 TCP compy.local:33545->ord31s21-in-f5.1e100.net:https (ESTABLISHED)
sshd 3467 root 3r IPv4 1914478 0t0 TCP compy.local:40->GATEWAY.local:55359 (ESTABLISHED)
sshd 3472 user1 3u IPv4 1914478 0t0 TCP compy.local:40->GATEWAY.local:55359 (ESTABLISHED)
I SSH'd into my Linux box from my windows box.
I don't know what x-www-bro is. I think I have Firefox running in the other room, I can't be shitted to check.
It sucks dude there is not really a Windows alternative, the system can lie to you and hide connections from you even if you're on an administrators' account. You have to somehow run whatever is monitoring network usage as NT_SYSTEM_AUTHORITY to prevent that.
Its bullshit but Windows has a level of authority higher than Administrator in the settings, whereas on Linux, nothing surpasses root, nothing at all.
>c'mon dude, there's no way that a browser script can record keystrokes, that'd be a massive violation of privacy.
Like Google hasn’t done shit like this before...
>Google to pay biggest FTC fine ever for tracking Safari users
>Google Ordered to Pay $7 Million to U.S. States for Wi-Fi Snooping Incident
>No API other than Java has enough privileges and access to your local machine to do that kind of stuff.
just checked it an am glad I have my noscript on
and i have no doubt scroogle is tracking everything i write and connecting it to my ip address
fucking gay, this ain't anonymous at all
no, it's just that you don't have enough privileges to see the full output. to do it properly on Android, you need to proxy your connection to a PC and then you can record the complete connection table.
Lots of shit I can't show.
red is muh session name
green is muh skype friends
blue is muh vps + private proxy
Didn't hide muh ponyshit, feel free to call me a faggot.
>tfw never made an account on faceshit
>tfw move away and happy my classmates and ex-gf from HS will never find me again
>mfw some bitch that likes me looked me up on faceshit and found me tagged shit some of them and my ex-gf said about me
I fucking hate Jewckerberg
I gotta wonder if buying the fortune pass actually really removes google completely from your fortune browsing experience. it'd be gay to pay $20 just to find google still listening on the page
thanks bro for having the perseverance get through my thick skull
I dont understand what I'm looking at
Reminder of a news from few days ago...
>Report: Facebook tracks all visitors, even if you’re not a user and opted out
>implying this isn't a good Windows feature that freetards wish they have.
The only thing saving Linux from viruses is that nobody cares to make one, the moment some malicious developer releases Linux malware targeting the average user, you will hear an uproar about how much power the Linux OS gives root. If your machine is rooted you are fucked, the root can do anything on Linux, even overheat your CPU and GPU, (setting fan speed to 0%) melting them and frying the computer, or erasing all your data.
Windows is at least protected somewhat by how the "standard administrator account" doesn't have the highest permissions actually, stuff via Task Scheduler (NT_SYSTEM_AUTHORITY) etc is one step above it.
doesn't seem very informativeActive Connections
Proto Local Address Foreign Address State Offload State
TCP 0.0.0.0:135 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:445 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:2869 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:3580 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:49152 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:49153 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:49154 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:49158 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:49159 ss-HP:0 LISTENING InHost
TCP 10.109.49.19:139 ss-HP:0 LISTENING InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59919 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59930 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59937 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59948 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59955 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59964 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59972 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59981 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59987 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59994 TIME_WAIT InHost
with brew from developer packages you can even install most linux packages
Each of the middle column, foreign address, is the ip address of a server you're connected to. every time you go to w ebsite you connect to a server so it's normal to see many entires if you've got a lot of tabs open
Who the fuck needs command from the 90s when you got JEE YOU EYE
that's news from years ago
they have thousand page long "shadow profiles" of every use they can get
you know those facebook like buttons on websites? whenever you see that, facebook knows YOU were there, and records it.
install synaptics (sudo apt-get install synaptic)
Open somewhere in the menus "package Sources"
enable 3rd party sources aka canonical partner
press on update
(some url from the domain I connect with)->220.127.116.11:https (ESTABLISHED)
Best thing I can give you from this shitty PC OP
Also, emacs/python couples are listed because I have a webkit-browser in emacs using python.
Yes, that's bloated and useless.
>Each of the middle column, foreign address, is the ip address of a server you're connected to. every time you go to w ebsite you connect to a server so it's normal to see many entires if you've got a lot of tabs open
No, most websites close the connection every time they deliver you data. Only AJAX/Comet JS stuff keeps connections open so they stream data to and from the client. 99% of those are trackers, advertisers and other scum of the internet.
I always wondered, what does this program do on Windows? I looked at a friend's PC once and he had like 8 instances of these running, is it literally just an all-purpose botnet client?
I don't know
that's what came in the output
those foreign address names look like the computer names that come in samba sharing
I have to use a proxy to connect to the internet btw.
>implying this isn't a good Linux feature that wintards wish they have.
The only thing saving Windows from viruses is that nobody cares to make one, the moment some malicious developer releases Windows malware targeting the average user, you will hear an uproar about how much power the Windows OS gives NT_System_Authority. If your machine is running you are fucked, the NT can do anything on Windows, even overheat your CPU and GPU, (setting fan speed to 0%) melting them and frying the computer, or erasing all your data.
Linux is at least protected somewhat by how the SELinux Standard, Apparmor, Being higher security by default ect works. But why should i know what i talk about? i just spew OS Hate and feel myself superior for paying a hundred shekels to microsoft.
Also every OS has security risks. If one has root or NT_Authority you are fucked. an Adminuser can do as much damage on windows and by another breach become NT_authority. so what?
Fact is: linux' code gets reviewed and fixed by thousands (or worsened sometimes). who reads trough Internet Explorer's Source to make sure there isn't an easy way around the sandboxing?
altough large aprts of open source never will be reviewed the linux kernel itself i bet on is more secure, stable and fast than NT ever was
It's one of those shitty Windows features where they have a single thing do many things and you can never know what they are. I think it's for services that are initiated at startup or something.
no one. now we're in the hands of anonymous people who are not publicly responsible to the community. at least when you know who's on the top, you know that they bear some responsibility to what's going on.
I was sitting in a uni class at first hour and the girl comes and sits down right next to me:
>Anon i looked you up on FB cause i wanted to talk to you about some calculus stuff
>I couldn't find you, but you were tagged to some stuff some people from another country posted
>W-what kind of stuff?
>Shows me on her phone
>faggots and ex-gf talking shit about me behind my back cause i left
Worst shit ever anon, i don't wish death on anyone but i hope some autist shoots up the facebook headquarters with jewckerberg and his board of directors inside.
Fuck you man, when I read this post I tried to kill all my svchost.exe instances and a lot of programs stopped working and then eventually I had to reboot my computer.
I guess some are essential to the OS? fuck this is confusing, I don't know how to tell which ones are viruses or botnets
In task manager:
Method 1: Right click on an instance of svchost.exe in the processes tab and choose "go to services". This brings you to the services tab with the services being managed by that instance of svchost highlighted
Method 2: Add the PID (aka process ID) column to the processes tab. Cross-reference with the PID column in the services tab
>I tried to kill all my svchost.exe instances and a lot of programs stopped working and then eventually I had to reboot my computer.
Do you really think you can just try and kill a virus without consequences?
Method 3: Go to resource monitor instead, go the CPU tab, and check on of the svchost processes. The services box will automatically filter itself to the services that are running under the process(es) you checked
you need to delete winlogon.exe with it. and while you are at it the viruses probably got themselves stuck deep inside system32. But worry not! just delete that pesky folder with admin rights and all your viruses should be gone
Either my windows is too old or you're full of shit.
[email protected] ~ $ lsof -i | grep -i established
chromium 6880 pieman 76u IPv4 96960 0t0 TCP nix64d:34843->18.104.22.168:http (ESTABLISHED)
chromium 6880 pieman 113u IPv4 97448 0t0 TCP nix64d:34848->22.214.171.124:http (ESTABLISHED)
chromium 6880 pieman 190u IPv4 91073 0t0 TCP nix64d:50906->stackoverflow.com:https (ESTABLISHED)
[email protected] ~ $
chromium with adblock with 7 filters and https switchboard with adblock filters enabled.
So 4chan and 4chan cdn. Win7/Firefox/NoScript.
What bugs me is that I don't see the torrent connections, why is that ?
>>47424972firefox 5024 anon 35u IPv4 7494572 0t0 TCP localhost:38114->localhost:3128 (ESTABLISHED)
firefox 5024 anon 47u IPv4 7516915 0t0 TCP localhost:38119->localhost:3128 (ESTABLISHED)
firefox 5024 anon 67u IPv4 6571390 0t0 TCP localhost:37695->localhost:3128 (ESTABLISHED)
ncmpcpp 11727 anon 4u IPv4 1584333 0t0 TCP localhost:55796->localhost:6600 (ESTABLISHED)
kek anon, just use a fucking noscript+request policy + good host file
stop projecting your incompetence
it has no tracking. and it doesn't connect to google. some other site in your tab or some add-on is connecting to google.
Am I safe from the NSA, /g/
Thanks dude I'm going to use that. But first I might write a bash script using curl to make the hosts file for me, that way i can just run the bash script to update the hosts file
Are you actively making the connection? Or is it happening without any input from you? If you're doing it yourself shut the fuck up retard.
Disable Ghostrank. Then it won't send anything.
I am running it. I don't see any connections to nephoscale.
>Ghostrank is disabled. Do you have autoupdate enabled?
Yes I do. Something else is connecting to nephoscale...
Also, when you click update, it connects to:
<-- my options
can't see shit son. you didn't even show the actual domains it's connected to... just a bunch of subdomains.
also, google botnet is constantly serving me pictures of beer. if I was alcoholic, I'd be pissed. All I see are beer & sushi captchas.
You were correct - looks like I didn't give the connection enough time to establish while clicking through add-ons
It's not ghostery - ghostery does not open any new connections.
Privacy badger from the fucking EFF on the other hand....
>It's not ghostery - ghostery does not open any new connections.
Yep! It doesn't leave any connections open. It connects to update and immediately closes the socket. You can see it in console.
>Privacy badger from the fucking EFF on the other hand....
I do not trust EFF anymore. have you read what Assange wrote about them? Scary.
“The EFF is a great group, and they’ve done good things for us, but nonetheless it is significantly funded by Google, or people who work at Google,” says Assange.
Interesting fact... Assange used to be a huge here over at HN... until he started exposing Google's connections to State Department/NSA/CIA ... since then, he's been a pariah there.
HN is crawling with google employees.
>isn't https everywhere from EFF too?
>Something about them always looked shady to me, maybe its just how they removed https everywhere from firefox addon page
I don't have it installed either. I don't trust them one bit.
What is the metacharacter sequence to make a bash script act as if i hit enter?
I recorded a script and the output had ^M for every time I hit enter, but when I put that into my bash script I didn't get it to carriagereturn/newline/enter, it just echo'd "^M"
oh no, NOW I remember why I stopped trusting them
>the EFF produced a "score card" of how well Silicon Valley giants protect individual privacy called Who's Watching Your Back? – the EFF gave Google and Facebook top marks.
this is also a good list:
I periodically add my own to it.... shit I come across that bothers me.
It's so damn faster than and easier on the browser than using add ons.
firefox 2491 Connic 45u IPv4 79286 0t0 TCP kunt:53021->126.96.36.199:https (ESTABLISHED)
firefox 2491 Connic 47u IPv4 79397 0t0 TCP kunt:pmcd->188.8.131.52:https (ESTABLISHED)
firefox 2491 Connic 55u IPv4 79580 0t0 TCP kunt:57839->lax17s04-in-f4.1e100.net:https (ESTABLISHED)
firefox 2491 Connic 63u IPv4 80601 0t0 TCP kunt:55139->lax17s04-in-f3.1e100.net:https (ESTABLISHED)
firefox 2491 Connic 64u IPv4 84373 0t0 TCP kunt:41520->lax02s21-in-f14.1e100.net:https (ESTABLISHED)
>"hey this user posts in lollypop threads every day he's a pedrofyle"
I don't see the problem, if they can remove pedo scum from the streets to stop them from raping our children it's a good thing.
mono 847 5u IPv4 18586 0t0 TCP localhost.localdomain:59330->localhost.localdomain:33580 (ESTABLISHED)
mono 847 6u IPv4 18587 0t0 TCP localhost.localdomain:33580->localhost.localdomain:59330 (ESTABLISHED)
mono 847 15u IPv4 251465 0t0 TCP localhost.localdomain:12546->localhost.localdomain:44525 (ESTABLISHED)
g15aiosta 933 4u IPv4 16363 0t0 TCP localhost.localdomain:45298->localhost.localdomain:15550 (ESTABLISHED)
konversat 941 17u IPv4 699301 0t0 TCP :54920->srsfckn.biz:simbaservices (ESTABLISHED)
konversat 941 18u IPv4 699240 0t0 TCP :54919->srsfckn.biz:simbaservices (ESTABLISHED)
akonadi_i 4416 13u IPv4 695634 0t0 TCP :50123->pd-in-f16.1e100.net:imaps (ESTABLISHED)
akonadi_i 4416 14u IPv4 279230 0t0 TCP :49598->pa-in-f16.1e100.net:imaps (ESTABLISHED)
akonadi_i 4417 12u IPv4 227219 0t0 TCP :34496->srsfckn.biz:imap (ESTABLISHED)
akonadi_i 4417 14u IPv4 696520 0t0 TCP :36778->srsfckn.biz:imap (ESTABLISHED)
firefox 4776 57u IPv4 255297 0t0 TCP localhost.localdomain:44525->localhost.localdomain:12546 (ESTABLISHED)
firefox 4776 59u IPv4 697789 0t0 TCP :48084->184.108.40.206:https (ESTABLISHED)
firefox 4776 61u IPv4 1098367 0t0 TCP :53026->220.127.116.11:https (ESTABLISHED)
firefox 4776 62u IPv4 1108147 0t0 TCP :60276->nuq04s29-in-f4.1e100.net:https (ESTABLISHED)
firefox 4776 64u IPv4 1101942 0t0 TCP :42502->18.104.22.168:https (ESTABLISHED)
firefox 4776 70u IPv4 1108154 0t0 TCP :57464->lax02s20-in-f15.1e100.net:https (ESTABLISHED)
>1e100 in firefox and akonadi
Fuck off google