Return to KLUBNL.PL main page

rsgb_lf_group
[Top] [All Lists]

RE: LF: A bit off topic

To: "[email protected]" <[email protected]>
Subject: RE: LF: A bit off topic
From: Rik Strobbe <[email protected]>
Date: Tue, 24 Jan 2012 22:42:06 +0100
Accept-language: nl-NL, nl-BE
Acceptlanguage: nl-NL, nl-BE
In-reply-to: <BF4A524700075746A6467658DFC7102CB0B68CCD39@ICTS-S-EXC2-CA.luna.kuleuven.be>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]>,<CAHAQVWNEuy1sNJ81ZTecoD0YC9+YhRoYjoJqOUEY-9qiQYeoXg@mail.gmail.com>,<BF4A524700075746A6467658DFC7102CB0B68CCD39@ICTS-S-EXC2-CA.luna.kuleuven.be>
Reply-to: [email protected]
Sender: [email protected]
Thread-index: Acza2trctRJ+0rzyQrCok5+H4AjQAAAAydYIAADAkbY=
Thread-topic: LF: A bit off topic
It seems too late in the evening for me to type decent English. Sorry for all the typo's.
 

Van: [email protected] [[email protected]] namens Rik Strobbe [[email protected]]
Verzonden: dinsdag 24 januari 2012 22:35
Aan: [email protected]
Onderwerp: RE: LF: A bit off topic

Hello Roger,
 
one of the things that happen via 88.14.57.81 (= antiarrl.dyndns.org, seems that some is not happy with a certain radio amateur society) is the upgrade notification.
But I have the strong impression that there is mich more info transferred to this URL, looks like big brother is watching. Also the fact that the user cannot decide wether he wants an internet connection to Opera or not makes it suspicious to me.
Anyway, I blocked it via the Windows (Vista) firewall. For those who are not familiar with the firewall here is a "howto": http://www.ehow.com/how_5422923_block-ip-address-computer.html.
Via the firewall you can also block any internet communication to Opera (incoming and/or outgoing): no reports to (and/or from) pskreporter.
And yes, all this hiding he code stuff is very un-radioamateur.
 
73, Rik  ON7YD - OR7T
 

Van: [email protected] [[email protected]] namens Roger Lapthorn [[email protected]]
Verzonden: dinsdag 24 januari 2012 21:55
Aan: [email protected]
Onderwerp: Re: LF: A bit off topic

Are we sure this isn't a way for the program to check for upgrade notifications from its Spanish creator?

Here I have not re-installed OPERA since I had PC load problems a few weeks ago when running an earlier version. It still sounds not yet fully proven or spyware free. A pity as it looks a useful program. I wish Joe K1JT had written it and then we would have total openness and confidence.

73s
Roger G3XBM



On 24 January 2012 20:09, Steinar Aanesland <[email protected]> wrote:
Mike

By the way , this "calling home" mechanism seems to be incorporated in the latest ROS version too .
Same  remote Address 88.14.57.81 , same remote Port 8001 and same remote host antiarrl.dyndns.org

My advice is to install a firewall that checks outgoing traffic,  such as zonealarm http://www.zonealarm.com/  when playing with
this kind of software.

LA5VNA S




-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Steinar Aanesland
Sent: 24. januar 2012 01:11
To: [email protected]
Subject: RE: LF: A bit off topic

Hi Mike

Thanks for your reply.  I know the mechanism that allows Symantec to stop an unknown application, but I  don't think this is the
reason this time.
As you probably know, Symantec 12.1 has a mechanism called sonar. Sonar analyzes applications as they are running and takes action
once enough evidence has been gathered to convict the application of being malware, based upon its behavior.

I think sonar was trigged by some strange network behavior. To test my theory, I turned off the sonar funktion,  and made a packet
sniffing on the network when Opera started.

Opera  made a connection to the following ip addresses:

Cluster reporter:
-----------
TCP
Remote Address 176.31.252.203
Local Port 3739
Remote Port 8000
Local Host
Remote Host
Service Name
Nameservers ns.dxfuncluster.com


The Opera chat channel:
----------
TCP
Remote Address 66.220.151.99
Local Port 1060
Remote Port 5222
Local Host
Remote Host
Service Name
Reverse DNS jabber-03-01-tfbnw.net snc6.
http://www.plotip.com/ip/66.220.151.99




The first two addresses may been explained by the cluster and chat function in Opera,   but I can't find any connection in the
software to the last address :
----------
TCP
Remote Address 88.14.57.81
Local Port 3740
Remote Port 8001
Local Host
Remote Host antiarrl.dyndns.org
IP address country: Spain
IP address state: Murcia
IP address city: San Javier

And why opera is trying to transfer the following string "1 #### #### ####"  to "ANTIARRL.DYNDNS.ORG located some place in Spain is
a mystery.

My conclusion is to leave this software alone.

73 de la5vna Steinar
















































-----Original Message-----
From: Mike Dennison [mailto:[email protected]]
Sent: 22. januar 2012 16:44
To: Steinar Aanesland
Subject: Re: LF: A bit off topic

Steinar,

I have only now read your message. Are you still having problems?

My version of Norton/Symantec deleted Opera when I ran it. It decided that, because it did not know about the software, it was
therefore suspicious. It is possible to configure Norton to ignore some files or folders, and that was my fix. If you need details I
will try to remember how I did it.

73 de Mike, G3XDV
-----------------------------

> I know this is a bit off topic, but is there anyone her using Symantec
> Endpoint Protection ver 12.1 ?
>
> I am trying to use a new ham software but my antivirus see this
> software as a risk.
>
> la5vna Steinar
>
>
>
>
>
>











--
http://qss2.blogspot.com/
http://g3xbm-qrp.blogspot.com/
http://www.g3xbm.co.uk
https://sites.google.com/site/sub9khz/


<Prev in Thread] Current Thread [Next in Thread>