Advice pls on what is happening on my system

Secure Home | Search | About

Lost Password?

General Computer Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject	Author	Date
Advice pls on what is happening on my system	Alix	12-09-2005

Posted by Alix on December 9, 2005, 5:14 am

If you were Registered and logged in, you could reply and use other advanced thread options

BACKGROUND

I am on a cable connection in the UK with no other PCs or printers
attached. I use FILSECLAB's personal firewall.

I downloaded and installed "TreeWalk DNS" a week ago on my XP Pro
system. As I am in the UK I also installed the "ORSC Slave-Root"
package. I have to say I am not particularly familiar with the
technical details of DNS lookups.

OBSERVATIONS

Today I booted up. Before I manually launched anything I saw the
following entries shown below in my firewall monitor.

These entries have worried me because for the last week my PC has
been hesitating for several seconds before connecting to servers such
as (http://www.google.com or an NNTP news servrer) for the first
time. Subsequent connections seems as fast as usual.

Spybot (latest version with latest updates) reports nothing.

QUESTIONS FOR ANYONE

1: Which entries below are expected and which are unusual?

2: Have I got some subtle malware on my system?

3: How can I track back from these entries to find what programs
invoked NAMED.EXE to make these network connections?

4: Should I remove Treewalk or does it make no difference?

For the time being I have put these into my hosts file in order to
restrain them from connecting.

Thank you for any help.

-------- LIST OF SELECTED FIREWALL MONITOR ENTRIES --------

NOTES:

(1) There were often several entries for each IP address but I have
listed only one.
(2) My IP address with port 1025 was always shown for each of these
entries
(3) The program associated with each entry was always Treewalk's
NAMED.EXE.
(4) In most cases, 70 bytes were sent and none received but for
192.5.6.30 (for which the IP lookup keeps failing) there was as much
as 10 KB of traffic in each direction!
(5) Sadly I can't find out anything for 194.54.112.30/FLUETANO.

=====

38.113.2.100 :53
Jerky Network Services, Mass

199.166.26.100 :53
VRx Network Services Inc. server=JFWHOME.FUNHOUSE.COM
199.166.29.100 :53
VRx Network Services Inc. server=JFWHOME.FUNHOUSE.COM
199.166.31.100 :53
VRx Network Services Inc. server=JFWHOME.FUNHOUSE.COM

194.54.112.30 :53
FLUENTANO, Hostmaster Bergen Nett og Media, Norway

193.0.14.129 :53
Subnet for k.root-servers.net

192.5.6.30 :53
a.gtld-servers.net [sent 10595 bytes & received 11369 bytes]

192.26.92.30 :53
VeriSign Global Registry
192.26.92.32 :53
VeriSign Global Registry
192.33.14.30 :53
Verisign
198.41.0.4 :53
Verisign

202.12.29.59 :53
Asia Pacific Network Information Center, Australia

216.239.34.10 :53
Google [I have Google Desktop Search]

------- END LIST OF SELECTED FIREWALL MONITOR ENTRIES --------

Similar Threads	Posted
Re: Advice pls on what is happening on my system	December 9, 2005, 6:53 am
Re: Advice pls on what is happening on my system	December 9, 2005, 2:52 pm
Re: Advice pls on what is happening on my system	December 9, 2005, 2:58 pm
Re: Advice pls on what is happening on my system	December 9, 2005, 9:19 pm
Advice, security specification calls for using system login to do login to web application	August 28, 2007, 8:19 am
Remotely controlling a PC - How can one tell this is happening?	May 13, 2005, 2:40 pm
UPD Port Scan from DNS Server Happening, What's Up?	January 15, 2006, 2:30 pm
Seeking certification(s) advice	June 22, 2004, 5:59 am
connection logger advice needed	February 2, 2005, 5:42 pm
Snoopware advice wanted for news story	July 20, 2004, 7:24 am

The site map in XML format XML site map