Results 1 to 2 of 2

Thread: Is someone piggybacking? Guru Bill please

  1. #1
    blocker Guest

    Default Is someone piggybacking? Guru Bill please

    My last post seemed to go unaswered.http://forum.zonelabs.org/zonelabs/b...ssage.id=16761
    Since, I have noticed that
    when I trace route to my ISP, the first two hops are my own IP. TWO when normally it is one.

    1


    61 ms


    52 ms


    52 ms
    XX-XX-XX-XX.telus.net [XX.XX.XX.XX
    ]

    2


    59 ms


    52 ms


    52 ms
    XX.XX.XX.XX.telus.net [XX.XX.XX.XX
    ]

    3


    50 ms


    52 ms


    52 ms
    XXXX.bb.telus.com [208.181.240.110]

    4


    60 ms


    66 ms


    66 ms
    XXXX.bb.telus.com [154.11.10.25]

    5

    179 ms

    175 ms

    184 ms
    edtnabxmdr00.bb.telus.com [205.233.111.132]

    6

    169 ms

    171 ms

    171 ms
    host198.77.34.207.in-addr.arpa [207.34.77.198]

    7

    185 ms

    185 ms

    185 ms
    161.184.255.250

    8

    171 ms

    172 ms

    171 ms
    cityweb.telus.net [198.161.157.214]
    In your opinion, what's up with this? Why are there two of what is my own ip at the beginning? A ghost?I scan heavily to check the pc and nothing. I use several tools to search for spyware and adware as well as ZA.
    Response to my last post would be appreciated also. I know that ZA uses akamia, as do high traffic sites but Akamia is always fully connected no matter what I am doing, or going online. It'll be the same IP all day/night. Changes every few days. Sometimes it is a completely different company but always someone constantly connected like that.
    I find this annoying especially when I want to log in somewhere secure. Or use my credit card.
    I was glad to see my updates from ZA tonight come from Zonelabs IP and not the akamia one sitting in my connection monitor either established or close_waiting until I ask my browser to go someplace else again.
    [System Process]:0
    TCP
    XXXXX:1025
    localhost:1463
    TIME_WAIT

    [System Process]:0
    TCP
    XXXXX:1025
    localhost:1461
    TIME_WAIT

    [System Process]:0
    TCP
    XXXXX:1025
    localhost:1465
    TIME_WAIT

    iexplore.exe:2088
    UDP
    XXXXX:1450
    *:*


    isafe.exe:1372
    TCP
    XXXXX:1026
    localhost:1029
    ESTABLISHED

    isafe.exe:1372
    TCP
    XXXXX:1027
    localhost:1028
    ESTABLISHED

    lsass.exe:572
    UDP
    XXXXX:4500
    *:*


    lsass.exe:572
    UDP
    XXXXX:isakmp
    *:*


    svchost.exe:872
    UDP
    XXXXX:ntp
    *:*


    svchost.exe:872
    UDP
    XXXXXtelus.net:ntp
    *:*


    svchost.exe:936
    UDP
    XXXXX:1041
    *:*


    svchost.exe:936
    UDP
    XXXXX:1063
    *:*


    svchost.exe:936
    UDP
    FA38FA253F:1453
    *:*


    System:4
    TCP
    XXXXX.telus.net:netbios-ssn
    XXXXX:0
    LISTENING

    System:4
    UDP
    XXXXX.telus.net:netbios-dgm
    *:*


    System:4
    UDP
    XXXXX.telus.net:netbios-ns
    *:*


    vsmon.exe:1008
    TCP
    XXXXX:1025
    XXXXX:0
    LISTENING

    vsmon.exe:1008
    TCP
    XXXXX:1028
    localhost:1027
    ESTABLISHED

    vsmon.exe:1008
    TCP
    XXXXX:1029
    localhost:1026
    ESTABLISHED

    vsmon.exe:1008
    UDP
    XXXXX.telus.net:491
    *:*


    vsmon.exe:1008
    TCP
    XXXXX.telus.net:1055
    64.86.94.8:http
    CLOSE_WAIT

    Any idea why Akamia (teleglobal) would be posted there like that?

    Thank you

    Operating System:
    Windows XP Home Edition
    Product Name:
    ZoneAlarm Internet Security Suite
    Software Version:
    6.5


    Message Edited by blocker on 12-11-200612:19 AM

  2. #2
    billc Guest

    Default Re: Is someone piggybacking? Guru Bill please

    Gosh, I'm not sure I've got all your questions understood properly but let me just make a few comments. As I think you know, Akamia servers are used by Zone Labs but also other major internet users including Microsoft. So a connection to an Akamia sever could be one of your programs checking for updates. Some programs check for updates on a very frequent bases.

    The connections you've posted as 'Established' are to your own computer. The programs saying 'Listening' well not be able to "hear" a connection request unless you've granted 'server' rights to that program. It would be like your telephone receiving an incoming call but if the bell is turned off, you want hear it to answer. Zone Alarm turns off the bell so your programs can't hear the connection request.

    As to why there are two hops on your trace route can be as simple as the first packet not getting through. Why you ask? The packet could be ill-formed or fragmented when first sent. I do not think you have a nefarious program trying to sneak out of your machine. I believe the behavior you are seeing is completely normal.

    You see those packets are UDP packets. UDP does not provide the reliability and ordering guarantees that TCP does. Datagrams may arrive out of order or [i]go missing without notice.[i] Without the overhead of checking if every packet actually arrived, UDP is faster and more efficient for many lightweight or time-sensitive purposes. Make sense?

    About uploading/downloading. To download, you'll need to have your Mobile Code control in Privacy turned off. If you're already on the site before you turn off Mobile Code control, you'll need to at least refresh the page and in some cases you may need to clean your browser cache. For uploading, if you are using a FTP client, you'll need to select the 'Passive' mode to make transfers. If you are using a site's upload utility, you'll need to turn off Mobile Code control and go through the same steps I mentioned for downloading. Mobile Code will block the sites script used for uploading. Now.....there are some few sites that will not work if any of your Main Privacy blocking is turned on. Just 'customizing' the site and turning all blocking off will not work. If any Main Privacy blocking is turned on, Zone Alarm will insert the JavaScript which will conflict in some cases.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •