Hey ! Sorry if I post this at a wrong topic, I just joined. I am using mcafee, both on my computers, and I noticed that I have "suspicious incoming connections" blocked such as ANS communications,Akamai technologies,Google LLC, DigitalOcean,InstartLogic,CloudFlare,and some random ip's from the other half of the planet (Texas, Netherlands etc.),also some IPv6 adresses, which I can't even check,and a bunch of private adresses which are trying to access my TCP/UDP ports. It says that these private IPs' source is my own DNS server. I also have some IPs which are pointing towards some kind of internet access points (idk their name), they are providing internet, and they owed by Internet providers (TELEKOM). Should I be worried, or this is normal? Most of them are linked to big companies, so I think it's their tracking cookies, so they see the consumers interests, thus they can use it for their marketing. I am more worried about those private IPs within my local network with the source of my own DNS-DHCP provider. I'll write some ports that these tried to access (in case if someone would recognize them): UDP-63764. 64138, 59672, 58952, 62037,59566, 50463, 55884, 52370, 50476, 59438 UDP-137,138, UDP- 8999, 1900, 5355(by the random ipv6 adress), TCP-52404, 52397, 52398, 51922, 51213, 51514, 53409, 50356 Some big UDP- packages to analyze my system (according to Mcafee) Thank you for reading this far, and I would appreciate any kinf of help.
i don't think there's anything suspicious about those connections. could be a sw phoning home or updating its db or sending telemetery/feedback. some of those names belong to cdn's. you can use tcpview by sysinternals and wireshark to analyze those connections. i don't think you should be worried though.
I think this may be poorly worded by mcafee and should read "suspicious incoming packets". They're likely a result of connections initiated internally from installed applications: https://community.mcafee.com/t5/Per...pts-from-Google-Are-Being-Blocked/td-p/527962 Some simple to use nirsoft tools which might help alongside imdb's suggestions: Matching traffic to an application: https://www.nirsoft.net/utils/live_tcp_udp_watch.html TCP only connection logging with hostname: https://www.nirsoft.net/utils/tcp_log_view.html DNS logging: https://www.nirsoft.net/utils/dns_query_sniffer.html TCPView alternative. Has hostname and IP visible at the same time: https://www.nirsoft.net/utils/cports.html