Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: UDP Packets from S&D

  1. #1
    Junior Member
    Join Date
    Jan 2012
    Posts
    2

    Default UDP Packets from S&D

    Good Evening,

    Whilst running wireshark I noticed my machine was sending UDP packets to
    226.178.217.5 every 1 or 2 seconds.

    This stopped when I stopped the S&D service so I'm confident that's the source.

    I'm wondering if this is the update service however it seems a bit much to be sending packets out every few seconds.
    The Packets contain the text Someone else out there? computer=<name>

    Could anyone shed any light?
    I tried searching but didn't come up with anything.

    Thanks in advance

    GM: confused:

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    When you say you stopped the service - does that mean you are running the Spybot-S&D 2.0 Beta?

    Best regards
    Sandra
    Team Spybot

  3. #3
    Junior Member
    Join Date
    Jan 2012
    Posts
    2

    Default

    Hi spybotsandra,

    I'm currently running, Scanner Version 2.0.5.131

    Thanks

    GM
    Last edited by tashi; 2012-01-27 at 21:51. Reason: Moved thread to the Beta forum

  4. #4
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    That can have various reasons.
    One of them is that parts of Spybot-S&D temporarily try to verify their certification via internet.
    Another one is that SDWelcome tries to connect with the Spybot Services and communicates with them via HTTP.
    Or the Updater searches for updates and connects with the internet.
    None of these connections are bad, they are only for your security.

    Best regards
    Sandra
    Team Spybot

  5. #5
    Junior Member
    Join Date
    Mar 2013
    Posts
    4

    Default

    Hi

    I found this using Peerblock, the IP addy and port are listed in the Bogon Iblock list as untrusted. I tried to find it on whois and could not, that info was being blocked.

    as far as I can tell, as you described this sandra, this should be a one time thing or daily? I am concerned at the amount of data outgoing to this IP 226.178.217.5, it acts like too much like a trojan horse/ logger.

    based on your word, spybotsandra, I am allowing this IP for 15 min, if it continues to try to update whatever it is sending out, I would suggest SB change its behavior to not be so sneaky about it. I personally like the product but if continues to act like a data mine, I will uninstall it.

  6. #6
    Junior Member
    Join Date
    Mar 2013
    Posts
    4

    Default

    Quote Originally Posted by Zatris View Post
    Hi

    I found this using Peerblock, the IP addy and port are listed in the Bogon Iblock list as untrusted. I tried to find it on whois and could not, that info was being blocked.

    as far as I can tell, as you described this sandra, this should be a one time thing or daily? I am concerned at the amount of data outgoing to this IP 226.178.217.5, it acts like too much like a trojan horse/ logger.

    based on your word, spybotsandra, I am allowing this IP for 15 min, if it continues to try to update whatever it is sending out, I would suggest SB change its behavior to not be so sneaky about it. I personally like the product but if continues to act like a data mine, I will uninstall it.
    hmmm edit rules say i can edit post but there is not edit button. (edit button appears on this post but not my first one ?? nice bug)

    anyway here is a link i found that makes me even more concerned. http://www.freefixer.com/library/file/69910/

    Like I said I would rather uninstall it than worry about Spybot data-mining.

  7. #7
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Zatris,
    Quote Originally Posted by Zatris View Post
    hmmm edit rules say i can edit post but there is not edit button. (edit button appears on this post but not my first one ?? nice bug)
    Not a bug.

    Can I edit my own posts?

    1. In the Spybot-S&D forum and others, there is a 15 minute time frame to edit one's post. It lessens the chance of an answer referring to things the original poster has deleted.
    2. In the Malware Removal Forum, members may not edit their posts. A helper may already be analyzing the information given.
    http://forums.spybot.info/showpost.p...36&postcount=6

    I left a note for our team so that someone may address your concern.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  8. #8
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    That is the client count feature which uses this port.
    We will improve this intervall in the new version Spybot 2.1. which we are currently working on.

    Best regards
    Sandra
    Team Spybot

  9. #9
    Junior Member
    Join Date
    Mar 2013
    Posts
    4

    Default

    Quote Originally Posted by tashi View Post
    Hello Zatris,


    Not a bug.

    http://forums.spybot.info/showpost.p...36&postcount=6

    I left a note for our team so that someone may address your concern.

    Best regards.
    Thank you, as many forums as I belong to, scanning the "Readme first" become a chore. sorry.

  10. #10
    Junior Member
    Join Date
    Mar 2013
    Posts
    4

    Default

    Quote Originally Posted by spybotsandra View Post
    Hello,

    That is the client count feature which uses this port.
    We will improve this intervall in the new version Spybot 2.1. which we are currently working on.

    Best regards
    Sandra
    Team Spybot
    ok well for now I turned off S&D 2 Scanner service and set to disabled (i have malwarebytes). I dont understand this, when the description says "malware scanning services to S&D modules", why does it need to connect to you here at all? I cant think of any other reason than to send you data mined personal information, yes I am the type to turn off automatic updates on everything. (past experience with identity theft made me paranoid a bit)
    Last edited by Zatris; 2013-03-21 at 16:04.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •