Should I be concerned?

Discussion in 'privacy problems' started by MakoFusion, Jun 25, 2003.

Thread Status:
Not open for further replies.
  1. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    Cable Internet User w/Zone Alarm

    Something is forcing all of my programs to connect to 1 or 2 IP addresses on port 53 everytime I make a connection. Zone Alarm records the DNS destinations of these 2 IPs indentified at what appear to be servers or routers within my ISP's network.

    ns12.attbi.com
    ns13.attbi.com

    The other problem is that sometimes my IE will make an outgoing connection to IP 127.0.01 but it actually works when I surf the web. Proxy? I just came from a format and reinstall making sure not to install anything but core components to try and get rid of the problem. I'm still stuck even though I'm guessing its some kinda crap my cable company has setup for its Internet users.
     
  2. Tuulilapsi

    Tuulilapsi Registered Member

    Joined:
    Dec 8, 2002
    Posts:
    53
    Those IPs are your DNS servers (those attbi.com ones) and your own system (127.0.0.1) respectively. Nothing unusual with that. :)
     
  3. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    That helps me... very little.

    -.-

    ALL programs want to connect to these 2 IPs on port 53. Before a week ago they all wanted to connect to their respective IPs that were set by the makers of each program.

    127.0.0.1 refers to my computer (this I know already)
    When I press accept to make an outgoing connection with programs they work and I know they are not connecting to my computer. What's going on with this?
     
  4. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi MakoFusion,

    In order for any program on your system to connect to anywhere on the internet (if you are trying to go to a "named place" such as www.yahoo.com or popserver.isp.com) your system must first query a name server to find out the numeric IP of that hostname. Only then can your program/system proceed to send packets to the appropriate destination. The standard ports for this DNS activity is UDP 53 for most transactions and TCP 53 for longer queries and what are called "zone transfers" which are basically DNS-server to DNSserver communications. What you are seeing is entirely appropriate and necessary. If you did not see it previously then there was some other issue that kept you from noticing it.

    Hope this makes things clearer,

    Dan

    BTW, Welcome to Wilders!
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi MakoFusion

    It is normal for IE to establish a UDP connection on localhost (127.0.0.1). Without it, surfing could slow to a crawl.

    If what you are seeing is a connection to localhost for TCP, that could be related to something filtering that traffic on your system.

    Can you provide more details on the localhost/loopback connection?

    Attached is an image showing the normal IE UDP loopback connection, as well as an example of the TCP connection being filtered (in my case by ccPxySvc.exe).

    Edit:
    If you do not have a portmapper installed, you can check the following out:
    Port Explorer
    Vision
    Active Ports

    Regards,

    CrazyM
     

    Attached Files:

  6. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    I am trying to get something hardcore... I dunno if its UDP but ZoneAlarm will ask permission to connect to one of the 2 IPs or 127.0.0.1 everytime.

    BTW does anyone have those 2 pages that were posted a while back dealing with the proxy forums where they have hundreds of free proxies and the Russian page to check and see if your proxy is a true perfect proxy?
     
  7. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    Found the 2nd page

    http://www.samair.ru/proxy/proxychecker/
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Your actual ZA log file should tell you if it is UDP or not. Using one of the portmappers will also show you if it is just the normal IE UDP loopback connection. If it is, there is nothing to worry about.

    As mentioned the connections to your ISP's DNS servers is normal and needed. You could try adding those IP's to your trusted zone to eliminate the prompts. Knowing the version of ZA would help as well so those more familiar with it could offer other configuration options.

    Regards,

    CrazyM
     
  9. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    Thanks but I am a former member of this board.
     
  10. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
  11. Krustyman

    Krustyman Guest

    Here is knowledge about port 53, UDP

    http://www.dshield.org/ports/port53.php

    Ari
     
  12. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    MF, you could have arrived at a nicer response to Dan for his attempt to help you !! :mad:

    bill
     
  13. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    o_O
    Ok....

    Thank you Dan the Man! Adds a smile :D
    He thought it funny =)
     
Loading...
Thread Status:
Not open for further replies.