Results 1 to 2 of 2

Thread: ZA Updates

  1. #1
    blocker Guest

    Default ZA Updates

    I have noticed just within the last couple of days that when I get my antivirus and spyware updates and when I ask ZA to check for updates, the connection is going out to gen.cadvision.com 207.148.159.9/8 instead of zonelabs.
    Heres my firewall updating and is pretty much the same thing when I am getting anti virus and anti spyware updates.
    updclient.exe:2340
    TCP
    XX.telus.net:1042
    h-207-148-159-38.gen.cadvision.com:http
    FIN_WAIT1

    vsmon.exe:1004
    TCP
    XX:1025
    XX:0
    LISTENING

    vsmon.exe:1004
    TCP
    XX:1030
    localhost:1027
    ESTABLISHED

    vsmon.exe:1004
    TCP
    XX:1031
    localhost:1026
    ESTABLISHED

    vsmon.exe:1004
    UDP
    XX:491
    *:*


    vsmon.exe:1004
    TCPXX:1041
    h-207-148-159-9.gen.cadvision.com:http
    ESTABLISHED
    vsmon is my vector service and would really feel much better if that was a zonelabs IP connected to it.
    When I traceroute the IPTracing route to h-207-148-159-8.gen.cadvision.com [207.148.159.8]
    over a maximum of 30 hops:
    1
    1500 ms

    781 ms

    569 ms
    dXX-XX-XX-XX.telus.net
    ]

    2

    779 ms

    781 ms

    960 ms
    dXX-XX-XX-XX.telus.net
    ]

    3

    952 ms
    1098 ms

    960 ms
    VCTABC01DR02.bb.telus.com [208.181.240.110]

    4
    1291 ms
    1344 ms
    1384 ms
    VANCBC01GR01.bb.telus.com [154.11.10.25]

    5

    464 ms

    642 ms
    1205 ms
    CLGRAB21DR02.bb.telus.com [205.233.111.84]

    6
    1453 ms
    1420 ms
    1599 ms
    h-207-148-159-8.gen.cadvision.com [207.148.159.8]
    But when I traceroute my isptracert telusdotnetTracing route to cityweb.telus.net [198.161.157.214]
    over a maximum of 30 hops:
    1


    51 ms


    52 ms


    52 ms
    xx..telus.net XX]

    2


    60 ms


    53 ms


    52 ms
    xx..telus.net XX
    ]

    3


    51 ms


    52 ms


    52 ms
    VCTABC01DR02.bb.telus.com [208.181.240.110]

    4


    58 ms


    66 ms


    66 ms
    VANCBC01GR01.bb.telus.com [154.11.10.25]

    5


    76 ms


    79 ms


    79 ms
    edtnabxmdr00.bb.telus.com [205.233.111.132]

    6


    71 ms


    79 ms


    79 ms
    host198.77.34.207.in-addr.arpa [207.34.77.198]

    7


    70 ms


    79 ms


    79 ms
    161.184.255.250

    8


    69 ms


    79 ms


    79 ms
    cityweb.telus.net [198.161.157.214]
    That gen.cadvision is nowhere to be found. I prefer that but How come it isn't showing up when I traceroute my ISP when they are connected to me when I am updating, Uploading, logging in and downloading? Re: gen.cadvision is an ip from my ispDNSLookup Results
    Searching for gen.cadvision.com A record at a.root-servers.net[198.41.0.4]: Got referral to A.GTLD-SERVERS.NET in 31.25 ms.
    Searching for gen.cadvision.com A record at A.GTLD-SERVERS.NET[192.5.6.30]: Got referral to clgrps02.agt.net in 78.125 ms.
    Searching for gen.cadvision.com A record at A.GTLD-SERVERS.NET[192.5.6.30]: Got referral to edtnps16.telus.net in 78.125 ms.Authority records
    Name: Class: Type: Data: Time to live:
    gen.cadvision.com IN NS ns3.cadvision.com 3600s (1h)
    gen.cadvision.com IN NS ns1.cadvision.com 3600s (1h)
    gen.cadvision.com IN NS ns2.cadvision.com 3600s (1h)
    Additional records
    Name: Class: Type: Data: Time to live:
    ns1.cadvision.com IN A 198.80.55.1 3600s (1h)
    ns2.cadvision.com IN A 198.161.156.1 3600s (1h)
    ns3.cadvision.com IN A 198.161.156.1 3600s (1h)IP Address
    207.148.159.8

    IP Location:
    (CA) Canada,
    Burnaby,
    BCLatitude/longitude:
    49.2500
    LATITUDE and -122.9500
    LONGITUDE
    Connecting to the Internet through:
    TELUS CommunicationsOrganization:
    TELUS Communications
    What started all of this is that I was trying to upload a sound file and it looked like it went but an hour later the browser was hanging. The sound.wav is only 16.0 MBAt the time I noticed that the site I was trying to upload it to was connected to me fully established like normal
    but then so was that 207 IP and reckon this may be why I am having the troubles I am.This is from
    when I was trying to upload the sound file:[System Process]:0
    TCP
    127.0.0.1:1025
    127.0.0.1:1036
    TIME_WAIT

    [System Process]:0
    TCP
    127.0.0.1:1025
    127.0.0.1:1042
    TIME_WAIT

    [System Process]:0
    TCP
    127.0.0.1:1025
    127.0.0.1:1044
    TIME_WAIT

    [System Process]:0
    TCP
    127.0.0.1:1025
    127.0.0.1:1047
    TIME_WAIT

    [System Process]:0
    TCP
    127.0.0.1:1025
    127.0.0.1:1049
    TIME_WAIT

    [System Process]:0
    TCP
    127.0.0.1:1025
    127.0.0.1:1039
    TIME_WAIT

    [System Process]:0
    TCP
    127.0.0.1:1025
    127.0.0.1:1051
    TIME_WAIT

    [System Process]:0
    TCP
    127.0.0.1:1025
    127.0.0.1:1050
    TIME_WAIT

    iexplore.exe:1912
    UDP
    127.0.0.1:1034
    *:*


    iexplore.exe:1912
    TCP
    XX.XX.XX.XX:1043
    siteuploadingto:80
    ESTABLISHED

    iexplore.exe:1912
    TCP
    XX.XX.XX.XX:1045
    207.148.159.8:80
    ESTABLISHED

    iexplore.exe:1912
    TCP
    192.168.6.100:1046
    207.148.159.8:80
    ESTABLISHED

    iexplore.exe:1912
    TCP
    XX.XX.XX.XX:1048
    Site uploading to:80
    ESTABLISHED

    isafe.exe:2000
    TCP
    127.0.0.1:1026
    127.0.0.1:1031
    ESTABLISHED

    isafe.exe:2000
    TCP
    127.0.0.1:1027
    127.0.0.1:1030
    ESTABLISHED

    lsass.exe:572
    UDP
    0.0.0.0:4500
    *:*


    lsass.exe:572
    UDP
    0.0.0.0:500
    *:*


    svchost.exe:868
    UDP
    127.0.0.1:123
    *:*


    svchost.exe:868
    UDP
    XX.XX.XX.XX:123
    *:*


    svchost.exe:932
    UDP
    0.0.0.0:1032
    *:*


    System:4
    TCP
    XX.XX.XX.XX:139
    0.0.0.0:0
    LISTENING

    System:4
    UDP
    XX.XX.XX.XX:138
    *:*


    System:4
    UDP
    XX.XX.XX.XX:137
    *:*


    vsmon.exe:1004
    TCP
    0.0.0.0:1025
    0.0.0.0:0
    LISTENING

    vsmon.exe:1004
    TCP
    127.0.0.1:1030
    127.0.0.1:1027
    ESTABLISHED

    vsmon.exe:1004
    TCP
    127.0.0.1:1031
    127.0.0.1:1026
    ESTABLISHED

    vsmon.exe:1004
    UDP
    XX.XX.XX.XX:491
    I find this rather disturbing. In my program logs in ZA it shows the 207 IP as akamai. (please dont tell me how great they are, Akamai and I have had it out already)
    I actually was asked to call the site I was attempting to upload to so I did. They said they were able to successfully upload a sound file to my account and that it is a problem at my end.I have
    the site I was attempting to upload to in my site list and everything is unchecked so nothing is blocked. In my browser(s)
    I have their cookies and also in safe site list.Still, it wont work.When I was on the phone with them, I had ZA disabled to try the upload again. Didn't work. I reinstated ZA and suddenly my phone started a major deep Bzzzzz. Somehow my ZA
    seems connected to my phone line by way of this gen.cadvision thing, as they
    had a
    fully established connection the whole time as well.
    I have in the past contacted my ISP and they just make excuses and worse. At one point, the guy that works in the DNS part told me "Don't use ZoneAlarm". They have even told me that if I don't like it (complaints I have had), to find another ISP. Thing is there isn't much to choose from where
    I am. All of them go through this major corp. Lines rented from..
    So, the problem is is that when this happens and isn't the first time, there is always something that gets royally screwed up and I have zero recourse or help.
    I feel invaded
    and when my ZA is going out to them when it updates, I feel very creepy. My ZA should be going out to zonelabs not my isp!! My ISP once told me that Akamai was their security team. I employ my own security and do not opt for their firewall, antivirus packages, nor do I use their ecare nor their CD when setting up my account with them
    on the computer.I dislike talking with them on the phone. Mainly because they can be very rude. Demeaning when it comes to issues like this.
    I just want to be able to use my computer and upload or download what ever I want and log into my accounts securley without this IP fully connected to me.

    How do I do this?In the meantime this is going on, the DNS IP's of my ISP is caching like crazy in my firewall logs.
    What is going on here?

    When I go to log into accounts online, secure, that IP
    has a
    fully established connection. Through out the whole process. Even when the site I am logging into already has a connection established. Couple years ago this was happening and places i had accounts at were asking me if someone had access. No one possibly could have. My pc's were behind two locked doors, always run firewall, AV and no one uses my pc's or connection physically but me. I feel like I am sharing my connection with this 207 IP. Apologies for the lengthy post. I feel uncomfortable. If someone like Bill could comment, I am sure I would feel a bit at ease. Thank you in advance.
    Long Time Paying Zonelabs Customer,Greetings.

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm (Free)
    Software Version:6.5

  2. #2
    synyster Guest

    Default Re: ZA Updates

    I agree.
    I have not noticed this, but i haven't been looking.
    I think that someone of authority within Zone Labs should answer the questions about a possible crippling security breech of
    their security software.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •