Update calling Refdesk?

Discussion in 'NOD32 version 2 Forum' started by Q Section, Dec 9, 2003.

Thread Status:
Not open for further replies.
  1. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello Everyone

    Does anyone know why the NOD32 updater would call www.refdesk.com? Whilst checking for the latest update we noticed in the firewall log that there were multiple entries for this:

    www.refdesk.com=140.239.119.12

    Ports Dest:1068 Src:www-http=80 Src:1068
    Ports Dest:www-http=80 Src:1068

    We are using a blank home-page for IE and had no other browser windows open.
     
  2. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    "140.239.119.12" is the IP of the update-server "u2.eset.com". For "www.refdesk.com" I get "66.28.209.214". Did your firewall mess up the domain name?

    Best regards,
    Anders
     
  3. NewNOD

    NewNOD Guest

    When I first attempted to update NOD32 yesterday, my firewall (Kerio 2.1.5) showed NOD32 attempting to connect to and was blocking:

    IP 140.239.119.12

    I checked the domain in TDS-3, but it kept timing out and wouldn't resolve. I assumed it was because of high traffic. But since it appeared I wouldn't get the update unless I allowed the access, I added the IP to the IPs NOD32 Update was allowed to connect (the other two are 62.168.97.102: sun.uid0.sk and 195.12.128.61: gin.ba.euroweb.sk).

    NOD32 has never attempted to connect to 140.239.119.12 as far as I'm aware and updates always worked allowing just a connection to the other two until this latest update.

    In TDS-3, the IP of 140.239.119.12 resolves as:

    07:36:21 [DNS] Resolve IP: 140.239.119.12
    07:36:21 [DNS] Full name: www.refdesk.com
    07:36:21 [DNS] IP address 1: 140.239.119.12
    07:36:21 [DNS] Resolve time: 0.3789063 seconds.

    If you enter www.refdesk.com and resolve, you get this:

    07:37:53 [DNS] Resolve Name: www.refdesk.com
    07:37:53 [DNS] Full name: www.refdesk.com
    07:37:53 [DNS] IP address 1: 66.28.209.214
    07:37:53 [DNS] Resolve time: 0.2792969 seconds.

    If you enter u2.eset.com, you get:

    07:42:18 [DNS] Resolve Name: u2.eset.com
    07:42:18 [DNS] Full name: u2.eset.com
    07:42:19 [DNS] IP address 1: 140.239.119.12


    Looks like you can get different results for the same IP depending on whether you enter the domain name or the IP.
     
  4. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Things are getting just a bit more strange lately. We just checked www.refdesk.com and got this:

    Query : www.refdesk.com
    Offical Name = refdesk.com
    Aliases = www.refdesk.com
    Addresses = 66.28.209.214, 65.77.130.214

    TARGET: 66.28.209.214
    NAME: COGENT-NB-0000
    NUMBER: 66.28.0.0 - 66.28.255.255
    CITY: WASHINGTON
    STATE: DISTRICT OF COLUMBIA
    COUNTRY: US

    Upon running 140.239.119.12 we get:

    Whois query whois.arin.net by IP address: '140.239.119.12' (www.refdesk.com)

    OrgName: Allegiance Telecom Companies Worldwide
    OrgID: ATCW
    Address: 1950 North Stemmons Freeway
    City: Dallas
    StateProv: TX
    PostalCode: 75207
    Country: US

    NetRange: 140.239.0.0 - 140.239.255.255

    A minor mystery pending further investigation.
     
  5. gunnarj

    gunnarj Registered Member

    Joined:
    Jun 8, 2002
    Posts:
    80
    Anybody resolved this minor mystery?

    ......


    WELCOME TO REFDESK

    "The single best source for facts on the Net."


    VISION STATEMENT: Refdesk is not about revenue. Refdesk is not about traffic. Refdesk is not about promotional vehicles or any form of commercialism. Refdesk is only about indexing quality Internet sites and assisting visitors in navigating these sites. At Refdesk that is all that counts and that is all that will ever count. Since 1995, Refdesk free and family friendly.
    Avaritia facit Bardus - Greed makes you stupid.

    http://www.refdesk.com/welcome.html
     
  6. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    We have not heard any answer yet.
     
Thread Status:
Not open for further replies.