UDP Packets from S&D
Whilst running wireshark I noticed my machine was sending UDP packets to
126.96.36.199 every 1 or 2 seconds.
This stopped when I stopped the S&D service so I'm confident that's the source.
I'm wondering if this is the update service however it seems a bit much to be sending packets out every few seconds.
The Packets contain the text Someone else out there? computer=<name>
Could anyone shed any light?
I tried searching but didn't come up with anything.
Thanks in advance
When you say you stopped the service - does that mean you are running the Spybot-S&D 2.0 Beta?
I'm currently running, Scanner Version 188.8.131.52
Last edited by tashi; 2012-01-27 at 20:51.
Reason: Moved thread to the Beta forum
That can have various reasons.
One of them is that parts of Spybot-S&D temporarily try to verify their certification via internet.
Another one is that SDWelcome tries to connect with the Spybot Services and communicates with them via HTTP.
Or the Updater searches for updates and connects with the internet.
None of these connections are bad, they are only for your security.
I found this using Peerblock, the IP addy and port are listed in the Bogon Iblock list as untrusted. I tried to find it on whois and could not, that info was being blocked.
as far as I can tell, as you described this sandra, this should be a one time thing or daily? I am concerned at the amount of data outgoing to this IP 184.108.40.206, it acts like too much like a trojan horse/ logger.
based on your word, spybotsandra, I am allowing this IP for 15 min, if it continues to try to update whatever it is sending out, I would suggest SB change its behavior to not be so sneaky about it. I personally like the product but if continues to act like a data mine, I will uninstall it.
hmmm edit rules say i can edit post but there is not edit button. (edit button appears on this post but not my first one ?? nice bug)
Originally Posted by Zatris
anyway here is a link i found that makes me even more concerned. http://www.freefixer.com/library/file/69910/
Like I said I would rather uninstall it than worry about Spybot data-mining.
Member of Team Spybot
That is the client count feature which uses this port.
We will improve this intervall in the new version Spybot 2.1. which we are currently working on.
Thank you, as many forums as I belong to, scanning the "Readme first" become a chore. sorry.
Originally Posted by tashi
ok well for now I turned off S&D 2 Scanner service and set to disabled (i have malwarebytes). I dont understand this, when the description says "malware scanning services to S&D modules", why does it need to connect to you here at all? I cant think of any other reason than to send you data mined personal information, yes I am the type to turn off automatic updates on everything. (past experience with identity theft made me paranoid a bit)
Originally Posted by spybotsandra
Last edited by Zatris; 2013-03-21 at 15:04.