Suspicious attempts to connect

Discussion in 'other firewalls' started by Richard01, Dec 1, 2019.

  1. Richard01

    Richard01 Registered Member

    Joined:
    Nov 30, 2019
    Posts:
    1
    Location:
    Hungary
    Hey ! Sorry if I post this at a wrong topic, I just joined.
    I am using mcafee, both on my computers, and I noticed that I have "suspicious incoming connections" blocked such as ANS communications,Akamai technologies,Google LLC, DigitalOcean,InstartLogic,CloudFlare,and some random ip's from the other half of the planet (Texas, Netherlands etc.),also some IPv6 adresses, which I can't even check,and a bunch of private adresses which are trying to access my TCP/UDP ports. It says that these private IPs' source is my own DNS server. I also have some IPs which are pointing towards some kind of internet access points (idk their name), they are providing internet, and they owed by Internet providers (TELEKOM). Should I be worried, or this is normal? Most of them are linked to big companies, so I think it's their tracking cookies, so they see the consumers interests, thus they can use it for their marketing. I am more worried about those private IPs within my local network with the source of my own DNS-DHCP provider. I'll write some ports that these tried to access (in case if someone would recognize them):
    UDP-63764. 64138, 59672, 58952, 62037,59566, 50463, 55884, 52370, 50476, 59438
    UDP-137,138,
    UDP- 8999, 1900, 5355(by the random ipv6 adress),
    TCP-52404, 52397, 52398, 51922, 51213, 51514, 53409, 50356
    Some big UDP- packages to analyze my system (according to Mcafee)
    Thank you for reading this far, and I would appreciate any kinf of help.
     
  2. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,683
    i don't think there's anything suspicious about those connections. could be a sw phoning home or updating its db or sending telemetery/feedback. some of those names belong to cdn's.
    you can use tcpview by sysinternals and wireshark to analyze those connections. i don't think you should be worried though.
     
  3. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    78
    Location:
    Here
    I think this may be poorly worded by mcafee and should read "suspicious incoming packets". They're likely a result of connections initiated internally from installed applications:
    https://community.mcafee.com/t5/Per...pts-from-Google-Are-Being-Blocked/td-p/527962

    Some simple to use nirsoft tools which might help alongside imdb's suggestions:

    Matching traffic to an application:
    https://www.nirsoft.net/utils/live_tcp_udp_watch.html

    TCP only connection logging with hostname:
    https://www.nirsoft.net/utils/tcp_log_view.html

    DNS logging:
    https://www.nirsoft.net/utils/dns_query_sniffer.html

    TCPView alternative. Has hostname and IP visible at the same time:
    https://www.nirsoft.net/utils/cports.html
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.