PeerGuardian constantly blocks Declude Inc. only for me

PeerGuardian constantly blocks Declude Inc. only for me
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
PeerGuardian constantly blocks Declude Inc. only for me donnie 03-25-2007
Posted by donnie on March 25, 2007, 8:44 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I don't see anyone on google who has asked this question ever but I'm
amazed if I'm being targeted by anyone.

I try to use "netstat -ban" to view connections to and from my WinXP PC but
netstat gives only one quick snapshot in time so it misses a lot.

In searching for a program which will log all the "connections" to/from my
computer, I found on SourceForge freeware called the "PeerGuardian2"
firewall for Windows XP (FAQ http://phoenixlabs.org/pg2/faq/).

Instantly after installing PeerGuardian, I was shocked at what I see
connecting to/from my computer! But one entry in particular frustrates me.

Can you help me ascertain who or what is connecting to me?

Most of the connections, when I look them up, have been reported before in
the usenet newsgroups but one.

The one that doesn't seem to have a google record is the google search:
"PeerGuardian Declude, Inc."

Specifically, PeerGuardian constantly logs hits such as:
Time: Range: Source: Destination: Protocol: Action:
15:23:12 Declude, Inc 192.168.1.2:3866 70.87.188.180:80 TCP Blocked
15:23:12 Declude, Inc 192.168.1.2:3872 70.87.188.180:80 TCP Blocked
15:23:12 Declude, Inc 192.168.1.2:3887 70.87.188.180:80 TCP Blocked
etc.

Two things initially puzzle me. The first is these seem to be OUTGOING
connections but I didn't ask to connect to anything (I tested it right
after a reboot with nothing running overtly and no web pages up). The
second is that Declude, Inc. appears to sell email security software but I
didn't order any email security software (News at
http://www.declude.com/site/innews.htm).

Why am I the only one trying to google for "Declude Inc" TCP:80 attacks?

donnie

Posted by James on March 25, 2007, 9:06 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
donnie wrote:
> I don't see anyone on google who has asked this question ever but I'm
> amazed if I'm being targeted by anyone.
>
> I try to use "netstat -ban" to view connections to and from my WinXP PC but
> netstat gives only one quick snapshot in time so it misses a lot.
>
> In searching for a program which will log all the "connections" to/from my
> computer, I found on SourceForge freeware called the "PeerGuardian2"
> firewall for Windows XP (FAQ http://phoenixlabs.org/pg2/faq/).
>
> Instantly after installing PeerGuardian, I was shocked at what I see
> connecting to/from my computer! But one entry in particular frustrates me.
>
> Can you help me ascertain who or what is connecting to me?
>
> Most of the connections, when I look them up, have been reported before in
> the usenet newsgroups but one.
>
> The one that doesn't seem to have a google record is the google search:
> "PeerGuardian Declude, Inc."
>
> Specifically, PeerGuardian constantly logs hits such as:
> Time: Range: Source: Destination: Protocol: Action:
> 15:23:12 Declude, Inc 192.168.1.2:3866 70.87.188.180:80 TCP Blocked
> 15:23:12 Declude, Inc 192.168.1.2:3872 70.87.188.180:80 TCP Blocked
> 15:23:12 Declude, Inc 192.168.1.2:3887 70.87.188.180:80 TCP Blocked
> etc.
>
> Two things initially puzzle me. The first is these seem to be OUTGOING
> connections but I didn't ask to connect to anything (I tested it right
> after a reboot with nothing running overtly and no web pages up). The
> second is that Declude, Inc. appears to sell email security software but I
> didn't order any email security software (News at
> http://www.declude.com/site/innews.htm).
>
> Why am I the only one trying to google for "Declude Inc" TCP:80 attacks?
>
> donnie

Have you gone through Add/Remove Programs in the Control Panel to double
check to see if maybe you have a free trial of their mailprotector
program installed? If so, it may be trying to perform an autoupdate by
connecting to that IP's web address.

Also maybe try to use regedit and search for key values that include
"Declude"

James        http://cronus.ath.cx

Posted by donnie on March 25, 2007, 9:59 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Sun, 25 Mar 2007 20:06:19 -0500, James wrote:
>> Why am I the only one trying to google for "Declude Inc" TCP:80 attacks?
> Have you gone through Add/Remove Programs in the Control Panel

I couldn't find program entries for "Declude, Inc" using the WinXP
add/remove applet but Windows XP is notorious for missing installed
programs.

So I tried the better crap-cleaner add/remove freeware (features
http://www.ccleaner.com) which found a LOT more installed programs but not
anything starting with Declude.

So, it doesn't look like Declude is a program I installed on purpose.

Is there any way to see if Declude is pinging anyone else constantly?

donnie

Posted by donnie on March 25, 2007, 10:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Sun, 25 Mar 2007 20:06:19 -0500, James wrote:
> Also maybe try to use regedit and search for key values that include
> "Declude"

Nothing called "Declude, Inc" in regedit but WinXP regedit is notorious for
missing keys for example hex or ascii equivalents so I installed the
Nirsoft freeware (download http://www.nirsoft.net/utils/regscanner.html).

Even Nirsoft came up empty.

Why would declude inc be attacking my pc ports.

Better yet, is there a better program than peerguardian for logging each
and every incoming and outgoing connection to/from my computer?

donnie

Posted by James on March 25, 2007, 10:48 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
donnie wrote:
> On Sun, 25 Mar 2007 20:06:19 -0500, James wrote:
>> Also maybe try to use regedit and search for key values that include
>> "Declude"
>
> Nothing called "Declude, Inc" in regedit but WinXP regedit is notorious for
> missing keys for example hex or ascii equivalents so I installed the
> Nirsoft freeware (download http://www.nirsoft.net/utils/regscanner.html).
>
> Even Nirsoft came up empty.
>
> Why would declude inc be attacking my pc ports.
>
> Better yet, is there a better program than peerguardian for logging each
> and every incoming and outgoing connection to/from my computer?
>
> donnie

Try running netstat with a numerical value (x) after it and it should
run recurrently at (x) seconds. Sometimes I use "netstat -t 5" to get a
list of my TCP connections only, at an interval of every 5 seconds. You
could also maybe try a netstat -options (x) > somefile.log to log the
output of your netstat into a logfile you can reference later as well.

James        http://cronus.ath.cx

Similar ThreadsPosted
PeerGuardian P2P "LA County Sheriff's Office" and "ISPrime Inc" and "Beyone the Network Americas" September 6, 2007, 2:29 pm
apps that constantly want access April 17, 2005, 10:43 am
Help!! constantly connected to microsoft and cannot block it June 13, 2005, 7:08 pm
Why does my Network Win XP constantly send data to each other??? December 9, 2005, 5:28 am
Network indicator blinking constantly November 14, 2007, 12:18 am
Network connection light glowing constantly August 27, 2007, 3:15 am
ZA blocks access to dns. Why? December 3, 2004, 10:29 am
Outpost blocks everything August 30, 2005, 8:51 am
Sonicwall blocks msn and hotmail February 11, 2005, 12:26 pm
TZ170 AV blocks some exe downloads, but not others July 20, 2005, 10:10 pm

The site map in XML format XML site map

Contact Us | Privacy Policy