It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

IP`s that my pc blocked....Is This Normal???

page: 1
0

log in

join
share:

posted on Jan, 10 2008 @ 01:34 AM
link   
yesterday
06:38:21 Headquarters, USAAISC 164.170.203.130:31261
07:23:08 Boeing Computer Services 136.240.230.207:31261
23:55:07 DoD Network Information Center 30.69.216.79:31123
Today
01:39:34 Naval Air Station 138.160.94.112:30847
01:54:30 DoD Network Information Center 55.102.78.48:30847
02:09:25 Randolph Air Force Base 131.44.56.179:30847

theres lots more but the others seem harmless enough.

any comments on this stuff?

[edit on 10-1-2008 by Maya432]




posted on Jan, 10 2008 @ 05:28 AM
link   
reply to post by Maya432
 



It's not weird at all. All the time, daily, there are thousands of thousands of computers searching the internet. It really is the basic core of the internet don't you know.



posted on Jan, 10 2008 @ 11:47 AM
link   
Depends---are these outbound or inbound?
Inbound connections, not really a problem, especially if your network provider serves one of these companies or agencies or subgroup there of.
(Unless you are running some p2p client such as kazaa or emule etc.)

Outbound----yes, major problem. What program on your computer wishes to pass information on to these people? And which info?



posted on Jan, 13 2008 @ 01:22 AM
link   
ok...nope...no p2p programs on my pc.
they say "from source" so i guess that means inbound
and as far as destination it just shows ip # and no description.

the program is PeerGuardian 2.

thanx



posted on Jan, 13 2008 @ 01:56 AM
link   
I figured thats what you had. Its a very common question from its users, and here at ATS.

Peer Guardian is well known for False Positives.

Presuming your also running a Windows pc, and using its built in (junk) firewall you can tell it to send the firewall records to a log file.

That will let you see whats really going on in detail.


If you don't like looking at the raw log file you can download free viewer utilities , or parsers.

Best of Luck




[edit on 1/13/08 by makeitso]



posted on Jan, 13 2008 @ 02:14 AM
link   
It's really odd that today's events all utilize the same high ports, as well as two from yesterday.

You may want to run a netstat -an command from a DOS prompt every so often, to see if anyone is connected to your PC. This will also reveal if you have any ports that may be waiting and listening for connections.

Also, do a data packet capture using WireShark while your PC is idle and review the results when you return.



posted on Jan, 13 2008 @ 01:44 PM
link   
You may want to also stop using Peer Guardian seeing how it doesn't hide anything about you at all and actually slows down the download speeds of anything you might be trying to download using p2p apps or torrents. Keep in mind those lists that it uses to "block" IP's come from average people. How do they know for sure that the IP's come from the government and other places? I saw a friend of mine using it once and it actually had one blocked called "The Office of the President of the United States of America". I just started cracking up when I saw that scroll down the window and he became real paranoid. Finally got him to get rid of all the p2p apps he had though. Was trying hard to get him to stop using them for months up to that point.

There's no real way to completely hide yourself on the internet. If there was, then music/movies/software/game pirates and hackers wouldn't have anything to worry about.

If you're using Peer Guardian just as a way to try hiding yourself on the internet it's not working at all. Just go read up on it some more. If you're not downloading movies or anything you don't need it. You don't need it at all actually, it really doesn't do anything except slow your connection down with the more IP's it blocks.

[edit on 13-1-2008 by nightmare_david]



posted on Jan, 13 2008 @ 05:17 PM
link   
reply to post by nightmare_david
 



hello
thanx for the info.
no..not trying to hide on the internet.
I saw a thread about it and i was curious to see if and who was
trying to view my pc.



posted on Jan, 13 2008 @ 05:24 PM
link   
reply to post by Alxandro
 


i did the netstat -anD and got this


Proto Local Address foriegn Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 10.0.0.1:139 0.0.0.0:0 LISTENING
TCP 127.00.1:1028 0.0.0.0:0 LISTENING



[edit on 13-1-2008 by Maya432]



posted on Jan, 13 2008 @ 05:31 PM
link   
Not so sure about monitoring thing. I get background refresher clicks when on site. But I'm a nobody. And certainly no threat to anything thats not in my fridge, store bought supplies.



posted on Jan, 13 2008 @ 05:57 PM
link   
Run a security scan here. Make sure you don't have any open ports. If you do then check out the forums to learn how to close them down.



posted on Jan, 13 2008 @ 10:57 PM
link   

Originally posted by Maya432
reply to post by Alxandro
 


i did the netstat -anD and got this

Proto Local Address foriegn Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 10.0.0.1:139 0.0.0.0:0 LISTENING
TCP 127.00.1:1028 0.0.0.0:0 LISTENING


135 and 445 somehow work together. These are pretty typical Microsoft port allocations and should be OK, along with 139.
These are considered low ports and anything above 1024 are considered high ports.

I'm not familar with that app in question and it's probably nothing, but 1028 is certainly suspect and might require further monitoring.

I ran another DOS command nslookup (ex: nslookup 138.160.94.112) against some of the IPs you provided and they came back as non-existent domains. It may be your app announcing bogus information.

Check your C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS file using Notepad.
Some SpyWare apps modify the users HOSTS file by adding their own entries.
The only entry you should see where the line does not begin with "#" is the default of:
127.0.0.1 localhost



posted on Jan, 19 2008 @ 07:22 AM
link   

Originally posted by Alxandro
Check your C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS file using Notepad.
Some SpyWare apps modify the users HOSTS file by adding their own entries.
The only entry you should see where the line does not begin with "#" is the default of:
127.0.0.1 localhost


thanx man...i did that and it came back clean.
127.0.0.1 localhost ...... was the only entry without a "#"

[edit on 19-1-2008 by Maya432]




top topics



 
0

log in

join