Jump to content

ESET New Network Connection Detected


ebrke

Recommended Posts

My knowledge of networking is just about nill--I left all default settings when I installed ESET Smart Security 7 on mother's win 7 laptop. Last night I found an ESET message that a new network connection had been detected. The DNS extension shown in the message was standard for Comcast (hsd1.xx.comcasat.net) but I didn't recognize the subnet shown, it wasn't my router. I debated for a few minutes then gave the connection a Public status figuring there wouldn't be much damage done.

 

Went to the zone entries in ESET. The new zone was the same as original Comcast zone except that it showed 2 subnets, the first unknown to me, the second my router's IP address. Long story short, I wound up deleting the new zone that showed the unknown subnet in addition to my router. In retrospect, I should have done some investigation of the new subnet address, but it was late and I got a little freaked out wondering if I should even have allowed it as Public.

 

Sorry to be so vague, but does anyone have any idea what might have been going on? What causes ESET to generate the New Connection notification? I have the ESET manual, but the Advanced section where this is covered is a little over my head. Wireless is disabled through win 7 control panel by the way.

 

EDIT: Forgot I have to link to an image. Don't have a way to do that right now, so can't show the ESET Zone entry I was going to post.

Edited by ebrke
Link to comment
Share on other sites

V.T. Eric Layton

This is definitely a job for Aryeh (Goretsky). Hopefully, he'll see this post soon. If not, one of us will PM him about it, Elizabeth. :yes:

Link to comment
Share on other sites

Guest LilBambi

 

EDIT: Forgot I have to link to an image. Don't have a way to do that right now, so can't show the ESET Zone entry I was going to post.

 

RE: Images You could upload (as guest) to imgur.com and click the one that is for forums on the right hand side.

Link to comment
Share on other sites

Looking through the log files on that PC, I also see warnings about DNS cache poisoning attacks. No messages have displayed--I know she would have asked me), and I'm assuming that the attacks were stopped because if you right-click on the entries one of the options is "Don't block similar event in the future", so I'm assuming that they were blocked and just logged.

EDIT: nslookup shows the source of the "poisoning" is cdns01.comcast.net. I think this is just Comcast doing stuff--there are a few reports at other sites of the same happening, although they're from a year or more ago.

Edited by ebrke
Link to comment
Share on other sites

Hello,

 

Was there some change to the network connection (update to cable modem or router, installation of virtual machine software)?

 

Regards,

 

Aryeh Goretsky

Link to comment
Share on other sites

Hello,

 

Was there some change to the network connection (update to cable modem or router, installation of virtual machine software)?

 

Regards,

 

Aryeh Goretsky

No, nothing like that, unless it originated at Comcast's end.

EDIT: Comcast supposedly "increased" my speed recently and said to be sure I got this benefit, I should power cycle their modem and my router. Didn't do it--my speed is already fine for my modest needs and with Comcast equipment, you're never sure something's going to come back on line once you shut it off.

Edited by ebrke
Link to comment
Share on other sites

Guest LilBambi

When our connection reconnects it does something similar, but it actually says it's a wireless network (my wireless card is disabled) so I just cancel it.

Link to comment
Share on other sites

When our connection reconnects it does something similar, but it actually says it's a wireless network (my wireless card is disabled) so I just cancel it.

No, there was nothing about a wireless connection, just a new network connection notification from ESET. I'm bummed that didn't get a Snip and I can't even find the piece of paper where I jotted the unfamiliar subnet address.
Link to comment
Share on other sites

V.T. Eric Layton

Hello,

 

You can always call tech support at +1 866 343 3738 and ask support.

 

Regards,

 

Aryeh Goretsky

 

But we have personal tech support right here. ;)

  • Like 1
Link to comment
Share on other sites

Hello,

 

Heh. I'm in research. My realm is more on the "let's infect it and see what gets pulled down" side of things, as opposed to trying to block them. ;)

 

Regards,

 

Aryeh Goretsky

  • Like 1
Link to comment
Share on other sites

Hello,

 

Which explains certain features of the places in which I work, like the lack of network connections and windows, plus EMF shielding in the walls.

 

I suppose I could walk a floppy diskette out, though.

 

Actually, the worst thing I ever had to deal with, in terms of amount of work for me, wasn't even Windows- or Linux-based malware. It was Mac-based.

 

Regards,

 

Aryeh Goretsky

 

until it escapes into the wild.

Link to comment
Share on other sites

Guest LilBambi

Quite understandable Aryeh. Macs are relatively new to the malware arena and now researchers must figure out how it gets in, what it ads, changes, what it is doing, how it hides. Plus Macs make it not as easy for users to get under the hood in some cases.

 

Of course as more and more are injecting themselves into Macs and Linux as well as Windows through browser exploits in some ways it will get easier for researchers over time. ;)

 

Not sure I am happy with it becoming a bit more prevalent on Macs or Linux as in time they will catch up to Windows. But that will take a long time yet. Until then, it's a relatively new frontier and OS X keeps evolving as well.

 

But obviously the malware purveyors are figuring that out, so the good researchers will have to follow...

Link to comment
Share on other sites

Hello,

 

It wasn't the technical issues surrounding it--it was a porn-related piece of malware.

 

Regards,

 

Aryeh Goretsky

Link to comment
Share on other sites

Guest LilBambi

Hello,

 

It wasn't the technical issues surrounding it--it was a porn-related piece of malware.

 

Regards,

 

Aryeh Goretsky

 

People still think they can go to sites that put their systems at risk without using a LiveCD running Linux. Sigh...

Link to comment
Share on other sites

People still think they can go to sites that put their systems at risk without using a LiveCD running Linux. quote from LilBambi

Trisquel.. the only live cd I have.. Does that mean I have to boot to that or just put it in after I start up and connect to ISP..

  • Like 1
Link to comment
Share on other sites

Windows is reduced to a folder . No boot . MBR wrecked . Wont even run exe.'s with wine. Complete mess. Dont care . I think.Just dont want to messup Deb,

Link to comment
Share on other sites

Hello,

 

Next month I get to help manage Cyber Boot Camp for the approximately twenty-four high school students (three teams) who won the fifth annual San Diego Mayor's Cyber Cup Challenge. Usually it's one team. *twitch*

 

Regards,

 

Aryeh Goretsky

 

awesome! you'd be great fun at a hacking party! :D

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...