Hi guys.
This morning my PC woke up downloading something from these IP:
74.125.159.101
96.16.98.86
65.200.11.147
200.11.248.12
They are from ARIN but what do they need to download to my PC ??? and CIS is allowing it ?
I have my firewall in safe mode and to give rules to trusted files, and Stealth all my ports to everyone. I did not get any alerts or new prog in firewall rules.
Still going Slow but it has downloaded mor than 5MB.
[attachment deleted by admin]
ARIN (American Registry for Internet Numbers) is an Internet registry. It’s one of several responsible for the allocation and maintenance of such things as IP Addresses and Internet numbers. Basically, any company that falls within the area governed by ARIN will have had their ip addresses allocated by this registry.
The ip addresses you’ve listed are:
74.125.159.101 - Google
96.16.98.86 - AKAMAI
65.200.11.147 - UUNET
200.11.248.12 - True
The only connection you’ve listed is to AKAMAI and as it’s a svchost connection, could well be associated with an update to an application you have installed or even Windows updates. However, without more information it’s impossible to tell.
The other ip addresses will be related to whatever applications you had open at the time, or whichever background processes may have been running. Unfortunately, without more information, there’s no way to say for sure.
As for why the connection to AKAMAI is allowed, the default firewall rule for svchost.exe as well as a number of other important services, is to allow all outbound connections. Hence no alerts.
HeffeD and Radaghast.
Thank you for answering. When I looked the IPs with IPInfo the only info was that the IPs where from ARIN. I knew about the American Registry for Internet Numbers but did not know that they have something to do with downloading anything. I might have done it wrong when looking for the IP though.
Early this morning I started to down load the new Adobe 10.1 but aborted the download because it was so slow. It seems that it is still doing it. ´
Thank you.
It’s not actually that you’re downloading from ARIN, ARIN are just a registry, they simply allocate ip addresses to others. So when you look at a whois:
NetRange: 74.125.0.0 - 74.125.255.255
CIDR: 74.125.0.0/16
OriginAS:
NetName: GOOGLE
NetHandle: NET-74-125-0-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
RegDate: 2007-03-13
Updated: 2007-05-22
Ref: http://whois.arin.net/rest/net/NET-74-125-0-0-1
ARIN is mentioned but the address belongs to, in this case, Google.
Just so you know, some Adobe products use a process called BITS (Background Intelligent Transfer) to update themselves. BITS, runs under svchost.
I also should have mentioned that the last ip address listed actually falls under LANIC the Latin American registry. As you’re in Caracas that would probabley make sense.
Radaghast.
Thank you for the info.
I ended the connection.
Whatever it was just stopped and nothing else happened. I did not like the fact that AKAMAI was downloading something to my PC. AKAMAI does not have a good rep.
I scanned my PC with Avast Boot Scan, MBAM, SAS, and Win Def. Also TDSKiller. Nothing found. Cleaned all my temps with CCleaner. Hope it is the last of that.
Thank you again.
???
Akamai just sells server space. Many corporations use Akamai for content distribution.
Akamai wasn’t downloading anything to your PC. You started downloading something that was hosted by Akamai.
What do you mean that they don’t have a good rep?
HeffeD.
The only thing I started downloading was Adobe Reader 10.1. from Adobe web page. I do not let programs to automaticaly update (only Avast can do that). The speed was too slow so I canceled it. Does Adobe use AKAMAI to distribute its softwares ? I did download Adobe latter on and the IP and Port were different than before.
Eventhough it is green all across by WOT, there are a few negative comments done by users.
Since I did not know of its excistance I can only say that for about 2 hours it was downloading something into my PC at extremely slow rate ( 10 KB/s ) and there were almost 18 MB by then. Everything in my PC was crawling. So I cut the connection and checked and cleaned the comp and rebooted and everything was OK again.
That´s all. Just relating what has happened. Nothing more.
Since Adobe’s Download Manager is Akamai, and there is an Adobe Customer Testimonial on Akamai’s site praising them for streaming Flash performance, I think it’s safe to assume that they do utilize Akamai for content distribution.
If WOT users are giving Akamai a bad rating, that is evidence that WOT users don’t actually have any idea what they are reporting. Any data Akamai serves does not originate with them. All they do is mirror content from other companies.
Akamai hosts about 25% of the web. It is a huge provider for many many legit software and other vendors to distribute their downloads and updates over the world. Read this Wikipedia article on Akamai and see some big names being their customers.
I would be surprised to see a malware hosted with them; their fees are more than likely way out of the league of what malware makers can pay for anyway.
Heffe, Eric.
I realy appreciate all the information given. One of the reasons to participate in forums like this; To learn more. Thank you.
In my not so knowlegeable matter about web technology, IPs and software distributers companies my easy way too see things was;
" I don´t know this. I don´t like what is happening. Never done this before ( the PC ). Better to bail out and regroup " .
In other words " Better safe than sorry ". Now I know better.
Thank you again.
BTW. I was reading this:
" Do not confuse Adobe Download Manager with Akamai Download Manager. Adobe uses Akamai Download Manager 2 to download applications from the Adobe store. Adobe uses Akamai Download Manager 3 to download Creative Suite 5 product trials. "
When I click “download Adobe” and then I click " Save " to Desktop . Am I using Adobe Download Manager or Akamai ? I am asking because I don´t see the windows shown in the articles explaining what is ADM, and when I click to install it, I just get my regular installation instructions from Adobe.
Thank you.
I don’t use Adobe, but if whatever you downloaded just wants to install the product you were expecting, then you aren’t using the download manager.