Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Question About Destination DNS Column in ZA Log Viewer > Program

  • Please log in to reply




  • Member
  • PipPip
  • 93 posts

I use ZoneAlarm Free Version 7.0.302. I basically have ZA set to ask me for permission for everything except for Firefox, but I'm always getting these weird entries in the Log Viewer under ALERT TYPE - PROGRAM in the DESTINATION DNS column.

When Outlook Express (msimn.exe) asks for permission and I allow it, the DESTINATION IP column and the DESTINATION DNS column in the ZoneAlarm Program Log Viewer will show things like the following:

DESTINATION IP / DESTINATION DNS / ssl-google-analytics.google / sb.l / referencecollect.247realmedia / cdn.specificmail.com.c.footprint.net / thedigitalbits.com / pagead.l.google / a1521.x.akamai

And sometimes it says: (IP address here):53 / ns3.mindspring.com (and mindspring is my dial-up, which is Earthlink)

And when either I allow AVG Free (avginet.exe -- I guess that's when I check for updates to the a/v?) and I guess when AVG scans the incoming email (avgemc.exe) -- (Or could this be accessing without my knowledge?) -- I get things like the following in the DNS column:

DESTINATION IP / DESTINATION DNS / www.assoc-amazon.com / wa-in-f104.google.com / ssl-google-analytics.google

And sometimes it says, for example: (IP address here): (port# here - not 53) / pop.mindspring.com

The DIRECTION on all these listed is OUTGOING (CONNECT) and the ACTION TAKEN is listed as ALLOWED.

There is nothing listed in the SOURCE IP or SOURCE DNS columns for these entries.

Note: I am attaching a .jpg showing many of the ZA log entries in question. This is not a complete log, but edited to only show the stuff I'm talking about (and with a few things blacked out, just to be safe). Please take a look at it -- thanks!

What are those things that are listed?

Why are they listed like that in the DNS column? (Note that sometimes what's listed in the DNS column makes sense, like something for mindspring or Earthlink when OE is being allowed... but a lot of the times it's weird stuff...)

Does this imply I'm got something "bad" on my system or that something is wrong/screwy?

Please note: I am not having any issues with my laptop at all (that I know of).

Thanks very much, as always! Looking forward to hearing back! :whistling:

Attached Thumbnails

  • ZAPost.jpg

Edited by bloomcounty, 09 June 2007 - 08:22 AM.

  • 0




    New Member

  • Member
  • Pip
  • 1 posts

Did you ever get an answer to this - why all the weird DNS access attempts to places that are obviously not DNS servers? Because I have the same prob...and I REALLY have to get it solved. I work online in finance and can't take any chances! Please let me know if you found out anything about this, and where - I've seen several inquiries about it but no answers. I know this is an old thread but am hoping you see it.

Thanks :)
  • 0

Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Most anything that connects on port 53 is considered DNS traffic. DNS is short for Domain Name System, it allows people to remember phrases or names for websites instead of their IP address. Most of what's in the log posted is normal traffic. There are a few potentially questionable entries but it's mostly web traffic I believe. I would still do a spyware scan and maybe even have the guys in the malware forum look over a HJT log just to make sure.

Also, I should mention, that when you visit a website and that website has advertisements on it, they are typically housed somewhere other than the site that you are viewing and to get those ads to your web browser, they use DNS to serve those ads. In other words, when you visit website.com and they have an advertisement for Pepsi, that Pepsi advertisement may come from pepsi.com thus making your PC lookup the IP for Pepsi.com even though you never visited it.

Hope this helps.

Edited by Gravity Gripp, 14 January 2008 - 08:07 AM.

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Thanks for the post, Gravity Gripp!

Searcher54 -- Other than what Gravity said, I haven't really got a solid answer (I don't think -- it was awhile ago). Sorry!
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP