Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Odd Connections


  • Please log in to reply
5 replies to this topic

#1 Ruok2bu

Ruok2bu

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 23 October 2015 - 03:17 AM

A couple of days ago i downgraded (reinstalled) Windows 7 Pro x64 (i was using Windows 8.1 x64 before) and i just noticed some very strange outgoing connections have been occuring randomly throughout the day.

 

I see the connections being blocked (no idea if its all of them, but at least some are being blocked) in PeerBlock and the connection is always 3 outgoing on UDP port 10222 to 99.248.172.232 on UDP port 42488.

 

My system is also making a succesful connection on UDP port 10222 to various other IP's (one of them is Microsoft Singapore, but i have no idea why my computer would be pinging Singapore as im on the east coast of Canada).

 

I checked my system and i have nothing using those ports.

 

Any idea what these connections are?

 

peerblock.png


Edited by Ruok2bu, 23 October 2015 - 03:36 AM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 23 October 2015 - 05:40 AM

Hi Ruok2bu :)

This address belongs to Rogers, which I assume is your ISP.

LoiiUQ4.png
http://whatismyipaddress.com/ip/99.248.172.232

This is a CPE IP address and it's entirely normal to send communications to these.

https://en.wikipedia.org/wiki/Customer-premises_equipment

So basically, this IP address is safe, I wouldn't worry about it.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Ruok2bu

Ruok2bu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 23 October 2015 - 12:28 PM

Thing is, that's not my ISP.  My ISP is Videotron and in fact Rogers isn't even available in my province.

 

Also, the destination port changed (i shutdown my comp for the night).  Now its 47659 (my source port is still 10222).


Edited by Ruok2bu, 23 October 2015 - 12:40 PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 23 October 2015 - 12:46 PM

Which province do you live in? And even there, I wouldn't worry since this is a legitimate IP address. It's possible that Videotron is redirecting some of the connections through's Rogers CPE for whatever reason there is. This is something you would have to call Videotron to learn about.

My ISP is also Videotron and I live in Québec, maybe I can take a look at my connections when I get home tonight.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Ruok2bu

Ruok2bu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 23 October 2015 - 12:56 PM

I managed to find out which application is doing the connections and it looks like its safe after all.

 

The culprit is: Skype

 

Thanks for the fast response anyhow!



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 23 October 2015 - 01:58 PM

It's safe, since Skype is a P2P application, these kind of connections can occur.

Glad to see that you found the culprit :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users