EU Expert opinions on evidence provided regarding mets situation

User avatar
Dalton
Posts: 111
Joined: Wed Jan 21, 2015 4:38 pm
Battle.net Name: IBDerping
Battle.net Char Code: 2820
Battle.net Server: EU

EU Expert opinions on evidence provided regarding mets situation

Post by Dalton » Thu Mar 23, 2017 4:27 pm

Deleted
Last edited by Dalton on Tue Mar 28, 2017 2:51 am, edited 1 time in total.
carlito
Posts: 133
Joined: Tue Nov 04, 2014 6:58 pm
Battle.net Name: Carlito
Battle.net Char Code: 0
Battle.net Server: NA

Re: EU Expert opinions on evidence provided regarding mets situation

Post by carlito » Thu Mar 23, 2017 5:36 pm

Lmao typical eu troll, yo can we ban eu off Na forums? Yo actually go make ur own website eu scums
User avatar
Marker
Posts: 603
Joined: Mon Mar 09, 2015 1:05 am
Battle.net Name: Marker
Battle.net Char Code: 164
Battle.net Server: NA

Re: EU Expert opinions on evidence provided regarding mets situation

Post by Marker » Thu Mar 23, 2017 5:45 pm

Dalton wrote: One person immedietly made the connection between port 4444 and a possible attempts to infect you with a virus.
Some googling i did on this revealed there is indeed a history of malicous intent associated with connections on port 4444 injecting a virus of some sorts, however these lists of know vulnerabilities were all targetting very old operating systems while mets is running windows 10 and like mentioned in the topic the fact that nothing of it was found on Mets' computer make that a very unlikely scenario.
This is not remotely true.

There are a few publicly available exploits that allow you to gain shell access to windows 10. Ones such as the Multihandler Remote Execution Vulnerability (now deprecated due to a patch) could've given been used considering mets did not have windows update on automatic, and was using a cracked version. If the attack was only via shell there would be no trace of malware.
Image

PGP KEY

Code: Select all

https://drive.google.com/file/d/0B0BO0QBS9-l_SW03alNQMnF6Z0U/view?usp=sharing
mlgbx
Posts: 69
Joined: Mon Jul 06, 2015 5:46 am
Battle.net Name: ǷǷǷ
Battle.net Char Code: 1
Battle.net Server: NA

Re: EU Expert opinions on evidence provided regarding mets situation

Post by mlgbx » Thu Mar 23, 2017 5:49 pm

.
Last edited by mlgbx on Tue May 02, 2017 3:28 am, edited 1 time in total.
User avatar
Dalton
Posts: 111
Joined: Wed Jan 21, 2015 4:38 pm
Battle.net Name: IBDerping
Battle.net Char Code: 2820
Battle.net Server: EU

Re: EU Expert opinions on evidence provided regarding mets situation

Post by Dalton » Thu Mar 23, 2017 6:32 pm

Marker wrote: This is not remotely true.

There are a few publicly available exploits that allow you to gain shell access to windows 10. Ones such as the Multihandler Remote Execution Vulnerability (now deprecated due to a patch) could've given been used considering mets did not have windows update on automatic, and was using a cracked version. If the attack was only via shell there would be no trace of malware.
Sorry buddy, i think you misunderstood or i wrote it wrong. I'm not claiming it is impossible to hack a windows 10 machine (im fairly certain i didnt type that but who knows, its late) just that there is no evidence provided that suggests it and it's unlikely.

I also see no connection between that hack and port 4444, but like i said im no expert so i might be overlooking that. If you know more that would indicate it's likely Mets was a victim with that hack u mentioned that would be very helpful. if he was infact target of this attack at least we know the perp is not very creative because he chose to shut down mets net a few times while having full control of his pc.
User avatar
Marker
Posts: 603
Joined: Mon Mar 09, 2015 1:05 am
Battle.net Name: Marker
Battle.net Char Code: 164
Battle.net Server: NA

Re: EU Expert opinions on evidence provided regarding mets situation

Post by Marker » Thu Mar 23, 2017 6:42 pm

Dalton wrote:I also see no connection between that hack and port 4444, but like i said im no expert so i might be overlooking that. If you know more that would indicate it's likely Mets was a victim with that hack u mentioned that would be very helpful. if he was infact target of this attack at least we know the perp is not very creative because he chose to shut down mets net a few times while having full control of his pc.
The exploit, as with many, has a listener port that defaults to port 4444. Do I know specifically it was that exploit that was used on mets's machine at that time? No, that information is not knowable unless I had every single packet to and from mets's computer. Do I think that some exploit was sent (or tried to be sent) over port 4444? Considering nothing I personally know of and nothing that is a quick Google search away defaults to port 4444 other than exploits such as these, along with the source of the the attack, I stand by my claim that it was some sort of an attack (two of your experts came to the same conclusion).
Image

PGP KEY

Code: Select all

https://drive.google.com/file/d/0B0BO0QBS9-l_SW03alNQMnF6Z0U/view?usp=sharing
User avatar
krazymen
Posts: 1171
Joined: Wed Feb 26, 2014 6:10 pm
Battle.net Name: krazymen
Battle.net Char Code: 249
Battle.net Server: NA

Re: EU Expert opinions on evidence provided regarding mets situation

Post by krazymen » Thu Mar 23, 2017 8:19 pm

Dalton wrote:Hello NA Friends,

A few days ago me and some other people from the eu community were contacted by the NA zealot hockey player Maharashi in regards to the events that occured during the War Pigs vs Storms playoff semi-finals and the drama that ensued.
He was looking for people with expertise on the subject of networking that could provide an unbiased, expert opinion on the case made by the people assigned to investigate if mets was attacked in order to prevent him from playing said game http://www.zealothockey.net/forum/viewt ... =35&t=2403.

For reasons that i don't even really understand myself, i decided to invest a bunch of time in this and provide that to the best of my abilities.
Now obviously we were provided with very little data, and if other data is available that was not shared with me a lot of this may be irrelevant.

A few things i would like to mention before starting:
* This may be outdated, since i started on this a lot of talking has happened in the forums. I have read most of it but not all.
* I have made it clear from the very first time i became part of this thing that I am not an expert on the subject, Just someone with some affinity that has made an effort to provide an unbias point of view.
* I will not be providing any opinions in regards to the ruling, i will just speak to the claims that there is evidence provided showing there was an attack on mets that prevented him from playing the game.
* Nothing i did was handled in any kind of formal manner, It has just been me giving a brief explanation of what happened accompanied with the evidence provided and asking for their opinions.

To draw conclusions i have spoken to the following people, including why i believe they are qualified to inform us on the subject.

Anon: Eu zealot hockey player employed by a large european corporation that creates security applications and has a masters degree in computer science.
Coftea: Eu zealothockey player studying computer science.

I also contacted two of my friends that i have worked with while being employed as a programmer.

friend #1: Some really old degree in computer science, a buttload of experience as a programmer with a lot of time spent in the past in creating both virus and antivirus as well as being an 'ethical hacker'.
friend #2: Experienced programmer convicted as (a juvenile) accomplice to ddos attacks on huge companies amongst which a major ISP and news organization. Operated botnets in the past.

For obvious reasons i am not going to name these friends and/or get them involved any further in this so if any reader chooses they deem this information non credible that is fine and irrelevant to me.
Anyway here is the breakdown of the feedback i got:

The part where all above mentioned people agree on:
The evidence does not prove or show that it is very likely that Mets was targetted by a DoS attack.

A part of the people think the evidence provided indicates some kind of attack.

"the router detected some attacks. there is evidence that shows that his router has been attacked. But attacks like these are very normal and happen to every computer which is connected to the internet. There is old malware "flying" in the ether and port scans to find vulnarabilities are pretty normal"
"This happens constantly (shows list with a large number of connections over a period of last 10 minutes on one of his machines)" (translated)

Others mentioned that it could be some sort of attack but not necessarily and if it were it was unlikely a dos attack.

"This is nothing out of the ordinary" (translated)

One person immedietly made the connection between port 4444 and a possible attempts to infect you with a virus.
Some googling i did on this revealed there is indeed a history of malicous intent associated with connections on port 4444 injecting a virus of some sorts, however these lists of know vulnerabilities were all targetting very old operating systems while mets is running windows 10 and like mentioned in the topic the fact that nothing of it was found on Mets' computer make that a very unlikely scenario.

Besides the feedback i received from them some simple googling allows us too see endless topics of similair logs mentioning a wide array of possible reasons these events are being logged not related to being an attack with dos as a purpose or even being attacked at all.

Some q&a about all things that might be relevant to the ruling:
I didnt literally ask these questions like you would in an official interview but this is what it comes down to.

Does this image prove there was some sort of attack on Mets?

2 Yes, 2 No

I believe this discrepency is mostly due to the interpetation of the word 'attack', whereas one conisders some test for vulnerabilities on random ip addresses an attack and the other does not(that is my interpetation so take that with a grain of salt).

Can this image prove if there was a DoS attack on Mets?
4 No

Can this evidence tell us if mets was attacked to prevent him from playing vidyagames on the interwebs:
3 No
1 That is retarded

All in all i would conclude there is nothing provided that remotely proves mets was attacked with the purpose of keeping him out of the game, even though it is possibly true.

Cheers, Dalton
https://security.stackexchange.com/ques ... p-spoofing
https://www.iplocation.net/ip-spoofing
https://www.veracode.com/security/spoofing-attack
http://www.internetsociety.org/doc/addr ... p-spoofing

https://www.cert.org/historical/advisor ... 996-21.cfm?
https://security.radware.com/ddos-knowl ... ack-flood/
https://www.scmagazine.com/a-next-gener ... le/548769/
Bowling trophy (birthday trophy)
Achieved level 105 in starcraft 2
Undefeated in 5v5
self proclaimed director of ironic trophies
User avatar
Cubs
Posts: 688
Joined: Wed May 21, 2014 9:59 pm
Battle.net Name: Cubs
Battle.net Char Code: 781
Battle.net Server: NA
Location: Massachusetts
Contact:

Re: EU Expert opinions on evidence provided regarding mets situation

Post by Cubs » Thu Mar 23, 2017 9:02 pm

[3/21/2017 8:32:19 PM] Sean fuok: many experts
[3/21/2017 8:32:21 PM] Sean fuok: saying there is 0 evidence
[3/21/2017 8:34:00 PM] Sean fuok: the only “expert” who still claims it was an attack
[3/21/2017 8:34:02 PM] Sean fuok: is krazy
Dalton wrote:Does this image prove there was some sort of attack on Mets?
2 Yes, 2 No
[3/21/2017 8:32:11 PM] Sean fuok: marker already retracted
[3/21/2017 8:32:12 PM] Sean fuok: his claim
Marker wrote:Considering nothing I personally know of and nothing that is a quick Google search away defaults to port 4444 other than exploits such as these, along with the source of the the attack, I stand by my claim that it was some sort of an attack (two of your experts came to the same conclusion).
Image
Image

im the kid thatd jump a kid like you
User avatar
forumusername
Posts: 721
Joined: Tue Dec 09, 2014 9:40 am
Battle.net Name: kwakster
Battle.net Char Code: 0
Battle.net Server: NA

Re: EU Expert opinions on evidence provided regarding mets situation

Post by forumusername » Thu Mar 23, 2017 9:07 pm

cubs please stop degrading a masterpiece that sleek drew, thank you
Image
Image
[+] ruckLUL
Image

LF mediation
User avatar
maha
Posts: 431
Joined: Sun Jan 26, 2014 6:25 pm
Battle.net Name: maharishi
Battle.net Char Code: 576
Battle.net Server: NA

Re: EU Expert opinions on evidence provided regarding mets situation

Post by maha » Thu Mar 23, 2017 9:09 pm

Cubs wrote:[3/21/2017 8:32:19 PM] Sean fuok: many experts
[3/21/2017 8:32:21 PM] Sean fuok: saying there is 0 evidence
[3/21/2017 8:34:00 PM] Sean fuok: the only “expert” who still claims it was an attack
[3/21/2017 8:34:02 PM] Sean fuok: is krazy
Dalton wrote:Does this image prove there was some sort of attack on Mets?
2 Yes, 2 No
[3/21/2017 8:32:11 PM] Sean fuok: marker already retracted
[3/21/2017 8:32:12 PM] Sean fuok: his claim
Marker wrote:Considering nothing I personally know of and nothing that is a quick Google search away defaults to port 4444 other than exploits such as these, along with the source of the the attack, I stand by my claim that it was some sort of an attack (two of your experts came to the same conclusion).
there is insufficient evidence to 'prove' it was an attack. We've only proved that it "could have been" an attack, yet never followed up on the IPs. Blitz probably just telling you what to say at this point.
"This is the most absurd piece of garbage that can't even be applied to the actual league. Great job embarrassing yourselves."
Locked