 FoMoCo466 C.I.D.
join:2001-01-10
Grand Rapids, MI |
FoMoCo
Member
2015-Apr-4 9:13 pm
ConnectionsWin7 home pc comes up clean using the normal tools but I found these connections odd. Open IE11 to google and I see these connections with end point viewer. Only issue I am having is 100% cpu usage on some sites like yahoo. Do these connections look ok? |
|
19579823 (banned)An Awesome Dude
join:2003-08-04 |
19579823 (banned)
Member
2015-Apr-5 1:47 am
Hmmmmmmm I wonder if thats 3rd party stuff??
When I visit google.com I only get 2 connections from e100.net.. (I have 3rd party cookies blocked)
Would be interesting to see if you blocked 3rd party cookies if those connections were still made....... |
|
| 19579823 |
19579823 (banned)
Member
2015-Apr-5 1:47 am
|
|
FoMoCo466 C.I.D.
join:2001-01-10
Grand Rapids, MI
1 edit |
FoMoCo
Member
2015-Apr-5 11:13 am
Same type of connections with 3rd party disabled. Changed homepage so ie11 would open to my normal DSLreports page then to google and checked the connections. |
|
19579823 (banned)An Awesome Dude
join:2003-08-04
2 edits |
to FoMoCo
Re: ConnectionsHmmmmmm is something else running when you have your browser open?? (Something else is calling all that)
How about if you DISABLE SCRIPTING (Active scripting) does it do it then??
EDIT:
I just ENABLED SCRIPTS (I always have them disabled) and went to google and still only had 2........
This is strange buddy! |
|
 NormanSI gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
Asus RT-AC66U B1
Netgear FR114P
|
to FoMoCo
What does ARIN say about the various IP addresses? I looked up three here: » www.arin.net/index.htmlAnother was obvious. A sample from your list: 199.16.157.105 (Twitter)
64.91.254.210 (LiquidWeb)
2607:f8b0:4009:805::100d (Google)
2a03:2880:f012:1:face:b00c:0:1 (Facebook)
I submit that only you can know which are "okay". |
|
FoMoCo466 C.I.D.
join:2001-01-10
Grand Rapids, MI |
FoMoCo
Member
2015-Apr-5 1:28 pm
I will have to track them down. The question I have is, are these connections originating from my pc or google / dslreports? I do not use nor visit FB or twitter. I do have ITunes installed solely to back up my phone but disable any of its auto start stuff. |
|
|
NormanSI gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P
|
Do you have a NAT router? If so, without a doubt, the connections originate from your computer. By default, NAT only allows inbound connections related to outbound connections. Even without NAT, unless you have a service running, which is listening for inbound connections, any "Established" connections were made from your computer.
When you visit web sites with ads, your browser will connect with ad serving sites. Facebook and Twitter connections show up in my connection list even without actively signing in. I have not explored whether they are serving ads, or somehow related to the respective links which appear on many web sites.
Any more, web sites have become "busy" with third-party links active. |
|
FoMoCo466 C.I.D.
join:2001-01-10
Grand Rapids, MI |
FoMoCo
Member
2015-Apr-5 6:31 pm
Yes I am using the uverse router. |
|
| |
dnstweet to NormanS
Anon
2015-Apr-5 6:33 pm
to NormanS
I see DNS, Twitter and this site connections to the outside world. What you think you are allowing and the reality could be quite different.  I am on Linux with NoScript so it is quite easy to see what's going on and adjust accordingly. |
|
NormanSI gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P
|
said by dnstweet :What you think you are allowing and the reality could be quite different.
You don't really have a lot of control over outbound connections; unless you flat out don't go anywhere. Most popular sites make scores of third-party connections; and don't work well, if at all, if you try to control third-party access. |
|
| |
dnstweet
Anon
2015-Apr-5 7:20 pm
Maybe you don't but I do. I can see and control in & out. I really have no interest of what others do on the interwebs. I was just answering the OP question. Carry on. |
|
FoMoCo466 C.I.D.
join:2001-01-10
Grand Rapids, MI |
FoMoCo
Member
2015-Apr-5 7:51 pm
I have not stayed up to date on these things like I use to as my computer usage has changed drastically from what it once was. I use MSE and run Malwarebytes and CC regularly. I have ran a couple of the root kit cleaners and everything comes up clean. Nothing odd that I see in process explorer neither. Been wondering if I should install a software firewall and see what ask to go out? |
|
dave
Premium Member
join:2000-05-04
not in ohio |
to FoMoCo
said by FoMoCo:The question I have is, are these connections originating from my pc or google / dslreports? Yours, by virtue of the port numbers used. The local ports are in ascending sequence from the ephemeral port range; the remote ports are fixed at either 80 or 443. This matches exactly what happens if your computer makes a number of consecutive TCP connects to http and/or https servers. |
|
Mele20
Premium Member
join:2001-06-05
Hilo, HI |
to FoMoCo
Why are you using IE? There's your problem. You can't use IE like you can other browsers. Stay away from it. Use a hosts file (I use HostsMan) to block sites like Facebutt and Twitter as there are links on EVERY website that will connect you if you don't block them in Hosts. Why use a garbage site like Yahoo? That's one of the worst tracking sites out there! Don't use Bing either. Stay away from Microsoft stuff as much as you can. Use Fx or Pale Moon and change the default search engine away from Bing to Google, DuckDuckGo, etc. Get an ad blocker also. Block all third party cookies. |
|
dave
Premium Member
join:2000-05-04
not in ohio |
dave
Premium Member
2015-Apr-6 10:25 am
Get off your soapbox. He asked a simple question which has a simple answer. |
|
19579823 (banned)An Awesome Dude
join:2003-08-04 |
to Mele20
quote:
Why are you using IE? There's your problem.
I dont think the only problem is IE Mele.. I am using IE and dont have all those connections...... Something OTHER THEN HIS BROWSER is calling that other stuff up.... (I dont think it would matter what browser he tried) |
|
FoMoCo466 C.I.D.
join:2001-01-10
Grand Rapids, MI |
FoMoCo
Member
2015-Apr-6 12:26 pm
The connections only appear when iE is open. I too believe its something other than iE itself. I did give chrome a try for a bit but don't remember if these connections were present then or not. I run under LU but the connections show up on admin as well. Other than the 100% cpu ( over clocked 2.5 P4 ) usage when I enter some sites I see nothing odd going on. Never tried FF but may be I should install it and see what happens. |
|
NormanSI gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P
|
said by FoMoCo:The connections only appear when iE is open.
Perhaps start with no browser open to get a baseline result. Here is mine: 
No browsers open.
I don't even have iTunes open, but iTunes runs some services when Windows starts. I presume one can uninstall certain iTunes components if one only wants the player to run. Akamai might be Apple related, or Western Digital. The rest, despite the FQDNs, is local; including a pair of Western Digital NAS devices. As for IE: When I invoke IE11, and go to Google, I see these connections: 
Google in IE11.
The only new data are the Google IPv6 IP connections. Finally, Opera, but not open to Google: 
Opera, DSLR only.
The Google connections are probably analytics. And stray IPv6 connection with my ISP. LiquidWeb is, of course, DSLR's hosting service.
P.S. Maybe see if there are any Facebook and Twitter BHOs. Freeware has a nasty habit of installing BHOs, if you don't pay attention to the install popups. I had to uninstall a Yahoo! toolbar once, when I got careless.
|
|
FoMoCo466 C.I.D.
join:2001-01-10
Grand Rapids, MI |
FoMoCo
Member
2015-Apr-6 7:48 pm
Here is my baseline with no browser open. |
|
19579823 (banned)An Awesome Dude
join:2003-08-04 |
19579823 (banned)
Member
2015-Apr-7 5:57 am
Yup I get the same. (Even if I have a page open but have been idle for a few minutes.. No connections)
Have you looked at task manager WHEN IE IS CLOSED then look at it again WHEN IE IS OPEN?? (You might see the offending app present) |
|
Hitron CDA3
(Software) OpenBSD + pf
|
to FoMoCo
said by FoMoCo:Here is my baseline with no browser open. Thats odd, I'm surprised you don't have any locally bound listening ports listed. |
|
NormanSI gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P
|
said by Chubbzie:Thats odd, I'm surprised you don't have any locally bound listening ports listed.
I might expect that if networking protocols are disabled. Some prefer to "unbind" NetBIOS. |
|
| NormanS |
to FoMoCo
I would really look closely at the IE addons. A lot of "freeware" will slip in unwanted toolbars when you aren't looking. |
|
| |
to NormanS
Oh, guess that could be the case but I was thinking more along the lines of the option to show unconnected endpoints in TCPView was not enabled? |
|
NormanSI gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P
|
I expect the OP isn't interested in the "unconnected" endpoints. Looking at my "no browser active" TCPView, I see connections opened by other "connected" applications. Apple iTunes is very busy, even when not running. If you don't like it, you can "neuter" by removing components, such as Bonjour, Application Support, and Mobile Device Support; which will break some features of iTunes. If you have ever downloaded something which uses the Akamai download manager, it will also be active. And then there are the miscellaneous local devices. 
Other connected stuff than browser.
Lacking networked devices, and connected applications running as services, there would be no "connected" endpoints showing; which is what the OP is trying to identify. I expect folks like 19579823 don't allow stuff like iTunes and Akamai; and probably don,t run networked printers and storage devices. |
|
TheWiseGuyDog And Butterfly
MVM
join:2002-07-04
East Stroudsburg, PA |
to dave
Re: Connectionssaid by dave:Yours, by virtue of the port numbers used. I suspect what he meant was- is IE loading links on dslreports or goggle when I visit these sites and opening connections from my computer to these IPs or is something not related to these sites but on my computer using IE to open connections to these IPs.  To the Original poster Part of what shows up may depend on whether you are signed into dslreports or not, I suspect if you are not signed in, you will see something very different than if signed in. |
|
| TheWiseGuy |
to NormanS
Re: said by NormanS:Maybe see if there are any Facebook and Twitter BHOs. I suspect twitter is due to dslreports if you are not logged on. |
|
 norwegian
Premium Member
join:2005-02-15
Outback |
to FoMoCo
Re: Connections
Thanks for starting this topic, after looking myself, found so many unsolicited connections it scared the 'ell out of me.
I'm not sure why, but IE11 on Win 8 was allowing all sorts of permissions for unsigned activex and the like.
Clearing these up stopped all traffic. I'm not sure how long that has been going on for.
The connections were started via the "Do you want IE to be the default browser" prompt page.
Scary stuff.
|
|
Mele20
Premium Member
join:2001-06-05
Hilo, HI |
Mele20
Premium Member
2015-Apr-8 9:02 am
Good reason to not be allowed to use IE 11. (I have Windows 8.0 Pro NOT 8.1 so Microsoft won't allow me to get IE 11). I too checked and I didn't see any crap. Bunch of connections but expected. |
|
I am on Linux with NoScript so it is quite easy to see what's going on and adjust accordingly.
