Go Back   Computer Forums > General Computing > Networking | DNS
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 06-17-2013, 12:52 PM   #1
Baseband Member
 
Join Date: Nov 2011
Posts: 32
Default Blocking outbound 443

I have Win7 with a Linksys router. I noticed in the router log that were are several unknown (to me) IP connections on 443. I would like to block them. Is this easy? Or a pain?

thanks

RON
__________________

__________________
It's tough to make predictions, especially about the future. -- Yogi Berra
RonNYC is offline   Reply With Quote
Old 06-17-2013, 02:21 PM   #2
Fully Optimized
 
jmacavali's Avatar
 
Join Date: Jun 2009
Posts: 4,867
Default Re: Blocking outbound 443

Pretty sure that's https traffic (as opposed to just http). It can also be used for email I think.
__________________

__________________
****************************************
Don't take life too seriously -- no one gets out alive. Plus, who wants to arrive to the hereafter in pristine condition wearing a suit and tie?
I want to slide in sideways, worn out, used up, hair a mess, clothes tattered, & screaming, "Whooo! What a ride!"
****************************************
jmacavali is offline   Reply With Quote
Old 06-17-2013, 02:58 PM   #3
Baseband Member
 
Join Date: Nov 2011
Posts: 32
Default Re: Blocking outbound 443

I'm sure its HTTPS but it doesn't originate from me, that is, from an action by me. I don't know how to evaluate it.

31.13.65.23
98.124.247.66
199.59.149.230
23.54.209.224

Perhaps this is just customary for "normal" web pages. I don't know.

RON
__________________
It's tough to make predictions, especially about the future. -- Yogi Berra
RonNYC is offline   Reply With Quote
Old 06-18-2013, 02:05 PM   #4
Fully Optimized
 
cboucher's Avatar
 
Join Date: Jun 2009
Location: USA
Posts: 1,652
Default Re: Blocking outbound 443

Quote:
Originally Posted by RonNYC View Post
I'm sure its HTTPS but it doesn't originate from me, that is, from an action by me. I don't know how to evaluate it.

31.13.65.23
98.124.247.66
199.59.149.230
23.54.209.224

Perhaps this is just customary for "normal" web pages. I don't know.

RON
One of those looks like it's coming from twitter...
__________________
But I'm trying, Ringo. I'm trying real hard... to be the Shepherd.
cboucher is offline   Reply With Quote
Old 06-18-2013, 04:01 PM   #5
Baseband Member
 
Join Date: Nov 2011
Posts: 32
Default Re: Blocking outbound 443

Yes I could see Twitter. I don't have a twitter account. My question is: is it common for web sites I visit to then use 443 to GET or POST something on a site I am unfamiliar with? And how can I block this?
__________________
It's tough to make predictions, especially about the future. -- Yogi Berra
RonNYC is offline   Reply With Quote
Old 06-20-2013, 01:38 PM   #6
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Blocking outbound 443

Those could be tracking cookies phoning home. Take those IP's and see if they are in the firewall logs. If so you can see where they came from and who they were talking to.
setishock is offline   Reply With Quote
Old 06-24-2013, 08:08 AM   #7
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,003
Default Re: Blocking outbound 443

The addresses relate to sites by:
Facebook,
Twitter
Akami (which is a company that has servers all over the world that mirror sites) -so could be anything that you're connecting to)
and a block that seems to be in use by a company called demand media.

I suspect that if you looked at the site that you connected to when you saw these strange connections there would be.

An article served by the site:
some kind of comments section where you could comment on the article from the identity of your face book account, a part where they want to show you who is tweeting about the article.
(that explains the first two).

If the article is on a very large site, and if you've needed to sign in, then it's likely that the site could be hosted on Akami, (so it's mirrored to a server geographically closer to you so that your access to it is easier.)
as for the last site: demand media, I'd imagine that's either the publisher of the site that you're connected to, (and you need to connect to them because there is some content that can't be cached (e.g. comments section or forum) to get actual content, whilst things like site banners, and a lot of page data is served by Akami.
either that or demand media host adverts.

so mystery solved.
the reason you're connecting to those sites is because whatever page you're looking at has content from those sites.


Code:
C:\Windows\System32>jwhois 31.13.65.23
[Querying whois.arin.net]
[Redirected to whois.ripe.net:43]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '31.13.64.0 - 31.13.127.255'

inetnum:        31.13.64.0 - 31.13.127.255
netname:        IE-FACEBOOK-20110418
descr:          Facebook Ireland Ltd
country:        IE
org:            ORG-FIL7-RIPE
admin-c:        RD4299-RIPE
tech-c:         RD4299-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      fb-neteng
mnt-routes:     fb-neteng
source:         RIPE # Filtered
Code:
C:\Windows\System32>jwhois 199.59.149.230
[Querying whois.arin.net]
[whois.arin.net]

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 199.59.149.230"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=199.59.149.230?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       199.59.148.0 - 199.59.151.255
CIDR:           199.59.148.0/22
OriginAS:       AS13414
NetName:        TWITTER-NETWORK
NetHandle:      NET-199-59-148-0-1
Parent:         NET-199-0-0-0-0
NetType:        Direct Assignment
RegDate:        2010-11-23
Updated:        2013-05-16
Ref:            http://whois.arin.net/rest/net/NET-199-59-148-0-1


OrgName:        Twitter Inc.
OrgId:          TWITT
Address:        1355 Market Street
Address:        Suite 900
City:           San Francisco
StateProv:      CA
PostalCode:     94103
Country:        US
RegDate:        2010-03-08
Updated:        2013-04-26
Ref:            http://whois.arin.net/rest/org/TWITT

OrgTechHandle: CONNO14-ARIN
OrgTechName:   connor, Shane
OrgTechPhone:  +1-415-750-4040
OrgTechEmail:  sconnor@twitter.com
OrgTechRef:    http://whois.arin.net/rest/poc/CONNO14-ARIN

OrgNOCHandle: NETWO3685-ARIN
OrgNOCName:   Network Operations
OrgNOCPhone:  +1-415-222-9670
OrgNOCEmail:  noc@twitter.com
OrgNOCRef:    http://whois.arin.net/rest/poc/NETWO3685-ARIN
Code:
C:\Windows\System32>jwhois 23.54.209.224
[Querying whois.arin.net]
[whois.arin.net]

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 23.54.209.224"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=23.54.209.224?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       23.32.0.0 - 23.67.255.255
CIDR:           23.64.0.0/14, 23.32.0.0/11
OriginAS:
NetName:        AKAMAI
NetHandle:      NET-23-32-0-0-1
Parent:         NET-23-0-0-0-0
NetType:        Direct Allocation
RegDate:        2011-05-16
Updated:        2012-03-02
Ref:            http://whois.arin.net/rest/net/NET-23-32-0-0-1

OrgName:        Akamai Technologies, Inc.
OrgId:          AKAMAI
Address:        8 Cambridge Center
City:           Cambridge
StateProv:      MA
PostalCode:     02142
Country:        US
RegDate:        1999-01-21
Updated:        2011-09-24
Ref:            http://whois.arin.net/rest/org/AKAMAI


Code:
C:\Windows\System32>jwhois 98.124.247.66
[Querying whois.arin.net]
[whois.arin.net]

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 98.124.247.66"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=98.124.247.66?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       98.124.192.0 - 98.124.255.255
CIDR:           98.124.192.0/18
OriginAS:       AS21740
NetName:        DEMANDMEDIA-2
NetHandle:      NET-98-124-192-0-1
Parent:         NET-98-0-0-0-0
NetType:        Direct Assignment
RegDate:        2008-06-17
Updated:        2012-03-21
Ref:            http://whois.arin.net/rest/net/NET-98-124-192-0-1

OrgName:        eNom, Incorporated
OrgId:          ENOM
Address:        5808 Lake Washington Blvd. Suite 300
City:           Kirkland
StateProv:      WA
PostalCode:     98033
Country:        US
RegDate:        2001-06-15
Updated:        2012-05-03
Comment:        Domain Related inquiries please contact our helpdesk at 425-274-4500 (http://www.eno
m.com/help/).
Ref:            http://whois.arin.net/rest/org/ENOM

OrgTechHandle: SVOBO-ARIN
OrgTechName:   svobodny, ben
OrgTechPhone:  +1-425-298-2205
OrgTechEmail:  ben.svobodny@demandmedia.com
OrgTechRef:    http://whois.arin.net/rest/poc/SVOBO-ARIN

OrgAbuseHandle: DEMAN-ARIN
OrgAbuseName:   DemandMedia NOC
OrgAbusePhone:  +1-425-274-4500
OrgAbuseEmail:  dmnoc@demandmedia.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/DEMAN-ARIN
__________________

__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 11:58 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0