I just noticed in the logs several Application Access Denied, where the destination IP, according to www.dnsstuff.com , is just “Defense Information Systems Agency” in Washington, DC…

One is from Opera browser, more are from hprbUpdate.exe which should be the HP updater (I’ve an HP printer installed). This is normal, right ? ;D ???

Description: Application Access Denied (Opera.exe:29.253.128.10:dns(53)) Application: C:\Programmi\Opera\Opera.exe Parent: C:\WINNT\explorer.exe Protocol: UDP Out Destination: 29.253.128.10:dns(53)

WHOIS results for 29.253.128.10 ... Using 30+ day old [STALE - being deleted now] cached answer (or, you can get fresh results). Hiding E-mail address (you can get results with the E-mail address).

OrgName: DoD Network Information Center
OrgID: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US

NetRange: 29.0.0.0 - 29.255.255.255
CIDR: 29.0.0.0/8
NetName: MILX25-TEMP
NetHandle: NET-29-0-0-0-1
Parent:
NetType: Direct Allocation
Comment: Defense Information Systems Agency
Comment: Washington, DC 20305-2000 US
RegDate:
Updated: 2002-10-07

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-800-365-3642
OrgTechEmail: **********@nic.mil

ARIN WHOIS database, last updated 2006-10-02 19:10

Enter ? for additional hints on searching ARIN’s WHOIS database.

The HP updater is normal, but that DSA thing… :o
Did you visit any sites that has anything to do with them?

I think I didn’t make myself clear, sorry. It is mainly hprbUpdate.exe (Hewlett-Packard Product Assistant, family: “hp digital imaging - hp all-in-one series”) which - according to the firewall logs - is trying to access Defense Information Systems Agency.
This nice application - which BTW just got disabled in blood and will soon be eradicated from my system anyway - is supposed to “detect problems occurring with HP products, and to detect the ‘events’ of HP product which can be useful to improve system functionalities blah blah, go to HP Privacy Central | HP® Official Site for … privacy info ;D”.

No, I didnt’ visit any website which has to do with DISA AFAIK.

All but one of those DISA log entries are from hprbUpdate.exe, and they are a lot, like in

Description: Application Access Denied (hprbUpdate.exe:29.253.128.11:dns(53)) Application: C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe Parent: C:\Programmi\HP\Hp Software Update\HPWuSchkd2.exe Protocol: UDP Out Destination: 29.253.128.11:dns(53)

Only one was from Opera, but I suspect it’s because of some messing I made with parents: for example CPF often tells me that Lotus 123 tried to use Thunderbird to access the Internet, but I really don’t think so, I must have inadvertently set 123 as the parent of TB, or something like that. I’ll check ASAP (unless they are about to knock right now of course ;D).

I think they will come in the middle of the night…
You will only see a bright light… :o
I will make a call to Fox Mulder, and ask for some help…

About Lotus123, it can be a known issue with CF that will be taken care of soon (I hope). It can warn you about apps that you have even closed…

Perhaps HP is in league with NSA or something, in a plot to spy on innocent printers for suspected terroristic printing activities…

LM

Ok, I got it, never mind. Just I’m not clear if what you’re trying to say is that I shouldn’t trust the logs too much, or that it’s normal that those components do access DISA. Not having ever had a firewall before, I’m not used to this kind of things; any chances of a useful reply ?

The logs are not useless.
You said you would uninstall the HP apps, so I thought the problem about that was solved…

I replied about Lotus. You can get some strange popups sometimes…

Sorry, SantiBailors, just joking around. No, don’t ignore the logs… I haven’t seen this issue before, so I did some looking…

In searching around, I found a lot of information in Italian regarding 29.253.128.10. A rough translation makes it look like it’s associated with a DNS lease, which would place it as an “internal” IP to your LAN/router. I found nothing on HP’s site.

Here’s something to check, which might shed some light on it…

Go to Start/Run, type in “cmd”; when the window opens, type “ipconfig /all”. See if 29.253.18.10 or anything in that range shows up.

I’m thinking you may see it; I think it may be an internal sort of thing, rather than the DOD’s Network Information Center. If you don’t see the IP there, you might submit a support ticket with HP (surely they allow that) and ask them why your printer/scanner/fax is trying to connect to that IP.

I’ll keep digging to see what else I find…

LM

AOwL™,

You said you would uninstall the HP apps, so I thought the problem about that was solved…

There it wasn’t a problem, just a question about whether it was normal that an HP updater seemed to connect to DOD.

Your reply about Lotus 123 was helpful indeed, I was really wondering what the heck. Thanks.

Little Mac, I think you have it right. IPCONFIG /ALL shows that my DHCP and DNS servers IPs are 29.253.something. IOW I have the same IP of DOD (:KWL) At least according to www.dnsstuff.com . Bah, I know too little about networking to understand that. I just feel in good hands with this great firewall, so end of the story. I’ll just keep killing all the apps that the firewall will help me to identify as attempting connetcions on their own, just as a matter of principle, tastes are tastes :).

Thanks you both for helping me with my doubts !

Aha! (:CLP)

Glad that’s figured out (to some extent anyway…). Internal IPs can be pretty much anything you want them to, is my understanding, since they are not external to the world. Why it just happens to be that one, who knows…

But check this out, for 192.168.1.1 (which is a standard IP for a router):

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-16

Ha! It’s a black hole… ;D

On killing apps you don’t want to have connecting, that’s why security should be your choice! Kill 'em all; let CPF sort 'em out! heh heh (:WIN) If you kill something critical, you can always change it back…

Glad to help,

LM

  ???  I was doing some searching on hprbUpdate.exe because This program attempted to access a dns server just a minute after I had signed up with paypal to bid on eBay.  I thought now what spying program is reporting my paypal info to a dns server.  Mind you, a couple of years ago I was really a conspiracy theory "fan" and read all kinds of things about our government spying on us all.  You can understan why this was NOT the result I hoped to find, especially after thinking my paranoia had been quieted after finding out that it was a printer program.  I had run a program called program checker which appeared in a google search of hprbUpdate.   Now I think I will not verify my paypal account with a bank number afterall.  After all the Bush regime is in bed with business and spying on all of us is a big money maker for those spying types. They just cost the econo0my  my first stab at trusting an online financial account.    Fed up. over and out... you hear that, HP? Callme a nut IDOn'tCARE.