Andabutterpie Posted May 5, 2008 Posted May 5, 2008 (edited) I was reading the latest Imgburn Function guide online when I though it would be easier to download it as a document using the thread tools option. Whenever I opened the document, I would see my firewall lights going wild. Using both a netstat -an command and TCPview from Sysinternals.com, I noticed that whenever the document is first open, an IP connection to 84.246.88.12 is established. Another connection is also established to IP address: 194.150.224.62 A Google search indicates it may be some sort of travel agency: http://www.google.com/search?hl=en&q=1...G=Google+Search Is this anything out of the ordinary. Do others experience the same thing. If I posted this to the wrong forum, I'm sorry. I'm not sure this kind of question should be posted to the Guides forum, or if a member can post there. A whois check provides the following information on IP address 84.246.88.12 : netnum: 84.246.88.0 - 84.246.88.15 netname: BACKBONE-OWNIT-SE descr: SERVERS1-OWNIT-SE country: SE org: ORG-OA21-RIPE admin-c: OBR3-RIPE tech-c: OBR3-RIPE status: ASSIGNED PA remarks: INFRA-AW mnt-by: OWNIT-MNT source: RIPE # Filtered organisation: ORG-OA21-RIPE org-name: Ownit AB org-type: LIR address: Tellusborgsvagen 94 address: 126 37 address: Hagersten address: Sweden phone: +46852507300 fax-no: +46854904730 admin-c: ME1402-RIPE admin-c: PD3279-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: OWNIT-MNT mnt-by: RIPE-NCC-HM-MNT source: RIPE # Filtered role: Ownit Broadband Registry address: Ownit Broadband AB address: Tellusborgsvagen 94 address: 126 37 Hagersten address: Sweden address: www.ownit.se phone: +46 (8) 525 073 00 fax-no: +46 (8) 549 047 30 remarks: ---------------------------- remarks: Please send abuse reports to remarks: abuse@ownit.se remarks: ---------------------------- remarks: Any other issues could use remarks: netmaster@ownit.se remarks: ---------------------------- remarks: In case of emergency, call remarks: +46852507304 remarks: ---------------------------- admin-c: ME1402-RIPE admin-c: PD3279-RIPE tech-c: ME1402-RIPE tech-c: PD3279-RIPE nic-hdl: OBR3-RIPE abuse-mailbox: abuse@ownit.se mnt-by: OWNIT-MNT source: RIPE # Filtered Edited May 5, 2008 by Andabutterpie
LIGHTNING UK! Posted May 5, 2008 Posted May 5, 2008 The pictures are probably hosted on Cynthia's own webspace. If you're that worried about the internet, don't use it! Not everyone is out to get you.
Andabutterpie Posted May 6, 2008 Author Posted May 6, 2008 The pictures are probably hosted on Cynthia's own webspace. If you're that worried about the internet, don't use it! Not everyone is out to get you. It's not so much that I'm worried as I see the connections close once the document is loaded, but one who takes pride in computer security must question it when a MS document file is trying to contact the net. My guess was the same as yours, but I was under the impression that a download of a thread meant that the pictures were hard coded into the document. Perhaps I'm spending too much time reading posts in the Wilders Security and Castlecops forums. This would wind up being a 5 page thread there! At the very least, if anyone else notices the same thing in the future, at least a search will provide them with the possibilities described in this thread. I enjoy reading the posts here and learning more about Imgburn, as I think it's an excellent program. I would just suggest that a notice be added to the guides sticky mentioning that document downloads may look to connect to IP addresses when opened.
blutach Posted May 6, 2008 Posted May 6, 2008 There's a PDF in the first post of the guide, if you are that worried about security. Download it instead - it's more easily searchable, anyway. I would just suggest that a notice be added to the guides sticky mentioning that document downloads may look to connect to IP addresses when opened. The pics have gotta be hosted somewhere! The server of a beta team member is not untrustworthy. Regards
Cynthia Posted May 6, 2008 Posted May 6, 2008 I could only wish for pure html scripting, but it's disabled by default in the forum software - so I've only used common bbcode in the guide. My main reason for not hosting the pictures at the ImgBurn server, was to save the author from having to spend bucks on additional bandwidth. The total picture size in this guide is 3.1 MB. Multiply that with 20.000 downloads per month. In Sweden we don't have regulations on how much bandwidth you can use each month. In the UK you need to pay depending on how much bandwidth you use each month. In Sweden we have a fixed price and you can use as much bandwidth as you wish. At least in theory... As some pictures are used several times in the guide it would also mean more traffic if I've added the pictures in the guide thread, than if the pictures were saved as a general url name on a server. The other ip adress is located in Belgium and is hosted there as a smiley I found on the Internet. I will change the url for that smiley to use my server instead. % This is the RIPE Whois query server #1.% The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '194.150.224.0 - 194.150.225.255' inetnum: 194.150.224.0 - 194.150.225.255 netname: COMBELL descr: COMBELL Network country: BE org: ORG-CGN1-RIPE admin-c: JD602-RIPE tech-c: JD602-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-HM-PI-MNT mnt-by: AS12640-MNT mnt-lower: RIPE-NCC-HM-PI-MNT mnt-routes: AS12640-MNT mnt-domains: AS12640-MNT source: RIPE # Filtered organisation: ORG-CGN1-RIPE org-name: COMBELL GROUP NV org-type: OTHER remarks: COMBELL Network address: Antwerpsesteenweg 450 address: 9000 Gent address: Belgium phone: +32 09 218 79 79 e-mail: tech@combell.com admin-c: JD602-RIPE tech-c: JD602-RIPE mnt-ref: AS12640-MNT mnt-by: AS12640-MNT source: RIPE # Filtered person: Jonas Dhaenens address: Antwerpsesteenweg 450 address: B-9040 GENT phone: +3292187979 fax-no: +3292187978 e-mail: jonas@combellgroup.com nic-hdl: JD602-RIPE source: RIPE # Filtered % Information related to '194.150.224.0/23AS34762' route: 194.150.224.0/23 descr: COMBELL origin: AS34762 mnt-by: AS12640-MNT source: RIPE # Filtered Edit: Links changed.
Recommended Posts