Jump to content


Photo

IP Block on Outgoing


  • Please log in to reply
5 replies to this topic

#1 whatmeworry?

whatmeworry?

    True Member

  • Honorary Members
  • PipPipPipPip
  • 326 posts

Posted 10 December 2010 - 08:04 PM

I'm using MBAM Pro 1.50 with database 5286 on WinXP Pro. Today, an MBAM popup informed me that MBAM had blocked IP 208.91.207.10 (Type: outgoing). I looked in the Protection Logs and found that there had been three such blocks of attempts to reach the same IP within a few seconds of each other. I checked the Protection logs for each day this month, but there were no other such attempts.

Is there any way to determine what on my system is trying to make this contact? I looked at my Firewall records, but they don't show any such attempt. If there's something on my system trying to reach an IP that MBAM considers dangerous, I'd really like to identify the culprit. It would be terrific if MBAM could record what's making these attempts. I'm also puzzled that my firewall (Agnitum Outpost Pro) didn't record them. As far as I can tell, it records all incoming and outgoing traffic and blocks what it thinks is dangerous.

I'd be most grateful for some help in understanding and dealing with this.

Dell XPS 8300 Win7 Prof. 64-bit desktop (Intel Core i5-2400 processor, 8 GB RAM): MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS
Dell Latitude E5530 Win7 Prof. 64-bit laptop: (Intel 3rd gen. i5-3230M processor, 4 GB RAM), MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS


#2 Mainard

Mainard

    Forum Admin

  • Administrators
  • PipPipPipPipPipPip
  • 1,718 posts
  • Gender:Male
  • Location:San Jose, CA
  • Interests:Ice Hockey
    Guild Wars 2 & League of Legends

Posted 10 December 2010 - 08:27 PM

Hello whatmeworry?,

Are you getting the notifications while surfing?
Grant Gardiner
Software Development Engineer in Test

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 whatmeworry?

whatmeworry?

    True Member

  • Honorary Members
  • PipPipPipPip
  • 326 posts

Posted 10 December 2010 - 09:10 PM

Thanks for your response. I'm afraid I don't remember what I was doing when the warning appeared.

Dell XPS 8300 Win7 Prof. 64-bit desktop (Intel Core i5-2400 processor, 8 GB RAM): MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS
Dell Latitude E5530 Win7 Prof. 64-bit laptop: (Intel 3rd gen. i5-3230M processor, 4 GB RAM), MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS


#4 John A

John A

    True Member

  • Honorary Members
  • PipPipPipPip
  • 253 posts
  • Location:NSW Australia

Posted 10 December 2010 - 10:23 PM

Hello Whatmeworry

See explanantion of IP Blocking Section G here

MBAM 1.5 will tell you the name of the process attempting to access the IP address but only on Windows 7 or Vista - not XP - see this thread for an explanation.

So it is a bit difficult to ascertain the source in XP. If you were surfing at the time then it may have been your browser that was accessing that IP. It can also occur with Skype and similar programs even when you are not using them (provided they are running).

If it happens when you are accessing a site that you think is safe you should report the block as a possible false positive here.

But it can also occur if you have malware, so if you are not sure what may have caused it you should do scans with your AV and MBAM

MBAM IP blocking works differently to a firewall, so the fact that your firewall didn't complain is not surprising.
Desktop - Intel Core 2 x CPU, 6600 2x2.4GHz, 3GB Ram, Windows 7x32, IE11, Firefox, Microsoft Security Essentials, MalwareBytes Pro, Windows 7 Native Firewall, hardware firewall.
Netbook: Old Acer Netbook, 1Gb, Windows XP/UBUNTU dual boot, Malwarebytes free, Microsoft Security Essentials, Windows XP native firewall

Netbook: Acer 2Gb, Windows 7 x 32, Microsoft Security Essentials, MalwareBytes Pro, Windows 7 Native Firewall.
Notebook: Acer, 4Gb, Windows 8.1 x 64, Windows Defender, MalwareBytes Pro, Windows 8 Native Firewall, hardware firewall

#5 whatmeworry?

whatmeworry?

    True Member

  • Honorary Members
  • PipPipPipPip
  • 326 posts

Posted 10 December 2010 - 11:09 PM

Thanks very much, John A, for your response. I didn't know that MBAM could give me the information I needed if I had been using Vista or Windows 7 rather than XP. Though I'm sorry the feature doesn't work on XP, I'm very happy to know that it's already available on Windows 7.

I no longer seem to have a whois client that I like, but I've been poking around a bit to try to find more info about the IP MBAM blocked. It does seem the blocking was justified, but the question remains of what prompted the attempt to reach that IP. No Skype or similar programs were active at the time. I seriously doubt that I've got malware. I run MBAM Quick Scans every day and run longer scans with my AV at reasonable intervals. I can't even remember the last time I had real malware (as opposed to a false positive). Still, that's obviously my concern here.

I was interested in your statement that MBAM IP blocking works differently than a firewall. Am I right in thinking that whereas a firewall will note all incoming and outgoing traffic and may block or warn about any of these that seem threatening, MBAM will take note of all the IP addresses on a given web page and will block and warn if it sees anything nasty even if the browser hasn't made a specific attempt to access the nasty IP? And I guess that would be recorded as "outgoing," yes? So perhaps that's all it was, though that doesn't account for the fact that there were three blockings of that IP in a matter of seconds.

I guess I'll just have to pay more attention than usual until I have a better handle on this. Thanks again for your help.

Dell XPS 8300 Win7 Prof. 64-bit desktop (Intel Core i5-2400 processor, 8 GB RAM): MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS
Dell Latitude E5530 Win7 Prof. 64-bit laptop: (Intel 3rd gen. i5-3230M processor, 4 GB RAM), MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS


#6 John A

John A

    True Member

  • Honorary Members
  • PipPipPipPip
  • 253 posts
  • Location:NSW Australia

Posted 11 December 2010 - 01:50 AM

No worries. I became interested in this issue when Skype caused IP blocks on my computers.

In XP, MBAM can't name the process causing the blocked IP address because XP can't provide the information.

One of the experts will have to explain the difference between IP blocking and a firewall, all I know is that they are different functions and that IP blocking does not replace a firewall.

IP blocking in MAM operates on all internet operations, not just browsers
Desktop - Intel Core 2 x CPU, 6600 2x2.4GHz, 3GB Ram, Windows 7x32, IE11, Firefox, Microsoft Security Essentials, MalwareBytes Pro, Windows 7 Native Firewall, hardware firewall.
Netbook: Old Acer Netbook, 1Gb, Windows XP/UBUNTU dual boot, Malwarebytes free, Microsoft Security Essentials, Windows XP native firewall

Netbook: Acer 2Gb, Windows 7 x 32, Microsoft Security Essentials, MalwareBytes Pro, Windows 7 Native Firewall.
Notebook: Acer, 4Gb, Windows 8.1 x 64, Windows Defender, MalwareBytes Pro, Windows 8 Native Firewall, hardware firewall




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users