Using resmon, I figured out that on my Win 8.1, either my DNS cache service, or the [del]CryptoSvc[/del] [b][just made sure. It's not the Crypto, it's 100% DNS][/b] keeps transmitting a few dozen bytes whenever I do something on the web. None ever received. The addresses are ipv6 and are the following:
c0a8:101::
c0a8:101:1200:0:d0:46bd:1200:0
e000:fc:1200:0:70:929c:1200:0
What's creepy, is that no matter where I look them up, they are unregistered 0_0
Another thing is that I am currently visiting my family in Russia. The IP points to USA (this c0a8:101::) and the last one points to the "EU" (according to a lookup site).
What. Could it be a connection to Microsoft? I mean, if it's cryptosvc, then I would probably have received as well. This leads me to believe that it is my computer sending its fully qualified domain name to a DNS using the DNS client. But why EU? Why the States? I am plugged into a freaking router in Russia. My local DNS setting points to 192.168.1.1. Ok, fine. Let's check the router's DNS...
[code]
Сервер 1: 85.21.192.5
Сервер 2: 213.234.192.7
Сервер 3: 213.234.192.8
Сервер 4: 85.21.192.3
[/code]
Checking GeoIP, they're all in Moscow. I rest my case. There are NSAfags trying to steal my dickpics.
[QUOTE=Kiwi;52262294]CryptSvc is part of the Windows operating system and does the following:
Confirms signatures and makes sure that what you downloaded/install/use is legitimate.
Automatic Root Certificate management.
Windows Update and SSL.
[URL="https://www.bleepingcomputer.com/startups/cryptsvc.dll-25643.html"]Source[/URL][/QUOTE]
Yes, I know that. The only reason why I mentioned it, is because it's the only other service sharing the same PID as the DNS Client service. I can't stop it (don't want to), UAC starts to absolutely freak out even at programs shipped with Windows. And, also, if it were the cryptosvc, and not the DNS, there would also be received bytes on verification of signatures. This is not the case.
The real focus of this thread is: why does my DNS have anything to do with the States and the EU when I'm in Russia. Interesting story: my laptop is specifically a Canadian model of Acer Aspire E5. It even has the french stuff on the keyboard. This means that my Atheros Wi-Fi chip was most likely manufactured in the States. Spooky.
[editline]22nd May 2017[/editline]
Actually, never mind. I ran resmon first, and then stopped the crypto service. It is now with 100% certainty that the DNS Client is connecting to the addresses in question.
[editline]22nd May 2017[/editline]
Aaaand now there's "1 guest" reading this whole thing.
[editline]22nd May 2017[/editline]
I'm scared...
[QUOTE=Kiwi;52262384]It's probably trying to make sure it has internet.
It DOES phone home every so often to make sure it CAN connect and it can change the icon to either a yellow warning or non at all.
[/QUOTE]
Fair, but you would at least expect the IPs to come up as Microsoft. From googling them, and searching reverse lookup sites, nobody seems to have info on the IPv6 addresses... and when they do, they're not even allocated yet.
[QUOTE=Kiwi;52262384]
And if you're worried about people stealing your dick pics then you should stop being paranoid and take the tinfoil hat off so we can probe you already.[/QUOTE]
Never! >:V
[editline]22nd May 2017[/editline]
The only way is physical probe one floor below. But I'm currently working on tinfoil underwear :P
Those IPv6 addresses have not been allocated and will never get a response ([URL="https://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xhtml"]check this page out for a list of allocated addresses[/URL]). This also means the "locations" they point to are incorrect and I'm assuming the reason why you get US and EU is because of a bugged default location.
No idea why something is trying to connect there though. Could be a bug in something?
[QUOTE=Niteshifter;52270805]
No idea why something is trying to connect there though. Could be a bug in something?[/QUOTE]
Could be. Did anyone else manage to find those connections from said service? I'm running Windows 8.1 Enterprise x64, yes service packs and update roll-ups to latest (important ones only).
[editline]28th May 2017[/editline]
But if one were to find them in another Windows version, that would make me even less paranoid, I guess.
Sorry, you need to Log In to post a reply to this thread.