- Jun 17, 2014
- 54
- 0
- 4,610
Hello all,
I realize there are a lot of people eager to help folks like me, but I ask that you read my entire question before giving an answer. =)
A couple weeks ago my AV detected a few trojans on a storage drive and got rid of them. Had no problems until a few days ago when I noticed my computer was using higher than normal resources, so I decided to check my firewalls security history. I noticed unrequested incoming connections from lots of places including Comcasts DNS servers and some other ip addresses including those on my own LAN.
I read that for a few years now due to poor updates by Comcast, hackers are using 'DNS poisoning attacks' using Comcast DNS IP addresses, so I upped the security on my modem, router, and PC firewalls, and changed my DNS servers and have not noticed some of the same IP's and the system is running faster again, but I am still seeing a few blocked connection attempts.
Last night I decided to unplug the cable modem and plug it in this morning and monitor what would show up in the history log, and I noticed without internet access there were immediate incoming connection attempts from my router, and an incoming connection attempt from a Samsung Galaxy S3 on my LAN. Once I plugged the modem in I noticed some blocked connections from the internet.
I suspect some of these may be normal and I probably agreed to some obscure advertising agreement when I installed a game or software item, and they could be their partner servers attempting to push something to my PC.
If there is an expert who can tell me -specifically- why these are happening, it would be great. Maybe even how to stop the devices from attempting the connections.
1. First the router is trying to use port 2869 which is commonly used by ICSLAP
2. The phone is trying to use UDP port 1900 which is for an obsolete SSDP service to push remote installations. (even known to be problematic before the S3 came out).
For the external IP addresses, the first one I looked up was 173.241.250.143 which turns out to be run by OpenX Technologies. They are an advertising company that is used by a lot of major brands.
- Why would openX ad servers be attempting to make a connection to my computer as soon as I power up my cable modem?
Maybe if I can solve this one I can eliminate a few more non threat IP addresses from the list.
Thanks in advance for reading all of this.
I realize there are a lot of people eager to help folks like me, but I ask that you read my entire question before giving an answer. =)
A couple weeks ago my AV detected a few trojans on a storage drive and got rid of them. Had no problems until a few days ago when I noticed my computer was using higher than normal resources, so I decided to check my firewalls security history. I noticed unrequested incoming connections from lots of places including Comcasts DNS servers and some other ip addresses including those on my own LAN.
I read that for a few years now due to poor updates by Comcast, hackers are using 'DNS poisoning attacks' using Comcast DNS IP addresses, so I upped the security on my modem, router, and PC firewalls, and changed my DNS servers and have not noticed some of the same IP's and the system is running faster again, but I am still seeing a few blocked connection attempts.
Last night I decided to unplug the cable modem and plug it in this morning and monitor what would show up in the history log, and I noticed without internet access there were immediate incoming connection attempts from my router, and an incoming connection attempt from a Samsung Galaxy S3 on my LAN. Once I plugged the modem in I noticed some blocked connections from the internet.
I suspect some of these may be normal and I probably agreed to some obscure advertising agreement when I installed a game or software item, and they could be their partner servers attempting to push something to my PC.
If there is an expert who can tell me -specifically- why these are happening, it would be great. Maybe even how to stop the devices from attempting the connections.
1. First the router is trying to use port 2869 which is commonly used by ICSLAP
2. The phone is trying to use UDP port 1900 which is for an obsolete SSDP service to push remote installations. (even known to be problematic before the S3 came out).
For the external IP addresses, the first one I looked up was 173.241.250.143 which turns out to be run by OpenX Technologies. They are an advertising company that is used by a lot of major brands.
- Why would openX ad servers be attempting to make a connection to my computer as soon as I power up my cable modem?
Maybe if I can solve this one I can eliminate a few more non threat IP addresses from the list.
Thanks in advance for reading all of this.
/askleo.com/how_do_i_monitor_network_activity_on_my_windows_machine/
Facebook
Twitter