+- Britec Tech Support Forum (https://briteccomputers.co.uk/forum)
+-- Forum: Computer Security (https://briteccomputers.co.uk/forum/forumdisplay.php?fid=50)
+--- Forum: Security, Viruses, Trojans & Malware Removal (https://briteccomputers.co.uk/forum/forumdisplay.php?fid=30)
+--- Thread: Dirtjumper and suspicious network traffic (/showthread.php?tid=4184)
RE: Dirtjumper and suspicious network traffic - Compton - 03-30-2018
I don't see any issue
I would say don't worry too much about it just make you keep all protection on and you should be ok
RE: Dirtjumper and suspicious network traffic - Britec - 03-30-2018
Looking at some of these IP Address, a lot of these are to do with Microsoft Servers
example: 131.253.61.102
Quote:18425265 Packet DROPPED: Proto: IP_TCP Flags: 0x00000001 Src: MY IP Dest: 131.253.61.102 SrcPort: 49695 DstPort: 443
[attachment=3509]
People get paranoid a lot about stuff like this and Microsoft does like to connect to your computer a fair bit, also other things to investigate is another devices connected to your network? ie: PS4 PS3, Xbox, TV, Mobile Devices, Cable Set Top Box, TV Box, Modem, Router, UPNP, SIP ALG, APIPA etc etc.
You also have a lot of Google IP addresses in that list
https://ipinfo.io/AS15169/216.58.192.0/19-216.58.207.128/25
Code:
18879265 Packet DROPPED: Proto: IP_UDP Flags: 0x00000005 Src: MY IP Dest: 216.58.207.238 SrcPort: 54491 DstPort: 443You can do more investigation to track down the rest of the IP Addresses, but as you can see when you start digging there is reasonable explanations to a lot of these addresses.
Wiping your machine may give you peace of mind.
Hope this helps.
RE: Dirtjumper and suspicious network traffic - Deswe - 03-30-2018
Feels a bit wrong if i have to agree with you, that all this is normal but i guess it is then. It feels like i am alone with this whole thing, nobody else is getting about 500 ish blocked connections per day or at least i haven't seen anyone with this same thing. Huge thanks for everyone who have helped.
There is no other devices connected to our network, not even a router becuase it was taken off. So this is straight cable connection from my pc to a wall outlet. Also the fact that this issue has cost us a lot of time and more than couple hundred euros makes it difficult to live with the mindset of this pc being completely clean. AND if the only solution for this is to have a FREE firewall installed which blocks all the useless stuff, i wonder how our isp's tech support never told me to get one... that kind of pisses me off.
If you meant with wiping the machine to do a clean reinstall of windows, i have done it probably 3 times within a time from january to this month. I might change from ZA to something else if there is any other solutions, because i don't like the stuff za does in this pc.
RE: Dirtjumper and suspicious network traffic - Britec - 03-30-2018
Like I said, there is loads of ip that relate to places that are not malicious ie google, all them 216 are google https://ipinfo.io/AS15169/216.58.192.0/19-216.58.207.128/25
I can go through all your ip addresses, but at random they show up as OK
Another example.
[attachment=3510]
Loads of 13.107. 4.50 which are Microsoft
[attachment=3511]
Like I said, you asked what a lot of these ip addresses are and I have shown you. OK maybe some will be hard to track, but with more work they can be id very easy.
Loads of 93.184.221.240 probably your ISP
[attachment=3512]
Loads of 54.213.114.154 which are Amazon
https://rdpguard.com/free-whois.aspx?ip=54.213.114.154
So now you should be getting a clearer picture of whats going on with your system.
RE: Dirtjumper and suspicious network traffic - Deswe - 03-30-2018
Thanks for taking a look on those. I hope it didn't look like im not thankful for the help i got on my previous comment. I probably should take a look on my own of some ips if i find same kind of ips i did at some point, and if i do i will post about it here. I guess everything is actually ok then, and that's a good thing of course. I actually wished there would be something found, only because the problem have been a thing after everything i have done to get it fixed.
RE: Dirtjumper and suspicious network traffic - Compton - 03-30-2018
Deswe I also load zone Alarm on my system some time back
Must of the time its Microsoft connecting to the system
I think one of the reasons you are so shocked is because you are now seeing what connecting to your system
most people will not see logs like that because don't have a firewall zone Alarm loaded on the system
RE: Dirtjumper and suspicious network traffic - Deswe - 03-30-2018
(03-30-2018, 01:35 PM)Compton Wrote: Deswe I also load zone Alarm on my system some time back
Must of the time its Microsoft connecting to the system
I think one of the reasons you are so shocked is because you are now seeing what connecting to your system
most people will not see logs like that because don't have a firewall zone Alarm loaded on the system
You are probably right. Tho i watched the traffic through Wireshark before i installed ZoneAlarm, and those were the most suspicious ones, like russia, china, iran... the ones i already said earlier. Especially the russian connections were strange and suspicious because they were labeled as "Russian federation". And yeah it's surprisingly big amount of connections what goes through every day, but it's really strange at the same time if my isp sees them as some kind of botnet, but let's hope it's just a false positive which they only once said it could be. Oh yeah and verizon is not my ISP. Amazon, not sure why would it connect to amazon because i dont use it but i guess it's just some data collecting/sharing thing. That OVH thing is weird, why would it ever connect to that page... well idk im just questioning everything now, not being purposely a difficult person.
RE: Dirtjumper and suspicious network traffic - Britec - 03-30-2018
The more you look the more you will find and the more panicky you will get. A lot of the IP's in your log file are non malicious, I have not tested all of them but the ones I did had no malicious intent. Its hard to help without looking at the issue in hand live with wireshark or some other network monitoring software.
You have reinstalled Windows a number of times and I would say that most of this traffic is Google, Microsoft, ISP, etc etc.
Check to see how many devices are connect to your network at any one time and check connection logs.
I would not worry your self sick about it, sometimes when you get a idea in your head it can drive you nuts. I am pretty sure that if you wipe your PC they will be nothing to worry about.
Good Luck
RE: Dirtjumper and suspicious network traffic - Compton - 03-30-2018
I think if you that worry you may want to use a VPN
I would recommend private internet access which bases in the USA
they say no logging I personally use them had no problem
https://www.privateinternetaccess.com/
Britec did some video on VPNs do your research take your pick
RE: Dirtjumper and suspicious network traffic - Deswe - 03-30-2018
Thanks Britec and Compton, i probably start to believe in to it more that there is nothing malicious in my pc. I searched through some ips and domains with wireshark and there surely is something going to some random domains, but they are mostly related to some kind of connection managing companies. I have to think if i'd use a vpn, thanks for the tip.