Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Is there any good IT tech(s) who can answer this?
New Posts  All Forums:Forum Nav:

Is there any good IT tech(s) who can answer this? - Page 2

post #11 of 24
That presents other questions like why you would have a directly internet facing box..

Edit:
Also keep in mind websites integrate services from other sites. So you could visit a hardware review site and get facebook integration or similar, your browser would initiate connections to FB based on the addresses listed within the site coding.
Edited by beers - 9/27/13 at 9:42am
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #12 of 24
213.199.179.166 is one of the IPs listed as Microsoft Internet Data Centre. You can block the range 213.199.160.0 - 213.199.191.255 with no issues. What it's actually used for though, I can only guess.
post #13 of 24
Something to keep in mind.

Websites are not static pages (anymore). They are many many pages assembled from machines all over the world.

The advertisements on websites almost never come from the same machine.
Most web-apps are cloud hosted, the traffic for these is routed to whatever machines have available capacity, even if in your case it might be ireland for facebook.

Companies with big cloud hosting solutions include: amazon (CloudFront, EC2, S3), google (App Engine), rackspace (rackspace cloud).

Also don't forget about all the apps on your pc running in the background. Most things these days have web connections for updating or notifications. (not just background processes, also look at windows services)
 
Tragbar
(14 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen 1800X Asus Crosshair VI Hero Nvidia Geforce Titan X F4-3600C15D-16GTZ 
Hard DriveHard DriveHard DriveHard Drive
Combined: 6.13 TB of space Samsung SSD 960 EVO 500GB Crucial_CT1050MX300SSD1 M4-CT128M4SSD2 
CoolingCoolingCoolingCooling
EK-Supremacy EVO White Edition PrimoChill PrimoFlex Advanced LRT EK-RES X4 250 (R2.0) Reservoir EK-CoolStream XE 360 
CoolingCoolingCoolingOS
EK-Vardar F4-120ER (2200rpm)  EK-Ekoolant EVO Liquid Coolant EK-XTOP Revo D5 PWM Pump Windows 10 Pro 
MonitorKeyboardPowerCase
Asus VG278H Ducky YOTG Keyboard Corsair AX1200 Corsair Obsidian 800D 
MouseAudioAudioAudio
Logitech G700s Schiit Gungnir Multibit Schiit Mjolnir 2 Schiit LISST 
Audio
Audeze LCD 2 - pre fazor 
CPUMotherboardGraphicsRAM
intel i7 4770K ASRock Z87E-ITX Nvidia Geforce GTX Titan X GSkill F3-2400C10D-16GTX R 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro 512GB Silverstone 12.7mm Slot Load Blu-Ray Burner Noctua NH-L12 Windows 8 Pro 
MonitorCaseAudioAudio
LG PA75U Slim LED Projector Silverstone SG08 Schiit Bifrost Schiit Asgard 2 
AudioOther
AKG Q701 Headphones Pelican 1510 Green Case  
  hide details  
Reply
 
Tragbar
(14 items)
 
 
CPUMotherboardGraphicsRAM
Ryzen 1800X Asus Crosshair VI Hero Nvidia Geforce Titan X F4-3600C15D-16GTZ 
Hard DriveHard DriveHard DriveHard Drive
Combined: 6.13 TB of space Samsung SSD 960 EVO 500GB Crucial_CT1050MX300SSD1 M4-CT128M4SSD2 
CoolingCoolingCoolingCooling
EK-Supremacy EVO White Edition PrimoChill PrimoFlex Advanced LRT EK-RES X4 250 (R2.0) Reservoir EK-CoolStream XE 360 
CoolingCoolingCoolingOS
EK-Vardar F4-120ER (2200rpm)  EK-Ekoolant EVO Liquid Coolant EK-XTOP Revo D5 PWM Pump Windows 10 Pro 
MonitorKeyboardPowerCase
Asus VG278H Ducky YOTG Keyboard Corsair AX1200 Corsair Obsidian 800D 
MouseAudioAudioAudio
Logitech G700s Schiit Gungnir Multibit Schiit Mjolnir 2 Schiit LISST 
Audio
Audeze LCD 2 - pre fazor 
CPUMotherboardGraphicsRAM
intel i7 4770K ASRock Z87E-ITX Nvidia Geforce GTX Titan X GSkill F3-2400C10D-16GTX R 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro 512GB Silverstone 12.7mm Slot Load Blu-Ray Burner Noctua NH-L12 Windows 8 Pro 
MonitorCaseAudioAudio
LG PA75U Slim LED Projector Silverstone SG08 Schiit Bifrost Schiit Asgard 2 
AudioOther
AKG Q701 Headphones Pelican 1510 Green Case  
  hide details  
Reply
post #14 of 24
You could always use netstat with the following flags: -a -b -n -o
post #15 of 24
Thread Starter 
Quote:
Originally Posted by beers View Post

That presents other questions like why you would have a directly internet facing box..

Edit:
Also keep in mind websites integrate services from other sites. So you could visit a hardware review site and get facebook integration or similar, your browser would initiate connections to FB based on the addresses listed within the site coding.

It's not ninja.gif
Quote:
213.199.179.166 is one of the IPs listed as Microsoft Internet Data Centre. You can block the range 213.199.160.0 - 213.199.191.255 with no issues. What it's actually used for though, I can only guess.

This won't affect Windows Update?
Quote:
Something to keep in mind.

Websites are not static pages (anymore). They are many many pages assembled from machines all over the world.

The advertisements on websites almost never come from the same machine.
Most web-apps are cloud hosted, the traffic for these is routed to whatever machines have available capacity, even if in your case it might be ireland for facebook.

Companies with big cloud hosting solutions include: amazon (CloudFront, EC2, S3), google (App Engine), rackspace (rackspace cloud).

Also don't forget about all the apps on your pc running in the background. Most things these days have web connections for updating or notifications. (not just background processes, also look at windows services)

Thanks, i'm well aware but the original tought of the post was why they were triggered and still are without any specific applications, i've tracked down the microsoft ones being embedded into a svchost
But where the others came from is still bothering me as i'm usually pen-testing things with a friend i know vulnerabilities like using vpn will allow a user access even if they can't directly trough home connections, so basically using vpn will hide you in most areas, but also make you vulnerable to other things.

Also totally off-topic but there's some severe vulnerabilities out there with Microsoft has no intention to fix, you can listen more to it on defcon series.
Someone, could basically bring down most major and small website and communities with less then a handheld device.

Old news for some, shocker for others, not to mention the ipv6 casts applaud.gif
Edited by Hyolyn - 9/27/13 at 10:35am
post #16 of 24
"This won't affect Windows Update?"

Not at all. I have seen absolutely no negative effects from the long term blocking of the addresses.
Edited by Bearybear - 9/27/13 at 11:45am
post #17 of 24
Thread Starter 
Quote:
Originally Posted by Bearybear View Post

"This won't affect Windows Update?"

Not at all. I have seen absolutely no negative effects from the long term blocking of the addresses.

Thank you
post #18 of 24
I also completely block all incoming connections even if they have an allow rule, I block all outgoing connections that don't have an allow rule, I block programs from being able to create/add rules so only myself or Windows can create rules, and I create outgoing rules per program only when it's needed to ensure proper functionality of the application or it's updater etc.

When browsing with Google Chrome, I use the extensions HTTPS Everywhere and Adblock Plus.

I use a bunch of reputable lists, there is a ton of overlap but security and privacy is improved. Some examples: EasyPrivacy, Fanboy's Enhanced Tracking List, Fanboy's Social/Annoyances Block List, Malware Domain Blocklist, Peter Lowe's List.

In Chrome Privacy Settings I also disable/uncheck the following as they allow Google to track almost everything you do within your browser and pose a few other security and privacy issues:

Use a web service to help resolve navigation errors
Use a prediction service to help complete searches and URLs typed in the address bar
Predict network actions to improve page load performance
Enable phishing and malware protection
Use a web service to help resolve spelling errors
Automatically send usage statistics and crash reports to Google

In the content settings I enable/check:

Keep local data only until I quit my browser (Cookies)
Block third-party cookies and site data (Cookies)
Click to play (Plug-ins)
Everything else is default set to "ask".

Toward the bottom I check/Enable the following and set it to download files to my desktop:

Ask where to save each file before downloading

Then I disable:

Continue running background apps when Google Chrome is closed

There's a whole crap ton of information going out and unwanted connections being made when you surf the web, especially with default settings. I always say: If private data is stored on a device or machine that is connected to the internet, it's best to assume that it's not private at all and the only OSs, applications and devices you can trust, are the ones you create from scratch yourself.
post #19 of 24
    Hyolyn, it would really help if we could see what processes are actually creating those connections.  SysInternals TcpView will give you a similar list with that information.

    FYI: In that list you gave in your first post, I don't see your computer "listening" to anybody.  It is actually connected to the sites listed as "Established", which means that data can be transferred either direction at any time.  Listening is different.  Listening is like sitting by the telephone and waiting for a call to come in on a certain line (i.e. port).  You should see some of those as well, but if you're connected via a router or modem, it probably is blocking all incoming connections already.
My desktop PC
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-3770K Gigabyte P67A-D3-B3 NVIDIA GeForce 8400 GS  1x Corsair 8 GB 
Hard DriveHard DriveHard DriveOS
Kingston SV300S3 WesternDigital WD10EZEX Samsung HD154UI Windows 7 Ultimate SP1 x64 
MonitorMonitorKeyboardPower
Daewoo L947BK Gateway FPD1530 HTK-2001 Dynex DX-400WPS 
MouseAudio
Kensington K72400 Realtek ALC889 
  hide details  
Reply
My desktop PC
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-3770K Gigabyte P67A-D3-B3 NVIDIA GeForce 8400 GS  1x Corsair 8 GB 
Hard DriveHard DriveHard DriveOS
Kingston SV300S3 WesternDigital WD10EZEX Samsung HD154UI Windows 7 Ultimate SP1 x64 
MonitorMonitorKeyboardPower
Daewoo L947BK Gateway FPD1530 HTK-2001 Dynex DX-400WPS 
MouseAudio
Kensington K72400 Realtek ALC889 
  hide details  
Reply
post #20 of 24
Netstat gives the same information, most of the 'connections' are likely from Skype, and if Microsoft wanted to they could quite easily send all sorts of data in and out through back doors that aren't detectable from within Windows, so there's no need to worry about the stuff that isn't hidden from you.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Is there any good IT tech(s) who can answer this?