I was looking thru the out going logs of my Linksys WRT54G router and I found that my father's PC has an out going signal that showed it's destination as 38.118.85.21 I did a whois search on it from my Intego NetBarrier Firewall app and got this.
Performance Systems International Inc. PSINETA (NET-38-0-0-0-1)
38.0.0.0 - 38.255.255.255
Performance Systems International Inc. COGENT-NB-0002 (NET-38-112-0-0-1)
38.112.0.0 - 38.119.255.255
Who are they, what apps would be transmitting to them? But more importantly, should my father be worried?
Thanks.
Full Version: Performance Systems International, Inc.
Is there anything in the log that indicates what program, task, or file is sending out to them?
Is there a way that you can set the firewall to ask the user before letting applications connect to the internet? If so, set it that way to discover what is doing it.
Orange Blossom
Is there a way that you can set the firewall to ask the user before letting applications connect to the internet? If so, set it that way to discover what is doing it.
Orange Blossom
Orange Blossom,
Thanks for replying.
The only things that are shown on my Linksys logs are LAN IP, Destination URL/IP and Service/Port Number. It was listed as www in the Service/Port Number.
From the Linksys? IDK, I don't think so. From my Firewall? No.
Thanks for replying.
QUOTE
Is there anything in the log that indicates what program, task, or file is sending out to them?
The only things that are shown on my Linksys logs are LAN IP, Destination URL/IP and Service/Port Number. It was listed as www in the Service/Port Number.
QUOTE
Is there a way that you can set the firewall to ask the user before letting applications connect to the internet? If so, set it that way to discover what is doing it.
From the Linksys? IDK, I don't think so. From my Firewall? No.
Hmm. What firewall are you using?
By any chance, are there peer-to-peer programs on the computer? If so which ones?
Orange Blossom
By any chance, are there peer-to-peer programs on the computer? If so which ones?
Orange Blossom
Found on the web:
performance systems international... PSI, one of the 'older' ISP's around, based out of N. Virginia ( think they even have/had a stadium named after them - PSI Stadium ).
performance systems international... PSI, one of the 'older' ISP's around, based out of N. Virginia ( think they even have/had a stadium named after them - PSI Stadium ).
Ah, but is that YOUR internet service provider?
Orange Blossom
Orange Blossom
QUOTE
Hmm. What firewall are you using?
I am using Intego's NetBarrier on my PowerBook G4. My father is using Norton? I'm not quite sure, but he has Norton on his PC.
QUOTE
By any chance, are there peer-to-peer programs on the computer?
I don't think so, he doesn't download very much. Mostly updates to his XP Home, AV and Anti-Spy programs.
QUOTE
Ah, but is that YOUR internet service provider?
It's gci.net.
I never looked to see if my PB is contacting the same IP, I'll look but I'm pretty sure it's not because Little Snitch doesn't show that any of my apps are contacting that IP.
Thanks again.
I'm not familiar with that firewall. It's your father's computer that has the problem right? So we need to know which firewall is on HIS computer.
It's possible that there is something on the computer that shouldn't be there making these connections. It's also possible that something that should be there is making connections it shouldn't be, and there is a slim chance it's legit. That's why I want to know which firewall is on the computer that has the problem so it can be set up to ask the user before anything makes connections. That way we can identify the culprit and determine whether it's good, bad, or indifferent and what to do next if anything.
There are free firewalls that can be configured this way and that will identify the application. Zone Alarm Free and Kerio Personal Firewall Free are both examples. I personally prefer the later as it provides more specific information. You might consider installing one of those, uninstalling the other one first, temporarily at least until the problem is solved.
Orange Blossom
It's possible that there is something on the computer that shouldn't be there making these connections. It's also possible that something that should be there is making connections it shouldn't be, and there is a slim chance it's legit. That's why I want to know which firewall is on the computer that has the problem so it can be set up to ask the user before anything makes connections. That way we can identify the culprit and determine whether it's good, bad, or indifferent and what to do next if anything.
There are free firewalls that can be configured this way and that will identify the application. Zone Alarm Free and Kerio Personal Firewall Free are both examples. I personally prefer the later as it provides more specific information. You might consider installing one of those, uninstalling the other one first, temporarily at least until the problem is solved.
Orange Blossom
Orange Blossom,
Yes, it's my father's PC that is connecting. He had a license for Zone Alarm but probably got frustrated with all the "questions" from it, same thing with Spybot. He uninstalled those along with AVG and installed Norton, which has a firewall but I don't think it asks if a signal going out should be denied or not.
NetBarrier is a Mac application.
Yes, it's my father's PC that is connecting. He had a license for Zone Alarm but probably got frustrated with all the "questions" from it, same thing with Spybot. He uninstalled those along with AVG and installed Norton, which has a firewall but I don't think it asks if a signal going out should be denied or not.
NetBarrier is a Mac application.
I understand that if you are using iTunes it will connect to PSI for automatic updates etc.
QUOTE(Budapest @ Dec 4 2006, 01:20 AM) 
I understand that if you are using iTunes it will connect to PSI for automatic updates etc.
He doesn't use iTunes, the only Apple product he has on his PC is Quicktime. Does Quicktime connect to PSI? I would of thought that Mac apps would connect to Apple for updates or whatever.
If I remember correctly Quicktime has advertisements and links that show up when you open it, and it is this third-party content that might come from PSI. I've heard that the programme "Little Snitch" can tell you which application on your system is connecting to PSI, although I've never used it myself.
Little Snitch does tell which application is trying to send a signal out and to where it wants to send it. It's for Macs only and my father's comp is a PC. Could be a program from Quicktime but I have never seen him use Quicktime before, but that doesn't mean he doesn't use it.
Sorry, I didn't realise that Little Snitch is only for Macs. You might want to check his Quicktime settings. The latest versions have an application that runs at start-up and checks for updates etc. First time I installed it I ended up with a little Q symbol in my task bar, but you can set the options so it doesn't run at start-up.
No problem.
Will do, but I've never seen a letter Q on his taskbar nor do I think he's ever updated Quicktime before. Where can I find the list of his start-up items?
Will do, but I've never seen a letter Q on his taskbar nor do I think he's ever updated Quicktime before. Where can I find the list of his start-up items?
The best way to keep Quicktime from calling home and loading at startup is to block it from checking for updates by following the path below:
--------------------------------------------------------------------------------
open QuickTime/ mouse over edit/ mouse over preferences/ click on QuickTime preferences/ click on update/ uncheck "check for updates automatically"
--------------------------------------------------------------------------------
Several security programs will give you the option of allowing/blocking programs from the startup list. My favorite is WinPatrol free. My preference is to use the options in each program to block them from installing at startup. The two programs you would want to run at startup is your antivirus and firewall.
http://www.winpatrol.com/
--------------------------------------------------------------------------------
open QuickTime/ mouse over edit/ mouse over preferences/ click on QuickTime preferences/ click on update/ uncheck "check for updates automatically"
--------------------------------------------------------------------------------
Several security programs will give you the option of allowing/blocking programs from the startup list. My favorite is WinPatrol free. My preference is to use the options in each program to block them from installing at startup. The two programs you would want to run at startup is your antivirus and firewall.
http://www.winpatrol.com/
I asked him about Quicktime and he said he never uses it, so I told him to uninstall it. I just checked the outgoing logs and there is 2 listings, neither one going to PSI. I'll check them again later and post back.
Just a thought here and this only if your father agrees to it.
See if you can have sole control of the computer for a few hours then either see if you can set Norton to ask, OR temporarily disable Norton's firewall and install one of the free ones that does ask. This way you will be able to determine the culprit.
If it's a legit. program but it doesn't need to make that connection, you could configure the Norton firewall for him to block that particular communication once you uninstall the freebie and enable the Norton firewall again.
What I am concerned about is that there may be malware or something on the computer making those communications.
Orange Blossom
See if you can have sole control of the computer for a few hours then either see if you can set Norton to ask, OR temporarily disable Norton's firewall and install one of the free ones that does ask. This way you will be able to determine the culprit.
If it's a legit. program but it doesn't need to make that connection, you could configure the Norton firewall for him to block that particular communication once you uninstall the freebie and enable the Norton firewall again.
What I am concerned about is that there may be malware or something on the computer making those communications.
Orange Blossom
AutoRuns will show you what programs are configured to run during system bootup or login.
QUOTE
See if you can have sole control of the computer for a few hours then either see if you can set Norton to ask, OR temporarily disable Norton's firewall and install one of the free ones that does ask. This way you will be able to determine the culprit.
I'll try, but it's rare that he's away from his PC (retired). How would I set up Norton to ask? I don't know very much about Windows and it's programs, I'm using my Mac whenever I need to go online.
QUOTE
AutoRuns will show you what programs are configured to run during system bootup or login.
Thanks, I'll give a try when I can get a chance to use his PC.
Happy Holidays,
Just letting you know that my father uninstalled WeatherBug and my router's out going logs doesn't show that IP address. It's early to say that one of it's ads was transmitting but I'm keeping my fingers crossed.
Thanks.
Just letting you know that my father uninstalled WeatherBug and my router's out going logs doesn't show that IP address. It's early to say that one of it's ads was transmitting but I'm keeping my fingers crossed.
Thanks.
Hello,
I came accross this site as I was searching about the mysterious Performance Systems International Inc. spider browsing my site.
A couple of months ago, this visitor to my site left me wondering for a long time until I made further research. The following IPs
38.98.120.83
38.100.41.112
38.98.120..83
etc were showing in the log.
This started to happen after I contracted some one supposedly from India to work on my site who mentioned an affiliate company in the US. Interestingly enough the person who signed on to my site (with East Indian name) also belonged to the same strings of IPs which is 38.98.120..83. I got rid of the group and kicked them out of my site. After further investigation to my files, I found out a suspicious program called CERBERUS installed. I confronted the person who pretentiously claimed to have been working on my site. He avoided the questions.
Does any one have any advice for me where to check for site integrity and security vulnerability and how to take care of it?
Thanks.
I came accross this site as I was searching about the mysterious Performance Systems International Inc. spider browsing my site.
A couple of months ago, this visitor to my site left me wondering for a long time until I made further research. The following IPs
38.98.120.83
38.100.41.112
38.98.120..83
etc were showing in the log.
This started to happen after I contracted some one supposedly from India to work on my site who mentioned an affiliate company in the US. Interestingly enough the person who signed on to my site (with East Indian name) also belonged to the same strings of IPs which is 38.98.120..83. I got rid of the group and kicked them out of my site. After further investigation to my files, I found out a suspicious program called CERBERUS installed. I confronted the person who pretentiously claimed to have been working on my site. He avoided the questions.
Does any one have any advice for me where to check for site integrity and security vulnerability and how to take care of it?
Thanks.
Hi shumey,
I just ran a whois with whois.arin.net server and got these with the first two IP addresses you listed. The 3rd one got a No match found for 38.98.120..83. Maybe you can contact them and ask?
OrgName: Performance Systems International Inc.
OrgID: PSI
Address: 1015 31st St NW
City: Washington
StateProv: DC
PostalCode: 20007
Country: US
NetRange: 38.0.0.0 - 38.255.255.255
CIDR: 38.0.0.0/8
NetName: PSINETA
NetHandle: NET-38-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: NS.PSI.NET
NameServer: NS2.PSI.NET
Comment: Reassignment information for this block can be found at
Comment: rwhois.cogentco.com 4321
RegDate: 1991-04-16
Updated: 2005-10-05
RTechHandle: PSI-NISC-ARIN
RTechName: IP Allocation
RTechPhone: +1-877-875-4311
RTechEmail: ipalloc@cogentco.com
OrgAbuseHandle: COGEN-ARIN
OrgAbuseName: Cogent Abuse
OrgAbusePhone: +1-877-875-4311
OrgAbuseEmail: abuse@cogentco.com
OrgNOCHandle: ZC108-ARIN
OrgNOCName: Cogent Communications
OrgNOCPhone: +1-877-875-4311
OrgNOCEmail: noc@cogentco.com
OrgTechHandle: IPALL-ARIN
OrgTechName: IP Allocation
OrgTechPhone: +1-877-875-4311
OrgTechEmail: ipalloc@cogentco.com
I just ran a whois with whois.arin.net server and got these with the first two IP addresses you listed. The 3rd one got a No match found for 38.98.120..83. Maybe you can contact them and ask?
OrgName: Performance Systems International Inc.
OrgID: PSI
Address: 1015 31st St NW
City: Washington
StateProv: DC
PostalCode: 20007
Country: US
NetRange: 38.0.0.0 - 38.255.255.255
CIDR: 38.0.0.0/8
NetName: PSINETA
NetHandle: NET-38-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: NS.PSI.NET
NameServer: NS2.PSI.NET
Comment: Reassignment information for this block can be found at
Comment: rwhois.cogentco.com 4321
RegDate: 1991-04-16
Updated: 2005-10-05
RTechHandle: PSI-NISC-ARIN
RTechName: IP Allocation
RTechPhone: +1-877-875-4311
RTechEmail: ipalloc@cogentco.com
OrgAbuseHandle: COGEN-ARIN
OrgAbuseName: Cogent Abuse
OrgAbusePhone: +1-877-875-4311
OrgAbuseEmail: abuse@cogentco.com
OrgNOCHandle: ZC108-ARIN
OrgNOCName: Cogent Communications
OrgNOCPhone: +1-877-875-4311
OrgNOCEmail: noc@cogentco.com
OrgTechHandle: IPALL-ARIN
OrgTechName: IP Allocation
OrgTechPhone: +1-877-875-4311
OrgTechEmail: ipalloc@cogentco.com
Hi.
I apologize for posting on such an old topic. I was looking to find the I.P. address of a website and did a quick search for some info about the owner of the range and came across this thread. I just thought I'd add a note here about the previous post.
The reason you could not find any information pertaining to the I.P. address above is because there cannot be two decimal points between the octets...ever. 38.98.120..83 is incorrect where 38.98.120.83 would be the correct I.P. address. I am sure this was a typographical error by shumey when he originally posted.
WOW. This was my first post on the forums here. I have been visiting the site for several years as a result of searching for fixes here and there. It is good to finally join and participate. I look forward to helping and/or seeking for it in the future.
Thanks,
~~mike~~
I apologize for posting on such an old topic. I was looking to find the I.P. address of a website and did a quick search for some info about the owner of the range and came across this thread. I just thought I'd add a note here about the previous post.
QUOTE
I just ran a whois with whois.arin.net server and got these with the first two IP addresses you listed. The 3rd one got a No match found for 38.98.120..83. Maybe you can contact them and ask?
The reason you could not find any information pertaining to the I.P. address above is because there cannot be two decimal points between the octets...ever. 38.98.120..83 is incorrect where 38.98.120.83 would be the correct I.P. address. I am sure this was a typographical error by shumey when he originally posted.
WOW. This was my first post on the forums here. I have been visiting the site for several years as a result of searching for fixes here and there. It is good to finally join and participate. I look forward to helping and/or seeking for it in the future.
Thanks,
~~mike~~
This could be MEDIA DEFENDER. Their IP addresses show up as Performance Systems International, and they are looking for P2P file sharing. Here are some of their ip addresses, at least what i know of, but I'm sure they have more. They use an ATM connection or higher.
38.107.160.* (* = all numbers)
38.107.161.*
38.107.163.*
38.107.164.*
81.208.106.69
Good luck
38.107.160.* (* = all numbers)
38.107.161.*
38.107.163.*
38.107.164.*
81.208.106.69
Good luck
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.