UDP Packets from S&D

**Grand master** · 2012-01-26, 20:49

Good Evening,

Whilst running wireshark I noticed my machine was sending UDP packets to
226.178.217.5 every 1 or 2 seconds.

This stopped when I stopped the S&D service so I'm confident that's the source.

I'm wondering if this is the update service however it seems a bit much to be sending packets out every few seconds.
The Packets contain the text Someone else out there? computer=<name>

Could anyone shed any light?
I tried searching but didn't come up with anything.

Thanks in advance

GM: confused:

**spybotsandra** · 2012-01-27, 10:50

Hello,

When you say you stopped the service - does that mean you are running the Spybot-S&D 2.0 Beta?

Best regards
Sandra
Team Spybot

**Grand master** · 2012-01-27, 20:06

Hi spybotsandra,

I'm currently running, Scanner Version 2.0.5.131

Thanks

GM

**spybotsandra** · 2012-01-30, 11:46

Hello,

That can have various reasons.
One of them is that parts of Spybot-S&D temporarily try to verify their certification via internet.
Another one is that SDWelcome tries to connect with the Spybot Services and communicates with them via HTTP.
Or the Updater searches for updates and connects with the internet.
None of these connections are bad, they are only for your security.

Best regards
Sandra
Team Spybot

**Zatris** · 2013-03-20, 17:02

Hi

I found this using Peerblock, the IP addy and port are listed in the Bogon Iblock list as untrusted. I tried to find it on whois and could not, that info was being blocked.

as far as I can tell, as you described this sandra, this should be a one time thing or daily? I am concerned at the amount of data outgoing to this IP 226.178.217.5, it acts like too much like a trojan horse/ logger.

based on your word, spybotsandra, I am allowing this IP for 15 min, if it continues to try to update whatever it is sending out, I would suggest SB change its behavior to not be so sneaky about it. I personally like the product but if continues to act like a data mine, I will uninstall it.

**Zatris** · 2013-03-20, 17:40

Originally Posted by Zatris

Hi

I found this using Peerblock, the IP addy and port are listed in the Bogon Iblock list as untrusted. I tried to find it on whois and could not, that info was being blocked.

as far as I can tell, as you described this sandra, this should be a one time thing or daily? I am concerned at the amount of data outgoing to this IP 226.178.217.5, it acts like too much like a trojan horse/ logger.

based on your word, spybotsandra, I am allowing this IP for 15 min, if it continues to try to update whatever it is sending out, I would suggest SB change its behavior to not be so sneaky about it. I personally like the product but if continues to act like a data mine, I will uninstall it.

hmmm edit rules say i can edit post but there is not edit button. (edit button appears on this post but not my first one ?? nice bug)

anyway here is a link i found that makes me even more concerned. http://www.freefixer.com/library/file/69910/

Like I said I would rather uninstall it than worry about Spybot data-mining.

Thread: UDP Packets from S&D

Thread Tools

Display

Hybrid View

UDP Packets from S&D

Posting Permissions