Can expert explain me this popup?

Discussion in 'ESET Smart Security' started by Janer, Feb 25, 2012.

Thread Status:
Not open for further replies.
  1. Janer

    Janer Registered Member

    Joined:
    Feb 25, 2012
    Posts:
    2
    Location:
    Croatia
    Hi,
    can someone from you help me about this?

    I reinstalled my pc 3 days ago and today I was going to download some files with utorrent.
    But suddenly eset firewall started to popup.
    All the popups were like this:

    http://i39.tinypic.com/2h52xy1.jpg

    Well outbound popups were green and inbound were red.
    On all of them was written:
    Application:System
    Publisher: Unknown
    Remote Computer:xxx.xxx.xxx.xxx (every time different ip address)

    There was more than 100 these popups.

    And here's the ss from ESET firewall Zone and Rule setup:

    http://i40.tinypic.com/ndx99j.jpg

    I do not remember I had such a lot of popups before.
    Should I allow or deny this communications?
    Can someone explain to me is this something dangerous or what?

    I have ESET Smart Security 5.0.93.0 and firewall is set to interactive mode and utorrent is v3.1.2

    EDIT:
    I see, nobody knows what's this all about or doesn't want to write it.
    Well, I found out that this has something to do with mixing IPv4 and IPv6 address and the reason might me that I use 2 connections on one PC.
    From 2 different ISPs. One for torrents and other for everything else.
    So this might help someone with the same situation.

    But would also like for some expert to join and explain to all of us this in details.
     
    Last edited: Feb 26, 2012
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    The pop ups you're getting in the first pic are related to your firewall filtering mode being set to interactive mode, meaning you have to manually allow or deny any connections there isn't already a set rule for.

    Without knowing precisely what application or IP address was attempting to make a connection, we can't verify the safety of allowing such a connection. uTorrents always have a high risk for possible malware infections. Deleting the rules you've created in this process would be the safest course of action. You can always go back and re-allow the connection later, if it's required and you are certain it's safe.

    I'd welcome anyone else to add their own expertise to this as well.
     
  3. Janer

    Janer Registered Member

    Joined:
    Feb 25, 2012
    Posts:
    2
    Location:
    Croatia
    I'm glad that someone finally involved in this topic.

    Ok, I'm familiar with this interactive firewall so first part of your response doesn't help me. Perhaps I was a little imprecise with the question.
    I'm more interested in what's hidden behind the name System that demands this connection and with what it wants to communicate, what's on the other side. I was curious and a little bit concerned about it.

    I saw that nobody doesn't answer to my question so was investigate a little bit myself. And I found out that this System wanted to communicate with some servers that all are registered on Microsoft.
    Furthermore, they are using protocols that I'm not familiar with, GRE & ESP. I know only for TCP & UDP.
    Also I found out that this communication is used for so-called tunneling and some kind of mixing between IPv4 and IPv6 address.

    So I concluded that it was not anything dangerous, and that I may allow the communication.

    But can someone explain to me, like a small child, what are these terms: GRE, ESP, tunneling, IPv4, IPv6...?

    And if somebody can explain to me why did this happen to me first time in my life? And through my hands passed hundreds of computers and I have 3 at home.
    If someone is expert in this field; is it perhaps because I recently started using 2 broadband connection at the same time on this pc, from 2 different ISPs? So these communications are needed to mix these 2 connections.
     
    Last edited: Feb 29, 2012
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I am not sure for the reasons behind the connections, but it sounds like your computer is attempting to make a connection to Microsoft's servers using the newer IPv6 protocol and is using these technologies to tunnel the connection. It might also be related to tunneling when a VPN connection is being used, if one of those is present and has been established.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.