Results 1 to 4 of 4

Thread: Question about ip range used during update

  1. #1
    papageorgio Guest

    Default Question about ip range used during update

    I ahd noticed that the lat time zlclient.exe tried to access the inter it went to ip's 80.12.97.19 and 80.12.97.51 (both accessing port 80 on the destination end), I know that ZL uses akamai servers but these ranges weren't in the list of addresses used by ZL. Just wondering if these are normal Ip's for zlclient to be accessing. Any info on this would be great.

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Question about ip range used during update

    The correct range appears to be (for the akamai servers) 80.12.96.0 - 80.12.98.255.
    Akamai is world wide and they spread out the requests as required and there is no possible method of pre-determining or controlling to where they will point to or point to next. It is a massive network with virtual networking and domains. The updates are pointing to this IP grouping and six months in the future point it cpuld be to another akamai server or network with different IPs.

    This falls under the backbone server of orange-ftgroup.com (AS3215) belonging to France Telecom (Orange Domestic IP Backbone).

    These two IPs are safe, however I would not be inclined to include the entire IP range as the correct IPs for the ZA update.
    It could switch over to another akamai server and if the ZA is "locked" to this specific range then the updates may no longer function.
    And further more there is no way of blocking possible unwanted sites from the entire IP range. There could be spyware/bad ads/trackers/malware banners/etc associated with the other involved IPs of this range.

    http://www.robtex.com/as/as3215.html

    http://private.dnsstuff.com/tools/wh...ip=80.12.97.51

    Oldsod.
    Best regards.
    oldsod

  3. #3
    papageorgio Guest

    Default Re: Question about ip range used during update

    Thanks for the quick reply, and that answered a lot for me, on the same matter I noticed that the zlcient asked to access, then svchost asked to access to (80.12.97.19) just wanting to make sure that it was the zlclient goes through or uses svchost in it's updates?

    Message Edited by papageorgio on 10-26-2008 05:00 PM

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Question about ip range used during update

    This is okay.
    The svchost.exe is one of those windows files that loves to go where everything else is going.
    Not just the svchost.exe but also the winlogon, userinit, explorer, services and a few others.
    Why?
    Because these are seen as processes involved with the outgoing application, in this case the ZA updater.

    You can reduce the svchost.exe outgoing direct connections by setting the correct assigned IP for that windows (best if using a router or modem with dhcp) along with the correct dhcp and dns servers in the network connections properties.
    Then lock that window's IP in the router along with it's MAC.
    Then disable the dhcp and dns client services.
    (But only if using a dhcp server such as a router and only after doing the first steps).
    Disabling the dhcp client service will lock-in the assigned IP and eliminate some of the LAN connections as it is always assumed the windows will always use that IP.
    Disabling the dns client service will stop windows from doing the domain name lookups for the windows and supported applications. This will force the supported applications to do their won domain nmae lookups.

    But the parent processes involved with the connections (as mentioned above) are still seen as involved with the outgoing applications.
    This is okay and acceptable.
    It is when some unusual file attempts to act as the parent process for initializing the outgoing connections that should be of concern - this could point to malware.

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •