Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Where are programs connecting to?


  • Please log in to reply

#1
cleako

cleako

    Member

  • Member
  • PipPip
  • 19 posts
I use Norton Internet Security and I am trying to figure out where everything is connecting to. Occasionally programs will try to connect to an IP address through port 53 and I cannot seem to try to connect to it myself just to see what it is and Google-ing it returns nothing.

So what I would like to know is if this is an innocent connection or if I should block it everytime? Today it was Microsoft Printer Spooler Server and the other day it was one of the Generic Host Process or a svhost connection.

Thanks,
Cleako

Edited by cleako, 02 September 2005 - 01:34 PM.

  • 0

Advertisements


#2
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
  • 0

#3
cleako

cleako

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I actually had a clean bill on this thread - http://www.geekstogo..._up-t51439.html. I have Webroot Spysweeper installed and have run all of the various scanners. This is something that has always gone on and I usually just leave automatic control on in Internet Security. Well I decided to turn it off and it has some things connecting out that I dont understand the purpose of. I work in the IT industry so please feel free to lay it on me here.

Thanks,
Cleako
  • 0

#4
cleako

cleako

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Like I said, this is something that has been going on for quite a while - before and after the clean bill of health. It is random programs that I dont know what they are connecting to. If it is something benign then I will just let them connect - it might just be some kind of Microsoft call or something. Just let me know if you have any idea.

Cleako
  • 0

#5
cleako

cleako

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I still havent heard anything. Do I need to just allow these connections?

Cleako :tazz:
  • 0

#6
Tyger

Tyger

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,896 posts
Look at the Norton logs and your event logs too. You may need to enable more logging, I beleive you can enable looging for your network adapter also. When you find an IP don't forget to put the http:// in front when you try to access it.
  • 0

#7
Baggyboy

Baggyboy

    Member

  • Member
  • PipPipPip
  • 106 posts
Have you tried to lookup the IP numbers with a WHOIS request? http://www.samspade.org/ is a great resource for researching this type of thing and may give you some indication as to the legitimacy of those connections.

Also lookup those port numbers here for some idea as to the services running on them. Port 53, as per your example, is related to DNS tasks and therefore the IP numbers concerned are probably requests for DNS resolution. Usually nothing to worry about. As you have reported a clean bill of health elsewhere then you can rest easy!
  • 0

#8
cleako

cleako

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Wow that is exactly what I needed to know. It turns out it is just connecting out to the ISP so DNS resolution is probably what is going on.

Thanks!
Cleako :tazz:
  • 0

#9
Baggyboy

Baggyboy

    Member

  • Member
  • PipPipPip
  • 106 posts
Hey, glad to be of service!

One point though. You mentioned that it's just connecting to your ISP. When you look up the domain name on sam spade, does it resolve to a userID address type of thing or to a proper DNS server. ie. ns1-edi.blueyonder.net is my DNS server and xxx-xxx-xxx-xxx.cable.ubr02.xxxx.blueyonder.co.uk is my own ip address resolved (with sensitive details replaced with trusty x's!). Hopefully you will see what i'm trying to get at here.

If it is indeed a DNS server that is recieving the connection then you should be able to tell (simple address, which maybe even have a description if you dig deep). If it is not then it may be a sign of something more untoward, like DNS poisoning for example. Highly doubtful though, just an outside chance. Easily checked so I thought I would throw it in for the sake of completeness.

Edited by Baggyboy, 03 September 2005 - 01:29 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP