I could only catch it on my box just booting up and obtaining IP address and such, when I run netstat -b, when ever I do it later after having connection for a few seconds it's never there. But this is the thing, I have Injoy firewall and when I look at network tab on task manager it says DOD-FX NDIS, so does this mean I'm decent and FX (the company that makes Injoy firewall)is actually run by the DOD or am I not ok and they have injected device driver at network level and/or hijacked Injoy and are using it to do some hardcore surveillance.This IP address says Yuma Proving Ground, I don't even use NMAP or Nessus or Ethercap or perform any malicious activity, so why me, is this normal. Please I am not regular poster and do not mean to be picky and need response but would very much appreciate if you definitively answer this question to be sure you know for sure sure.thank you

Hi,

So something in your PC is trying to connect out to DOD 6.1.1.10 Army Information Systems Center U.S. Army Yuma Proving Ground in Columbus OH ! If it was the other way round i could i could sort of understand it as i am, and have been scanned daily for some time by many different DOD IP's on various ports. I havn't had 6.1.1.10 but i have had 6.70.78.241. Not only them but lots of other agencies and universties and companys too ? I might check my FW logs for a very quick look every few days, but i just ignore them mainly now as nothing gettings in anyway. See this thread for more info

The Feds and Mil just scanned me

http://www.wilderssecurity.com/showthread.php?t=115870

If can eliminate all possibilities of FP's etc, and nobody that uses your PC has been up to anything, and something is in there, then it's very strange indeed how it did get in ? Have you got your browser fully secured for a start, no Active X or Scripting etc ?

I'm not too sure what the connection with DOD and your Injoy firewall is though ?

I found DOD NDIS mentioned in here, but i don't think it's the same thing !

5. M A N U A L D E I N S T A L L A T I O N Then find the "F/X Communications DOD NDIS Adapter" and repeat.

http://madcow.fx-services.com/fx/docs/readme.win

I'm not an expert on FW's, so i hope someone like CrazyM for eg sees this, or someone else who can offer any advice to you in some way. Maybe you could PM him and ask him to take a look at this thread ?

I'll be interested to hear what happens about all this, so please let us know things progress. Sorry i can't help you more.


StevieO

StevieO it's not tryin to send something out it has to do with my connection going through that location possibly when I first get online. I don't have anything trying to go out it is not an established connection or listening it is from netstat -b.

Hello

If there is a device driver at network level, won't it show here in this window and be called something like DOD 6.1.0?
or if your firewall uses a low level driver , it may show here.

-{ Quote: "... it's not tryin to send something out it has to do with my connection going through that location possibly when I first get online. I don't have anything trying to go out it is not an established connection or listening it is from netstat -b." }-
If it something showing in netstat, then it will be a connection of some sort.
Have you checked your logs for any entries for that IP that may shed some more light on what you are seeing. Can you provide more details on protocols/ports?

Regards,

CrazyM