Why, for god sake, cfp.exe (v188.8.131.526), needs to resolve (DNS, port53 UDP OUT) on this - “184.108.40.206” IP / “62.f5.344a.static.theplanet.com” host address?
Every time I try to lookup for my safe files authentication from Comodo, I get DNS request on above address.
If I try to block that “connection”, non of files are sent to authentication.
There should be no DNS requests but on my own ISP addresses, so please what is going on here?
Win Xp Pro 32 bits SP2 up to date, admin. account, Symantec Endpoint protection (only AV component) and many(all) custom FW(CFP) rules.
[attachment deleted by admin]
BTW, it seems that above server is under “pressure” lately, there is no real response when I lookup for files authentication…
I’ve had the same request from exactly the same IP (Theplanet.com) two days ago. I can’t unfortunately show you the log as I’ve reinstalled CFP in between. the difference with you is that I didn’t have anything in the connection list, only traffic blocked and logged between this IP and mine on UDP in. But the general issue about not being able to do an online lookup came only yesterday, and at the time i had this request blocked by CFP, I could do an online lookup and logically didn’t notice what you got in your list of course.
there’s something weird going on…
You’ve most likely been vulnerable because you modified most rules in CFP, when I still run the default configuration (for global rules).
hey online lookup works again, just now. And as usual in a case like that, I do not think they’ll tell us what happened. Not even in the case of a DNS request from CFP :■■■■