DNS issue or not? - dslreports.com

Author	All Replies
norwegian Premium join:2005-02-15 Outback ·WestNet Broadband	DNS issue or not? I am seeing traffic I am starting to wonder on. It is from either bad DNS (Tcpview) or looking at the source, level 3. It seems to be with Opera 10, but I have not really looked deep, and wouldn't be able to understand it in the logs, but it isn't normal behavior for the 2 or 3 sites I class as regular where it is happening. Maybe my password is compramised. Any one else picking up unusual traffic? -- The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
	to forum · permalink · · 2009-07-01 08:52:43 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL	Is there any chance of a hint or two as to what you are seeing?
	to forum · permalink · · 2009-07-01 09:34:55 ·
MeDuZa join:2003-06-13 Austria	reply to norwegian A packet sniffer like IPSniffer might be more expedient than Tcpview. -- Reality corrupted. Reboot universe? (Y/N)
	to forum · permalink · · 2009-07-01 15:09:44 ·
norwegian Premium join:2005-02-15 Outback ·WestNet Broadband	reply to nwrickert for instance One address that I'm not usually seeing but have since recent times 198.78.223.126 1250968.742472198.78.223.126192.168.1.67TCP[TCP segment of a reassembled PDU] OrgName: Level 3 Communications, Inc. OrgID: LVLT Address: 1025 Eldorado Blvd. City: Broomfield StateProv: CO PostalCode: 80021 Country: US NetRange: 198.76.0.0 - 198.79.255.255 CIDR: 198.76.0.0/14 NetName: LVLT-ORG-198-76 NetHandle: NET-198-76-0-0-1 Parent: NET-198-0-0-0-0 NetType: Direct Allocation NameServer: NS1.LEVEL3.NET NameServer: NS2.LEVEL3.NET This one seems for all communication uses src port 80 and 1309, jtag-server for this capture using wireshark, all reference to this address, 1309, j-tag server is the port. -- The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
	to forum · permalink · · 2009-07-01 19:29:20 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL	There does appear to be a web server running at that IP address. You were perhaps looking at a page that loads an advertisement from that server. -- AT&T dsl; Speedstream 5100b modem; openSuSE 11.0; firefox 3.0.11
	to forum · permalink · · 2009-07-01 19:42:41 ·
norwegian Premium join:2005-02-15 Outback	I will look more at it, but the forums I visit don't show an advert that I know of. Thanks
	to forum · permalink · · 2009-07-01 19:47:37 ·
TheWiseGuy Dog And Butterfly Premium,MVM join:2002-07-04 Yonkers, NY	reply to norwegian It seems to be a footprint server. In the past one of the uses of the Footprint server is windows update. If you have windows update On, you could try turning it off. Server: Footprint 4.4/FPMCP -- Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.
	to forum · permalink · · 2009-07-01 20:00:06 ·
norw_away @net.au	There is no communication to svchost, nor port 443. the next addresses usually after are Imageshack or PhotoBucket. I do DNS to the router thern to my ISP, maybe the router is not working correctly?
	to forum · permalink · 2009-07-01 22:01:06 ·
norwegian Premium join:2005-02-15 Outback ·WestNet Broadband	reply to norwegian Seems the traffic has stopped with Opera 9.64 for the present. However I've seen similar traffic at periods in the past, but with a dynamic address, it could be contributed to many things as well. Did get a wireshark log though. -- The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
	to forum · permalink · · 2009-07-06 19:19:29 ·


Thursday, 03-Dec 06:52:19	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF