Hello all;

I came across a very informative article on updating your computer's HOSTS file and ensuring that the HOSTS file doesn't get too big b/c apparantly, a too large HOSTS file can slow down your machine.


Blocking Unwanted Parasites with a Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)


After you've gone to the web link, make sure that you do read the entire web page. ITs not that long. But is really informative to ensure that your computer is blocking unwanted sites.

There's also a link to ensure that your HOSTS file is kept up to date. You can subscribe to it, I believe.


Anyways...Hope that you like this article that I found. I think that you;'ll like it since it talks about computer security.


This is a very simple and really easy thing to do.



Hope you like it and found it useful.

yeah...the HOSTS file is very damn important I figured that out back then when I had to apply certain tweaks just to get online patches,cracks,virtual servers & Bots to work...so it's right that you should have a very decent clean HOSTS file just to NJoy good connectivity...

btw,this is my 2000th post :biggrin:

Yeah, the website is great.

look at that post I wrote 9 months ago...


Für mehr Blocking über die Host Datei besuch die Seite: Blocking Unwanted Parasites with a Hosts File (http://www.mvps.org/winhelp2002/hosts.htm) (englisch)
:biggrin:
I should really start writing in english on this board to better spread the information...

.....

btw,this is my 2000th post :biggrin:

HOLY FRAK!!!:shockkk!::shockkk!:


by the way, Aurion. Did you know that you can also update your hosts file automatically from a little proggy that I also found here at this link, today??

Blocking Unwanted Parasites with a Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)

Look for the 'HOSTSMAN' link to download the little proggy. Or go here:

abelhadigital.com (http://www.abelhadigital.com/)


Hostsman is a small 4 MB program that you can have run when Win starts. It'll automatically update your HOSTS file, when, if you want it to.



o

Thanks for sharing this with us, SealLion :wink:
Having a good HOSTS file is quite important indeed, it works as a nice ad-blocker, and a security tool.

But the article says that to prevent network slowdowns under XP and Vista with large HOSTS files, you should disable the DNS Client. This is wrong, since disabling that client won't cache DNS requests, which means that you'll poll your name servers every time. This actually slows down page and element loading, and hurts the servers...

@Aurion: congrats :smile:

@plentonimus: :biggrin:

Well,disabling DNS client service I guess won't hurt or cause severe problems as long as you are on a personal home PC...regarding networks,nah,I won't do that :wink:

Yes, of course disabling it won't hurt at all in a PC without an Internet connection, but otherwise doing so is strongly not recommended, since it can slow down your connection more than a "big" HOSTS file. Plus it hurts the name servers continuously bombarding them with requests as you surf.

Yes. I agree. I thought that there was something wrong with disabling the DNS. Instead, I just set it to manual. I figure that would be still OK.

It's set to automatic here. But my guess is that that doesn't matter as long as the service itself is always up and running :smile:

also you can ocassionally disable it when you just on your own & not using a VPN or something that requires to be part of a network...still I like disabling useless services,those like DNS client which just consumed bandwith & resources..

I don't understand you.

It's when you are not behind a VPN that you don't have to disable the service.

And it actually saves bandwidth by caching requests instead of polling name servers every time...

yeah that what I meant...since disabling such a batch file would hurt your bandwith really bad especially if you use online cracks/bots that require adding an extra line in the HOSTS file for them to function properly...

I have used such bots, too. :biggrin:

But they wouldn't be affected by disabling the DNS Client service, as the HOSTS file is still top priority to the Windows TCP/IP stack. Then comes the DNS cache, and if there aren't any entries for what you're looking for, Win has to resort to polling your remote name servers. :smile:

What would be hurt is normal browsing... :frown:

yeah....one of them to be mentioned the TurboBot that uses a pre installed Microsoft Loopback Virtual server just to connect to the main server in order for you have the configuration page loaded inside the game...it was a bit complicated story to be explained here,anyway,that HOSTS file served me very well back then regarding that mentioned point...so I do RESPECT it

That makes sense, since the Microsoft Loopback Virtual Interface = 127.0.0.1; this way you could load the bot's settings in-game. :top:

I respect the HOSTS file, too: back in the ArpaNet times it was the only way to find hosts through names: a big hosts file that had to be installed in every terminal, and translated entered hostnames to the corresponding entries inside the file. Of course, as the amount of hosts increased drastically, this had to be dropped in favor of DNS servers as we know them now.
Just a small bit of computing history ^^

I gotta interuptt you both here. I've been using the BlockLIst Manager from BlueTack for quite some time to update uT's Ipfilter list as well as PG2 P2Pfilter.dat file.

Well. I had a look at what else BlueTack has to offer. I saw that they have a HostsManager. 'Very Handy', I thought. Decided to give it a try.

I find that this HostsManager from BlueTack is quite an improvement over other seperate softwares that you can also find on the net.

What I found out about the HostsManager from BlueTack is that you can select from the GUI to have the Hosts File be 'read only', which is actually quite necessary for the file to remain intact and unaltered from outside sources...if you understand my meaning of that.

Well. That is what I like about that.

ONe thing that I do need to ask is the following:

Is it necessary to have PG2 when the IPFilter.dat file inside uT has updates coming to it from Block List Manager from BlueTack??

You see BlueTack also allows PG2's P2Pfilter.dat file to be updated as well, It sounds like unnecessary protection to have both PG2 and the IPfilter.dat file inside uT protecting me from undesirable IPs.

Do you understand the question??

In other words, is PG2 necessary when uT has updates to its ipfilter.dat file and has the same undesirable IPs loaded in to it??


I am thinking of uninstalling PG2 if one is doing the same job as the other is.

...
What I found out about the HostsManager from BlueTack is that you can select from the GUI to have the Hosts File be 'read only', which is actually quite necessary for the file to remain intact and unaltered from outside sources...if you understand my meaning of that.
...

a.k.a. spyware :wink: But it's very easy for some of them to bypass this protection; all Windows itself will do if you attempt to delete a read-only file is reconfirming this, for example... :frown:
It's a good measure though. :top:


ONe thing that I do need to ask is the following:

Is it necessary to have PG2 when the IPFilter.dat file inside uT has updates coming to it from Block List Manager from BlueTack??

You see BlueTack also allows PG2's P2Pfilter.dat file to be updated as well, It sounds like unnecessary protection to have both PG2 and the IPfilter.dat file inside uT protecting me from undesirable IPs.

Do you understand the question??

In other words, is PG2 necessary when uT has updates to its ipfilter.dat file and has the same undesirable IPs loaded in to it??


I am thinking of uninstalling PG2 if one is doing the same job as the other is.

I once thought the same, too.

If you only use uTorrent along an ipfilter, it's not necessary to run PG2, since it'll just waste resources sitting there and not getting a chance to do anything as uT blocks ipfiltered ranges on TCP level.

But I, for example, also use Azureus, Faze and Ares, and the last two don't have a built-in IP blocker, so I need to run P2PFire separately.
Which also saves resources, as P2PF can take care of all four programs' IP blocking needs using just 5MB of RAM and 0% CPU, instead of the lots of memory Safepeer (the Azureus plugin), for example, needs to hold lists and block ranges.

So in short: if you use more than one P2P program, turn IP blocking off in all of them (for Azureus, also uninstall Safepeer), and use PG2 (or any other program), with a periodically updated blocklist (Bluetack's, in your case) to do this task instead. This way you achieve the same using less system resources.

Well,yeah I remember back then when I was an Online Gamer FREAK! my HOSTS file was like 500KB+ size...which was lacking of integrity,still a bunch of connect 2 server lines were needed to keep the connection stable...

Good that I gave up those games now...was consuming lots of worthy bandwith leaving the Bot for more than 10 days ON just to grind some farming points :baeh:

Well,yeah I remember back then when I was an Online Gamer FREAK! my HOSTS file was like 500KB+ size...which was lacking of integrity,still a bunch of connect 2 server lines were needed to keep the connection stable...

500KB!? I'm not surprised you had connection issues, plus all those lines couldn't be to make the bot(s) work or..? All the ones I have used required just one line:

127.0.0.1 gameloginserver.here.com


Good that I gave up those games now...was consuming lots of worthy bandwith leaving the Bot for more than 10 days ON just to grind some farming points :baeh:

Yes, that can be frustrating. That's why I got inside high-rate PvP servers back when I played L2 and Mu: you could jump 80 and 300 levels respectively in just one day, and make sure the game could be fun instead. :wink:

a.k.a. spyware :wink: But it's very easy for some of them to bypass this protection; all Windows itself will do if you attempt to delete a read-only file is reconfirming this, .....

ah. very interesting.

so. how does one go about, if possible that is, in preventing an outside source from automatically reconfirming the delete, without the user's knowledge [if that is possible as well]????

You'd need to use a separate real-time antispyware program; SpyBot SnD can monitor your HOSTS file (and other critical system sections) and alert you if an application changes it, for example.

500KB!? I'm not surprised you had connection issues, plus all those lines couldn't be to make the bot(s) work or..? All the ones I have used required just one line:

127.0.0.1 gameloginserver.here.com

Yeah,I had the same lines for the game + some lines for the Virtual bot server to work aka Microsoft Loopback,so it sized about 479KB exactly...


Yes, that can be frustrating. That's why I got inside high-rate PvP servers back when I played L2 and Mu: you could jump 80 and 300 levels respectively in just one day, and make sure the game could be fun instead. :wink:

damn,sure it was way frustrating & interesting in the same time...man that game made me pay L.E 2700 (my local currency) during a 2 years playing period just to have more & more fun kicking a$$ with extra powerful weapons...:tongue:

Yeah,I had the same lines for the game + some lines for the Virtual bot server to work aka Microsoft Loopback,so it sized about 479KB exactly...

That'sa bit too much :eek: But if it worked correctly it was worth it :wink:


damn,sure it was way frustrating & interesting in the same time...man that game made me pay L.E 2700 (my local currency) during a 2 years playing period just to have more & more fun kicking a$$ with extra powerful weapons...:tongue:

I played at private servers myself. For free, that is :biggrin:

Well,SRO didn't have any private servers since it's a very closed source Online game compared with others...still people over there kinda LOVED the idea of paying dozens of bucks just to see their own characters holding SOS,SOM weaps/sets....that was the way it was :tongue:

Here the are two kinds of servers: the free private ones, where it's possible to play for free and level up very fast, but have some limitations, like not being able to "reset" your character more than 50 times, or not having access to higher-level weapons and armor; and the pay ones, where for a small fee you have guaranteed 24/7 server access (the public ones always fill up at night), can level up your char as much as you want, and have access to the VIP-only gear.
Either way, it's always fun :biggrin:

yeah,the same was here too,you can freely make a character & level it up till the maximum,but you will have pains conneting in rush hours,especially from 12:00pm~11:00pm CET,after than the servers get a bit empty...Anyway,I used to ask a friend of mine to hack me some Gold,Silk & Bot Cards just to play absolutely free like the super VIP ones :biggrin:

yeah,the same was here too,you can freely make a character & level it up till the maximum,but you will have pains conneting in rush hours,especially from 12:00pm~11:00pm CET,after than the servers get a bit empty...

Same here, at 19-20h (GMT -3) it'd be impossible to enter the server unless you kept an autoclicker running over "connect" for like a full minute... :redface:


Anyway,I used to ask a friend of mine to hack me some Gold,Silk & Bot Cards just to play absolutely free like the super VIP ones :biggrin:

Heh, once did a similar trick myself:

form a party with someone in the high XP zones.
type /follow in the command-window.
minimize the game using a minimizer hack (Shift+F12).
set its process' priority to "below normal".
check your new huge amounts of XP and money from time to time :cool:


You could also replace steps 1 and 2 with leaving a numpad-bot running once you had leveled up enough :wink:

Well,forgot to mention that upon server rush I used to hook up with a NODC Client (No Disconnect) that will hung up connection traffic & reset it without the need to close then reopen the game's client (it's was an a$$ online game regarding start up & entering server,where you had to fill in your username & password then a captcha image below username/password fields for security checks to avoid auto captcha fillers)...so that NODC client was very simple to make & got way easier to generate the NODC patch after a couple of russian guys released a patcher (20KB sized) that you can use it after each week update to generate the updated NODC patch then implement it to the new client....it's a long story that time nor place would fit for telling it.... Still those days ROCKED back then with all the fuss about leveling up & getting your chatacter to the Hot Zone where ONLY Full Sunners Rule the place...:wink:

I update te hosts file according to the following URL
http://www.mvps.org/winhelp2002/hosts.zip

But it doesnt seem to block any ads. How do I check if its working?

Here's what I did Divlord to check to see if its working:

Physically go to the URL by typing it into the address bar. Do you get a 'page not found' or OPen DNS message telling you that the address can't be found, or something else along the lines suggesting that you can't access the address.

to block ads use adblocker if yuor using Firefox.

If IE, sorry I don't know what IE has to block ads.

If you use Opera, there is something in the 'Help' file. I can't remember what action that is, but there is something there. I think its 'block all ads' in preferences

@Aurion: I didn't have to go to such extents :biggrin:... just run a numpad-bot, minimize the game, lower its priority and you're done. The game client was also based on an older but more stable version, so there were no disconnects.

@divlord: make sure you have extracted the archive's HOSTS file to the C:\WINDOWS\system32\drivers\etc folder, and rebooted after that.

To check if it's working, try to visit www.ad-up.com. If it works, the page won't load. If it doesn't, you'll see Ad-Up Corporation's home page.

@SealLion: I think you're talking about Opera's "block contents" feature :smile:

I had done that.
clicking
http://www.ad-up.com/
gives me the following page, is it its homepage??
http://i34.tinypic.com/xo4l5g.jpg

Yes, it's their homepage, so it means you haven't installed the hosts file correctly. Follow this procedure:


Manual Instructions

http://img50.imageshack.us/img50/232/howto3op1.gif

Unzip (Extract) the download ...
Highlight, right-click on the included HOSTS file and select: Copy

Open Windows Explorer to the appropriate folder (see below)

The key being the "Etc" folder for 2K/XP/Vista, and "Windows" folder for 98/ME

Note: this assumes Windows is installed in the default location.

Windows Vista = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS

Right-click and select: Paste

In the event you already have an existing HOSTS file you will be prompted
with the image below.

http://img50.imageshack.us/img50/7374/howto4rl9.gif

Windows Explorer will prompt you to replace the existing file.

If you are not sure, select: No and rename the existing file to hosts.old

You can open your existing HOSTS file in Notepad via the right-click options. If the existing file looks like this [screenshot (http://www.mvps.org/winhelp2002/hostsdefault.gif)] that's the version original shipped with Windows. Then repeat the above steps.

Editors Note: in some cases you may have a security application "monitoring" the HOSTS file for changes, or that has the HOSTS file "locked" (set to "Read Only") If this occurs allow the changes or you may need to "unlock" the HOSTS file before you can replace it.

To check - right-click the HOSTS file and select: Properties
It should be set to Archive (unlocked) [screenshot (http://www.mvps.org/winhelp2002/hostsproperties.gif)]
Note: if needed you can reset the above option to "Hidden"

If you are using a HOSTS file now, check to see if there are any needed entries before you replace it with the new download. Several users have reported overwriting their entries for other programs. [more info (http://www.mvps.org/winhelp2002/hostsfaq.htm#programs)]

Editors Note: Once you have completed the above you can delete the hosts.zip and the hosts folder from your Desktop. The HOSTS file is usually updated 2-3 times a month so you can return here if you are still unsure on "How To".

Yeah thats what I did.
The hosts file i used is this (http://www.sb-innovation.de/redirector.php?url=http%3A%2F%2Fwww.mvps.org%2Fwin help2002%2Fhosts.zip) with 604 KB size

What OS and security/antispyware software are you using? (SpyBot, etc.)

If you go to C:\WINDOWS\system32\drivers\etc, open the HOSTS file, and it's filled with contents, it has to work...


# This MVPS HOSTS file is a free download from: #
# http://www.mvps.org/winhelp2002/ #
# #
# Notes: the browser does not read this "#" symbol #
# You can create your own notes, after the # symbol #
# This *must* be the first line: 127.0.0.1 localhost #
# ************************************************** *******#
# ------------ Updated: September-23-2008 -----------------#
# ************************************************** *******#
# #
# Entries with comments are all searchable via Google. #
# #
# Disclaimer: this file is free to use for personal use #
# only. Furthermore it is NOT permitted to copy any of the #
# contents or host on any other site without permission or #
# meeting the full criteria of the below license terms. #
# #
# This work is licensed under the Creative Commons #
# Attribution-NonCommercial-ShareAlike License. #
# http://creativecommons.org/licenses/by-nc-sa/3.0/ #

127.0.0.1 localhost

#start of lines added by WinHelp2002
# [Misc A - Z]
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 www.a9rhiwa.cn
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 z.abnad.net
127.0.0.1 banners.absolpublisher.com
...

I am using XP /avg 7.5 and firewall of router.

what other files other than HOSTS are there in "C:\WINDOWS\system32\drivers\etc" folder??

I have
HOSTS
HOSTS.MVP
lmhosts.sam
networks
protocol
services

@divlord: Yeah,that's good,you have all contents you should have in that folder...

@anon: damn,I guess you have something weird in there anon,check your services or instaleld appz for any unknown 3rd party processes since it shouldn't be that tall...other than those lines for both your AV & AS.

http://www.mvps.org/winhelp2002/hostsproperties.gif

According to above, it should be set to archive, but when I right click it , there are only two options "read only" and "hidden" both of them are unmarked. There is no option of archive.
I am using XP.

what other files other than HOSTS are there in "C:WINDOWSsystem32driversetc" folder??

I have
HOSTS
HOSTS.MVP
lmhosts.sam
networks
protocol
services

Yes, it's OK that way. HOSTS.MVP is the backup copy the automated installer makes, and the other files are from Windows.


@anon: damn,I guess you have something weird in there anon,check your services or instaleld appz for any unknown 3rd party processes since it shouldn't be that tall...other than those lines for both your AV & AS.

Those are the contents of the ad-blocking HOSTS file, not mine...


http://www.mvps.org/winhelp2002/hostsproperties.gif

According to above, it should be set to archive, but when I right click it , there are only two options "read only" and "hidden" both of them are unmarked. There is no option of archive.
I am using XP.

Same here. But if you click the "advanced options" next to the "hidden" checkbox, a new dialog appears. Its first checkbox is labeled something along the lines of "file ready to archive" (my XP isn't in english so I couldn't say the exact name). Checking it has the same effects as the archive checkbox.

Other sites you could try to check if it works are:

www.adagencypro.com
www.adgroups.com
www.gamersbanner.com
www.adsvert.com

Those are the contents of the ad-blocking HOSTS file, not mine...

what ad-blocking contents ? a healthy HOSTS file should be having this line ONLY :


127.0.0.1 localhost

nothing else...:confused: here I have it clean without any extra lines tho...

what ad-blocking contents ? a healthy HOSTS file should be having this line ONLY :


127.0.0.1 localhost

People often use the hosts file to redirect advertising and malware servers to the IP 127.0.0.1, effectively not contacting them. This is what divlord intends to do...

Yeah,I guess I've seen that within your posts,you & divlord....Anyway,it sound a good technique if you know that your surf lots of Ads/Malwares...:top:

Actually I'm surprised you didn't know this, since your ad-blocking tutorial relied on the hosts file blocking advertising servers. :biggrin:

Actually I'm surprised you didn't know this, since your ad-blocking tutorial relied on the hosts file blocking advertising servers. :biggrin:

Actually I partially did know about it...still I couldn't figure if it would be safe enough to intentionally inject those fake links inside my HOSTS file....just too cautious that's it...

I understand. :smile:

It's 100% safe. :wink: Since requests that would normally go to those hosts are redirected to 127.0.0.1 (your PC), and as you normally don't have an ad-server running in your computer, nothing else happens.

If you do have an HTTP server or something else listening in port 80 in your computer, change the 127.0.0.1 in the entries by 0.0.0.0, which is a completely invalid IP Windows will give up trying to contact before it even starts. For example:

0.0.0.0 someads.server.com
0.0.0.0 adverts.example.com
0.0.0.0 banners.media.com
Etc... :top:

Well,I guess playing with such a HTTP server is just awesome...since you just keep sending requests by injecting those links into your HOSTS file so they get linked to an invalid IP (I kinda liked the idea btw) which doesn't exist,eventually Windows won't recognize it as a working IP....in the end such links will get auto blocked due to "Connention timed out" handles...

No, as a matter of fact it isn't awesome, because all requests that in a non-server PC the hosts file would have blocked go to you! This is a waste of network overhead and CPU. :wink:

So, if you are running a HTTP server, replace the 127.0.0.1 by 0.0.0.0 like I said. :smile:

You can find such a "zero" ad-blocking hosts file here (http://someonewhocares.org/hosts/zero/).

Since I'm not on a HTTP server so I won't use that...still as I said,I just keep my HOSTS file clean of anything except the normal 127.0.0.1......

Just use the OpenDNS services, it does block unwanted parasites but solving a lot of other DNS problems.

OpenDNS is very good (it got a thread and sticky here :wink:), but as far as I know you can't block advertising with it, unlike with custom HOSTS files - only phishing and spam sites.

i have previously used hosts file that is 1MB or more in size, the result was my computer running very slowly.

the dns client service used a lot of memory and cpu. right now i just use my firewall to block all that nonsense, it's fast and more effiecient.

i have previously used hosts file that is 1MB or more in size, the result was my computer running very slowly.

Anything above 100KB will make your computer slow.


the dns client service used a lot of memory and cpu. right now i just use my firewall to block all that nonsense, it's fast and more effiecient.

By disabling it, you'll have made your computer poll your name servers resolve addresses for every request, even if you had already visited/connected to the same hosts before.

But blocking ad servers in your firewall instead is a good idea indeed.

By disabling it, you'll have made your computer poll your name servers resolve addresses for every request, even if you had already visited/connected to the same hosts before.

luckily my firewall have some configurable dns caching :)

and probably my browser opera cached that too, don't know for sure though

luckily my firewall have some configurable dns caching :)

Do you use Outpost..? :biggrin:


and probably my browser opera cached that too, don't know for sure though

Yes, that's also possible, Opera seemed to do that for me sometimes, when I had been playing around with the HOSTS file to make domain X point to IP x.x.x.x, and flushed the DNS cache, yet Opera would try to connect to the same host. Firefox, in turn, can be seen "resolving the address for xxxxx..." after doing the same procedure.

Do you use Outpost..? :biggrin:

holly s*** how do you... no comment on that...

you can't sniffs someone firewall? can't you?

i don't publicize that kind of things :)

Just thought you could be an OP user as I'm one too (v4) and it has a DNS cache :tongue:

your version is ancient :D

better go with the security suite package, it has nice small antivirus built-in from virusbuster if i'm not mistaken. but you don't really need antivirus actually, if you play it safe

your version is ancient :D

It works good for me :tongue:


better go with the security suite package, it has nice small antivirus built-in from virusbuster if i'm not mistaken.

I know, but it isn't as fast, neither can detect as many threats (threats, not false positives :biggrin:) as NOD32 2.7. :wink:


but you don't really need antivirus actually, if you play it safe

Yes, I'm of course also careful with what I run and a heavy Sandboxie user. :smile:

i really think it is better to always use the latest version, for all software i believe

when ever i look at the change log or the update revision for some application it is really surprised me why does the release could even pass the QA person

I partly agree with that - it is good, but that's not always. Just look at Winamp and all the people that stayed with v2.95 because v5 was too bloated and slow, for example. I have personally stuck with OPv4 because it has basically the same features as OP2008 (or reversed) while the UI is way more straightforward and minimalist - I think v2008 is more newbie-destined, with its Vista-like window style or "advanced options". Or perhaps it's just that I have been using v4 for too long to change it by now :smile:

haha you got me there, fortunately i don't use winamp :P

yeah, if you upgrade right now to 2009 version the GUI will be very different but the underneath is very much also

btw lately i got much inbound connection to PROTOXXX where the process is system, do you have any idea?

btw lately i got much inbound connection to PROTOXXX where the process is system, do you have any idea?

Can you post a pic? I know that when process "n/a" (low level network access) receives a lot of incoming connections it means that other people want to connect to a port of yours that is no longer open, but I have no idea about System - which isn't really a process.

probably later, i think it only happened when my torrents is active

the stupid things is the firewall just can't block all that PROTOXXX incoming connection with single rule.
it doesn't allow that, and the protocol is IP not TCP or UDP.. weird..

probably later, i think it only happened when my torrents is active

OK :thumbsup: I have googled that PROTOXXX thing to see if there was some info about it, but couldn't find anything.

yeah i have done that, i only found harmless information
but i'm really suspicious about this, the last thing i want is my pc become bots for nasa or riaa or whatever

by PROTOXXX i mean is PROTO41, PROTO179, etc

yeah i have done that, i only found harmless information

...

by PROTOXXX i mean is PROTO41, PROTO179, etc

Thanks for clearing that up. I did another search for those codes, and found someone with a very similar problem:
Protocol 41 inbound block always present (http://www.outpostfirewall.com/forum/archive/index.php/t-16265.html)

To know what protocol is associated with a PROTOxxx code, you can refer to this list (http://www.honeypots.net/misc/protocols).


but i'm really suspicious about this, the last thing i want is my pc become bots for nasa or riaa or whatever

I doubt this :biggrin:, but if you want to be sure, run an online antivirus scan (http://www.eset.com/onlinescan/), and check what if you can find anything strange with HiJackThis (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) and Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx).

hmm.. why did i didn't find that before.. lol

that article is very interesting, they sure know what they are talking about

judging from the circumstances my conclusion is this, a peer is trying to communicate with my p2p app using ip6 over ip4, that's why it's only happened when my torrents is active

and that also explained why it is now my system that tries to connect with that protocol, grin, like in the attached pic if you are still interested
but i block all that anyway meh

still don't know why or care the peer have to tunnel the ip6 over ip4 though, p2p apps support ip6 right? and the so many protocol type used not just 41, it could be an intrusion after all..

...
judging from the circumstances my conclusion is this, a peer is trying to communicate with my p2p app using ip6 over ip4, that's why it's only happened when my torrents is active

That's a good explanation, specially if you use uT and have installed IPv6/Teredo.


and that also explained why it is now my system that tries to connect with that protocol, grin, like in the attached pic if you are still interested
but i block all that anyway meh

nothing.attdns.com resolves to 127.0.0.2 (http://www.robtex.com/dns/nothing.attdns.com.html). n003-000-000-000.static.ge.com doesn't resolve to anything (looks like a General Electric-owned address, though), and I can't ping 111.61.0.23.


still don't know why or care the peer have to tunnel the ip6 over ip4 though, p2p apps support ip6 right? and the so many protocol type used not just 41, it could be an intrusion after all..

What's your BitTorrent client? uTorrent 1.8+ and Azureus can take advantage of IPv6. Maybe you've installed the IPv6 protocol for your connection? Check "network connections" - I personally only have IPv4 installed and nothing else.

If you have v6 installed and don't need it, remove it instead of blocking that traffic.

That's a good explanation, specially if you use uT and have installed IPv6/Teredo.

my vista comes preinstalled with ipv6 and i don't install ipv6/teredo using my p2p app


What's your BitTorrent client? uTorrent 1.8+ and Azureus can take advantage of IPv6. Maybe you've installed the IPv6 protocol for your connection? Check "network connections" - I personally only have IPv4 installed and nothing else.

If you have v6 installed and don't need it, remove it instead of blocking that traffic.

is it possible to disable ipv6 on utorrent 1.8+ or azureus? i don't use that client if you asked lol
hmm.. i don't think that ipv6 is useful at the moment but i also don't like to ruin the stabilization of my system, i probably will keep it for now


n003-000-000-000.static.ge.com doesn't resolve to anything (looks like a General Electric-owned address, though)

that's funny, the firewall first show ip number then changed to that in second or two, probably it will work the other way around, hmm...

my vista comes preinstalled with ipv6 and i don't install ipv6/teredo using my p2p app

That'd be the cause. Your OS knows about IPv6, and therefore your BT client tries to use it. It's most likely because of your ISP/a tracker/peers supporting it.


is it possible to disable ipv6 on utorrent 1.8+ or azureus? i don't use that client if you asked lol
hmm.. i don't think that ipv6 is useful at the moment but i also don't like to ruin the stabilization of my system, i probably will keep it for now

With "BitTorrent client" I meant which client you use to transfer files over the BitTorrent protocol, i.e. uTorrent, Azureus, BitComet, etc.

It's not possible to hard-disable IPv6 in uTorrent 1.8+ - it will use it if available, and won't if you don't have it installed. But to make Azureus prefer v4 over v6 when both are installed, you can go to Tools -> Options -> Connection -> Advanced Network Settings, and untick "Prefer IPv6 addresses when both IPv6 and IPv4 are available".

And I understand what you mean - never touch a running system. :biggrin: But I have seen reports of people that got their network to speed up, or even work at all, by disabling IPv6 when they didn't need it; so if you want to try, here (http://dotnetwizard.net/vista-stuff/disabling-ipv6-in-vista/)'s how to do it in Vista.


that's funny, the firewall first show ip number then changed to that in second or two, probably it will work the other way around, hmm...

Perhaps your ISP's DNS servers are making it resolve to something, while here it doesn't. I'm using OpenDNS.

To find out what hostname is associated to an IP address, you can use ping -a. For example,

ping -a x.x.x.x
would x.x.x.x's associated domain name. This doesn't always work.