MGStanley
2008-12-10, 19:07
I have just started using the Dynamic Update Client (DUC) published by No-IP.com. This program determines my current dynamic public IP and sends it to domain name servers operated by No-IP. This allows a web server to be run on a connection with a dynamic IP. This is all good, but.....
THE PROBLEM: I have observed that in addition to legitimate traffic sent to one of their DNS machines on Port 8245, the program sends HTTP traffic to large corporations' web sites. I have DUC set to check my public IP every 10 minutes, so there is an outgoing transmission on Port 8245 every 10 minutes. The questionable HTTP traffic is neatly interleaved with the legitimate traffic. When I unload the DUC service all is quiet.
So far I have seen traffic sent to Nokia, Sony, KFC, Walmart, Gamespot, Apple, Telstra, Download.com, etc.
This looks like a spambot to me. I would appreciate others' opinions.
Thanks.
THE PROBLEM: I have observed that in addition to legitimate traffic sent to one of their DNS machines on Port 8245, the program sends HTTP traffic to large corporations' web sites. I have DUC set to check my public IP every 10 minutes, so there is an outgoing transmission on Port 8245 every 10 minutes. The questionable HTTP traffic is neatly interleaved with the legitimate traffic. When I unload the DUC service all is quiet.
So far I have seen traffic sent to Nokia, Sony, KFC, Walmart, Gamespot, Apple, Telstra, Download.com, etc.
This looks like a spambot to me. I would appreciate others' opinions.
Thanks.