Welcome! Log In Create A New Profile

Advanced

strange connection blocked by pb

Posted by Anonymous User 
Anonymous User
strange connection blocked by pb
July 15, 2016 03:21PM
hello.

I've been using peerblocker for a couple of months, and since last week I observed something strange going on.
pb did not detect much activity initially, but then it started blocking an outgoing TCP connection, to a server with IP 13.88.144.248.

Although the pb interface reports the ip belonging to a "Xerox corporation", a whois search actually revealed that the ip actually pertains to Microsoft.
What's strange, is that whichever process (more on that following) tries to connect said server, starts trying from local port 1052 (as soon as I boot the OS), and then proceeds to try the connection over every single following port, until I log out of the computer. Also kinda alarming (at least to me, I'm not very versed in networks), the remote port is always 443, which from what I gather is the one used for encrypted TCP traffic.

I also read that firewalls don't block outgoing traffic to remote 443 ports, so I forced my comodo pw to block the traffic to said ip range / port, just in case.

In regards to the process opening the connection, I tried Process Monitor to observe which one is, but could not see anything peculiar - I'm kinda sure though that it's a windows component (btw, I have w7 64bit).

Now, although it could be something related to the windows 10 upgrade fuss, I find rather strange and very aggressive on ms part to try establishing a connection in that way, especially if encrypted.

Was wondering if anybody here observed similar behaviours from their OSes and what to expect, or if I should maybe just let it connect.

Thanks,
RJ
Re: strange connection blocked by pb
July 16, 2016 01:06PM
jumpman Wrote:
-------------------------------------------------------
> I tried Process Monitor to observe which one is, but could not see anything peculiar

Did you Uncheck these buttons: Show Registry Activity, Show File System Activity, Show Process and Thread Activity ?
and leave only: Show Network Activity ?
(Process Monitor - Procmon.exe (Mark Russinovich) - [technet.microsoft.com])

You should see the IP and the Process Name / PID --- when you enable (unblock) the IP !
You can only see the connection, if there is one.

Firewalls are adjustable to block, what you want. You can block an IP, all ports except 80/443, or block internet access for every prog you want. So first step find out the connecting app/prog/process.
Sorry, only registered users may post in this forum.

Click here to login