WRSA want's out via UDP ?

Discussion in 'Prevx Releases' started by CloneRanger, Aug 29, 2012.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ PrevxHelp

    Hi, i'm sure you once told me that when i had PSO,

    1 - It does NOT use UDP at All.

    2 - That you don't use our browsers in Any way to get out.

    Can you please explain what i saw in my FW logs today ?

    udp.gif

    TIA
     
  2. szaki2

    szaki2 Registered Member

    Joined:
    Apr 20, 2012
    Posts:
    29
    Location:
    Hungary
    I think this just DNS query for E.T. phone home and ask mamy u have new vesion of me? :)
     
  3. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Just a DNS lookup (port 53) not a phone home. Probably to check if internet is ON? No idea, just a wild guess.

    [by the GUI, you must be using an ancient version of ZA :D ]
     
    Last edited: Aug 29, 2012
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, this would just be the OS resolving the DNS request. The agent doesn't perform its own UDP calls at all.
     
  5. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    Yep. That is 100% accurate. 53 UDP is a DNS request. Any process that says "I want a DNS lookup on a hostname or IP to be done" will be associated with the resulting request from the TCP stack. The fact that they occurred at the same time may be completely unrelated (which is most likely), or for all we know it could be WSA double-checking on the DNS information about the site, such as through a reverse DNS. I'm thinking more likely to be unrelated.

    But yeah, it's just a DNS lookup. You'll see Firefox do one of those for every new server it loads from.
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Thanks guys :thumb:

    @ PrevxHelp

    But why does my FW CLEARLY show WRSA as the program that requested out, if as you say, it's the OS ?

    TIA
     
  7. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    It's likely to be WSA doing the DNS lookup via the OS. You won't see OS X, Y or Z listed; it'll be the application on that OS, in this case WSA. Like Techfox says, Firefox does the same thing for every new server it loads from.
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Exactly, the OS performs the actions on behalf of WSA, but it occurs within the caller process because of the context of the operation.
     
  9. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ TonyW

    Thanks :thumb:

    So even though it's not WSA directly trying to get out via UDP, WRSA is the cause.

    What effect does my FW blocking it have ?
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    There is no reason to block it - it is a DNS lookup to verify a website. It will dramatically reduce protection if you block it.
     
  11. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ PrevxHelp

    I thought it might be that, Thanks :thumb:
     
Thread Status:
Not open for further replies.