Results 1 to 5 of 5

Thread: Strange DNS requests

  1. #1
    woktre Guest

    Default Strange DNS requests

    Hi,

    I always used an old version of ZoneAlarm. I had some problems with a virus last week but I managed to clean it out, at least it seems so to me.

    Anyway after cleaning my sistem i installed a new version of zonealarm (7.0.462.000)

    Now, when i run Firefox it first ask me to connect to 127.0.0.1 wich is ok, i always allowed that, firefox opens and displays a blank page (that's my setting).

    Now when i try to connect to a page (for example google.it) zonealarm asks me to let firefox connect to some ip on the port 53 (DNS). If I deny firefox is not able to web-surf.

    i tried many times to run firefox and connect to google.it, every time the ip to wich firefox wants to connect is different, here's a list of some of the ips it requests:

    209.87.209.44NS
    216.73.84.9NS
    65.214.39.152NS
    208.254.29.233NS
    207.46.219.35NS
    209.85.135.147NS

    I have no Firefox extentions installed, disabled firefox automatic updates.
    I have no clue why firefox wants to conenct to so many different ips.

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm (Free)

  2. #2
    woktre Guest

    Default Re: Strange DNS requests

    the smilies on my message are not smilies, they are ": DNS"

    209.87.209.44 DNS
    216.73.84.9 DNS
    65.214.39.152 DNS
    208.254.29.233 DNS
    207.46.219.35 DNS
    209.85.135.147 DNS

  3. #3
    woktre Guest

    Default No one

    Does anyone experience these DNS request to strnge ip's?
    no one out there?

  4. #4
    naivemelody Guest

    Default Re: No one

    Did you try reverse DNS lookup > http://en.wikipedia.org/wiki/Reverse_DNS_lookup
    there are various other tools/ sites to help you find out.<hr>&gt; DNSstuff.com &gt;
    http://member.dnsstuff.com/pages/tools.php?ptype=free<hr>

  5. #5
    Join Date
    Dec 2005
    Posts
    9,057

    Default No one

    All the IPs in the list are safe and nothing nefarious. I recognize one from google and another from zonelabs.
    The ZA just reported what was seen - the dns port of the IPs was contacted and then no doubt the http port was then further connected. It is not an actual dns lookup. Just a possible connection to the dns IP. It could be a reverse dns lookup/connection as already stated by Senior Contributor NaiveMelody.
    Please look at the destination and source IPs carefully and check the Flags (if listed). This does help to determine if the connections were incoming or outgoing. The Flags are very helpful too.

    It is possible the Firefox has some bookmarks opened in the background for easy access or did a quick fetch for retrivals of web pages/sites for instant reading. I can't really say since I seldom use the Firefox and install it only occasionally.

    See: http://forum.zonelabs.org/zonelabs/b...ssage.id=18627

    Cheers.
    Oldsod.

    Message Edited by Oldsod on 04-01-2008 11:30 PM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •