Should I be concerned?

Cable Internet User w/Zone Alarm

Something is forcing all of my programs to connect to 1 or 2 IP addresses on port 53 everytime I make a connection. Zone Alarm records the DNS destinations of these 2 IPs indentified at what appear to be servers or routers within my ISP's network.

ns12.attbi.com
ns13.attbi.com

The other problem is that sometimes my IE will make an outgoing connection to IP 127.0.01 but it actually works when I surf the web. Proxy? I just came from a format and reinstall making sure not to install anything but core components to try and get rid of the problem. I'm still stuck even though I'm guessing its some kinda crap my cable company has setup for its Internet users.

 

Those IPs are your DNS servers (those attbi.com ones) and your own system (127.0.0.1) respectively. Nothing unusual with that.

 

That helps me... very little.

-.-

ALL programs want to connect to these 2 IPs on port 53. Before a week ago they all wanted to connect to their respective IPs that were set by the makers of each program.

127.0.0.1 refers to my computer (this I know already)
When I press accept to make an outgoing connection with programs they work and I know they are not connecting to my computer. What's going on with this?

 

Hi MakoFusion,

In order for any program on your system to connect to anywhere on the internet (if you are trying to go to a "named place" such as www.yahoo.com or popserver.isp.com) your system must first query a name server to find out the numeric IP of that hostname. Only then can your program/system proceed to send packets to the appropriate destination. The standard ports for this DNS activity is UDP 53 for most transactions and TCP 53 for longer queries and what are called "zone transfers" which are basically DNS-server to DNSserver communications. What you are seeing is entirely appropriate and necessary. If you did not see it previously then there was some other issue that kept you from noticing it.

Hope this makes things clearer,

Dan

BTW, Welcome to Wilders!

 

Hi MakoFusion

It is normal for IE to establish a UDP connection on localhost (127.0.0.1). Without it, surfing could slow to a crawl.

If what you are seeing is a connection to localhost for TCP, that could be related to something filtering that traffic on your system.

Can you provide more details on the localhost/loopback connection?

Attached is an image showing the normal IE UDP loopback connection, as well as an example of the TCP connection being filtered (in my case by ccPxySvc.exe).

Edit:
If you do not have a portmapper installed, you can check the following out:
Port Explorer
Vision
Active Ports

Regards,

CrazyM

 

I am trying to get something hardcore... I dunno if its UDP but ZoneAlarm will ask permission to connect to one of the 2 IPs or 127.0.0.1 everytime.

BTW does anyone have those 2 pages that were posted a while back dealing with the proxy forums where they have hundreds of free proxies and the Russian page to check and see if your proxy is a true perfect proxy?

 

Found the 2nd page

http://www.samair.ru/proxy/proxychecker/

 

Your actual ZA log file should tell you if it is UDP or not. Using one of the portmappers will also show you if it is just the normal IE UDP loopback connection. If it is, there is nothing to worry about.

As mentioned the connections to your ISP's DNS servers is normal and needed. You could try adding those IP's to your trusted zone to eliminate the prompts. Knowing the version of ZA would help as well so those more familiar with it could offer other configuration options.

Regards,

CrazyM

 

Thanks but I am a former member of this board.

 

heh

 

Here is knowledge about port 53, UDP

http://www.dshield.org/ports/port53.php

Ari

 

MF, you could have arrived at a nicer response to Dan for his attempt to help you !!

bill

 

Ok....

Thank you Dan the Man! Adds a smile
He thought it funny =)