I found something like my problem in the archive section of this forum but could not add my issue there, so I do here:
My problem is that I notice some traffic I can not explain. I reckon that each time I boot my OS (Win7 64bit). I can see this, e.g. in PEERBLOCK log file. There are connection through my AVAST Webshield that want to connect with AMAZONAWS.com ?!?
So, there must be something that is initiating traffic on the standard way that is normally used by browsers. TCP port 80 redirected through my AVAST Webshield. This is what I can see in PEERBLOCK, since the AMAZONAWS.com is blocked.
In comodo I can see that too but it is allowed of course since Webshield is configured by the ‘browser rule’.
So, how can I hunt down the process that wants to connect to this AMAZONAWS ? I have no clue since I have no browser running after booting. I use Firefox & Opera and Win7 IExplorer.
Moreover I notice outgoing nbname connections to IP adr. that change but look the same. Like:
188.8.131.52 nbname(137) UDP ?`
Comodo telly me it is my ‘system’ ??? How can I definfe which part of my system wants to connect on nbname to the wild internet?
Heree is a screenshot I made. It shows more outgoing Webshield connections than there should be.
The traffic blocked over port 137 to 184.108.40.206 is socalled NETBIOS traffic. First of all it gets blocked so no worries there. NETBIOS is a protocol to communicate on a local network between computers. It is using ports 137-139.
The address it is connecting to is a broadcast address for local networks. Broadcast is informing to all computers connected to the network your system is there. In it’s self not harmful. The local broadcast range is defined as 220.127.116.11 - 18.104.22.168.
When you don’t need NETBIOS you could consider disabling it. To do so read the following tutorial by Quill.
I made a screen shot of new connections my NetBios wanted to have this morning. I really annoys me. You said it is ok in local networks. So I assume I really do not need to have connect it to the outside world. I hope it is not needed for Microsoft and updates or so.
I am behind a router (the German FritzBox 7170) and connected by cable not by wireless. My provider is 1&1 in Germany with a 16.000/1024 connection.
Here I offer you another screene I made from the tool Peerblock. It shows the connections my PC wants to have each time after reboot. Since Comodo is far more sophisticated I assume Peerblock sees theses only because I must already have allowed some processes or made some rules. Otherwise these would not show up in Peerblock as blockable outgoing conections.
I wonder now whether I can or could export my firewall settings and use another template settings from within Comodo or create a new one that blocks everything/asks/logging so I could hunt down my ‘phony guest’; and then afterwars of course go back to my exported ruleset since I created some port ranges and groups and zones I do not want to enter again for new.
I startet my pc in clear mode so to say and did some other things to hunt to the problem and then I reckoned that these Amazon connections are deriving from my sync tool called Syncplicity.
I asked in their support forum if their tool makes use of Amazon and here comes the answer:
"Syncplicity uses Amazon’s S3 storage. When you are uploading and downloading files, the Syncplicity client is making connections to Amazon. I hope this information helps! "…
Alas! That was a pain in my … Really annoying from the Company that there is no info at all on their site that they use Amazon another data miner as storage
At least I do know now that their is no maleware running but I do not know whether I want to storage my personal Data that I backup and sync with Syncplicity being hostet on Amazon’s servers since I suspect they are no more better or worse than Google and no user knows today what these big fishes will do in the future with our data.