CIS is reporting that my firefox is trying to reach certain IP. Any idea?

Here’s the report

Any idea what that is why is it my firefox trying to reach that IP from time to time.

Could it be one of my add-on? A hijacked setting? Or is it normal?

Protocol 41 is ISATAP (The Intra-Site Automatic Tunnel Addressing Protocol) which is used to create IPV6 hosts and clirnts to connect over IPV4 networks. It’s installed by default in Vista and Windows 7.

The IP Address belongs to:

inetnum: -
netname: UK-BAREFRUIT-20071227
descr: Barefruit Ltd.
country: GB
org: ORG-BL53-RIPE
admin-c: PR42-RIPE
tech-c: PR42-RIPE
mnt-lower: CATALYST2-MNT
mnt-domains: CATALYST2-MNT
mnt-routes: CATALYST2-MNT
changed: 20071227
changed: 20080708
changed: 20081007
source: RIPE

Which is a UK ISP service company:

I don’t believe this is a problem.

I see…I thought somebody hijacked my firefox ;D.

Thanks Toggie always helpful as ever :slight_smile:

There were security concerns expressed last year - for instance :

And is it not actually an affiliate/ ad-sharing type of service?

I’ve never worried much about it, although I’ve noticed my ISP connect to it - probably quite safe, as long as the security risks have been decisively patched.

If I’m mixing up barefruits - apologies!

I know nothing about barefruits apart from what I read on their site. To be honest I never heard about it before today

If you feel insecure about connecting through your ISP, you can create some rules to:

  1. Take the issue up with your ISP
  2. Disable IPV6 in your client
  3. Block protocol 41 and thus prevent IPV6 Tunnels
  4. Create a zone that contains the IP Address space for barefruit [ -] and block it

Also that article is more than a year old.

Thanks for the response, Toggie.

Yes, I vaguely remember a bit of a fuss about “barefruit” - the ISP I with was involved with it, and concerns were expressed about it on security and ethical grounds - the latter will always dog affiliate-type schemes, I suppose, and not unjustly, in my own opinion.

I’ve seen nothing of late, and wondered whether the fact that Comodo sees it as a potential problem justifies further enquiry - my googling so far has proved (bare)fruitless…

Why is my ISP responsible for this? It’s my firefox trying to reach that certain IP. Did you mean because my ISP directed it?

How do I block protocal 41? I take it it’s an ICMP protocol?

As I understand it, Barefruit makes its money through pay-per-click (hope I’ve got the jargon right.)

Advertisers pay Barefruit every time somebody clicks on one of their pages.

Barefruit shares the proceeds with your IP (which is, I think, responsible for allowing Barefruit onto your computer in the first place.) Your IP utilises your browser for this.

In the event of a mis-typed URL or otherwise misdirected search, Barefruit “offers” you a selection of close alternatives to click on. It gets paid for every one you click on - and so on.

I think the term is “monetising” search errors, or something like that.

Although I dislike the idea of my browsing being redirected for the gain of my ISP and Barefruit, I’m far more concerned that this may raise privacy concerns - in addition to the larger security concerns raised in the article I linked to earlier.

Probably more irritating than dangerous, though.
Hope I’ve got that all right - I’ll be happy for somebody to correct this.

Yea I read the article only that I’m not using my ISP DNS server and instead now is using COMODO’s secure DNS server. Could this secure server be responsible?

Hi Michael,

You can disable IPV6 tunnels in Vista and Windows 7 by doing the following:

  1. Open elevated command prompt
  2. At the command prompt, type the following

netsh [enter]
interface [enter]
teredo [enter]

  1. At the netsh interface teredo command prompt, type:

set state disabled [enter]

exit [enter]

You can also create a global rule to

Block and not log
Source Address ANY
Destination Address ANY
IP Details Custom 41

Place it at the top

Thanks will try that