Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: anyone encounter this before?

  1. #1
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    17

    Question anyone encounter this before?

    http://i34.tinypic.com/axbk9i.gif

    While playing around with ettercap, my connection was interrupted and my browser was redirected to this page. My ISP seemed to be able to detect the activity.

    I have tried spoofing mac address, changing my host, clearing cookies, using lynx browser, etc. No matter what, I still get redirected to this page. I am able to remain connected and ping, but browser traffic is blocked and redirected.

    any ideas on how I could get around this besides calling AT&T?

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by bionnaki View Post
    http://i34.tinypic.com/axbk9i.gif

    While playing around with ettercap, my connection was interrupted and my browser was redirected to this page. My ISP seemed to be able to detect the activity.

    I have tried spoofing mac address, changing my host, clearing cookies, using lynx browser, etc. No matter what, I still get redirected to this page. I am able to remain connected and ping, but browser traffic is blocked and redirected.

    any ideas on how I could get around this besides calling AT&T?
    Aside from getting a different ISP, no, you're going to have to call AT&T. AT&T's IDS has picked up that traffic originating from your bridge is doing something nasty, and you have been flagged as violating the TOS. Therefore, your web traffic has been isolated.

    This is an example of exactly why people new to pen testing are warned:
    You should NEVER try to break things outside of your own LAN, or preferably, a lab environment.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by bionnaki View Post
    http://i34.tinypic.com/axbk9i.gif

    While playing around with ettercap, my connection was interrupted and my browser was redirected to this page. My ISP seemed to be able to detect the activity.

    I have tried spoofing mac address, changing my host, clearing cookies, using lynx browser, etc. No matter what, I still get redirected to this page. I am able to remain connected and ping, but browser traffic is blocked and redirected.

    any ideas on how I could get around this besides calling AT&T?
    ROLF!

    When are you people going to learn that playing around with these things on someone else's network is going to lead to trouble?

    Good luck calling AT&T, I hope they drop your account.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    I suggest you go read up on the Terms of Service you agreed to when subscribing so that you can be ready for them to tell you that your service has been discontinued.

    http://worldnet.att.net/general-info...-dsl-data.html
    http://my.att.net/csbellsouth/s/s.dl...tt.htm&leg=tos
    http://www.att.net/csbellsouth/s/s.d...tt.htm&leg=aup

    Personally I find 11b of the Ts & Cs interesting:
    b. AT&T Cancellation for Violation of the Agreement. We may immediately suspend, restrict, or cancel the Services and this Agreement, should you violate any of the terms of this Agreement. If the Services are suspended, restricted, or cancelled under this Section (11.b.), any fees and charges will accrue through the date that AT&T fully processes the suspension, restriction, or cancellation.
    So they can suspend your account and force you to pay until some future date when they decide to cancel your account. SLAM!

    I didn't have a detailed look at all the docs but you totally violated this part of the AUP:
    Prohibited Actions

    AT&T respects freedom of expression and believes it is a foundation of our free society to express differing points of view. AT&T will not terminate, disconnect or suspend service because of the views you or we express on public policy matters, political issues or political campaigns. AT&T is committed at all times, however, to complying with the laws and regulations governing use of the Internet and e-mail transmissions and to preserving for all of its Customers the ability to use AT&T's network and the Internet without interference or harassment from other users. AT&T prohibits use of its IP Services in any way that is unlawful, interferes with use of AT&T's network or the Internet, interferes in any way with the usage or enjoyment of services received by others, infringes intellectual property rights, results in the publication of threatening or offensive material, constitutes Spam/E-mail/Usenet abuse, or presents security or privacy risks. Customer will not resell or provide Service(s) to unauthorized third parties, whether as part of a commercial enterprise or otherwise.

    Customer is prohibited from engaging in any other activity, whether legal or not, that AT&T determines in its sole discretion, to be harmful to its subscribers, operations, network(s).
    Which leads to:
    AUP Enforcement and Notice

    Customer's failure to observe the guidelines set forth in this AUP may result in AT&T taking actions anywhere from a warning to a suspension of privileges or termination of your Service(s). AT&T reserves the right, but does not assume the obligation, to strictly enforce the AUP. When feasible, AT&T may provide Customer with notice of an AUP violation via e-mail or otherwise and demand that such violation is immediately corrected.

    However, AT&T reserves the right to act immediately and without notice to suspend or terminate IP Service(s) in response to a court order or other legal requirement that certain conduct should be stopped or when AT&T determines, in its sole discretion, that the conduct may: (1) expose AT&T to sanctions, prosecution, civil action or any other liability, (2) cause harm to or interfere with the integrity or normal operations of AT&T's network(s) or facilities, (3) interfere with another person's use of AT&T's IP Service(s) or the Internet, or (4) otherwise present a risk of harm to AT&T or AT&T Customers or other parties AT&T interconnects with.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    ROTFL!!!! I hope all the little wanna be hax0rs are reading this and now realize that large ISP's are not joking when it comes to un-authorized activity.

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    One has to wonder who's internet connection he was using to post this thread.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #7
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    That being said, how do you obtain rights to do penetration testing across the WAN? Is it as simple as calling your ISP and paying a seperate fee or purchasing a special service? Or, Do you just have to read all the TOS on all available ISP's in your area to find one that doesn't restrict such testing?

  8. #8
    Member
    Join Date
    Feb 2010
    Location
    Root
    Posts
    121

    Default

    At home, I have Hughes Net, a sat "high speed" internet provider. I was downloading SP3 one evening when I first had the service, then in the morning, I decided to check email, I got a web page, telling me my service was suspended. I wasn't doing anything illegal. So I called, turns out I violated the TOS by trying to download a larger file than 200MB

  9. #9
    Member
    Join Date
    Feb 2010
    Location
    Root
    Posts
    121

    Default

    Quote Originally Posted by hhmatt81 View Post
    That being said, how do you obtain rights to do penetration testing across the WAN? Is it as simple as calling your ISP and paying a seperate fee or purchasing a special service? Or, Do you just have to read all the TOS on all available ISP's in your area to find one that doesn't restrict such testing?
    The company I work for, pays for a special service to do it across WAN

  10. #10
    Junior Member johnnyca's Avatar
    Join Date
    Sep 2008
    Posts
    34

    Default

    I can't say that I'm not part of the "you reap what you sew" crowd, but since I run my private network on AT&T's services I'm curious about what actually triggered the lockdown. How can the IDS pick up on passive packet sniffing? You must have been doing something a bit more aggressive, no?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •