Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 1631 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SophosAutoUpdate connects to strange places

Dereck

Hi

I´m running Sophos Anti-Virus for Mac Home Edition on OS X Lion.

I recently installed Little Snitch to monitor my network traffic. Right after that I noticed that SophosAutoUpdate connects to really strange addresses. Network monitors connection history shows that SophosAutoUpdate has connected to b.scorecardresearch.com and o.aolcdn.com. These addresses seem to have something to do with internet tracking, scary.

Does anyone have an idea what´s going on?

Has anyone else noticed that SophosAutoUpdate connects to these places?

Should I be worried?

Thank you in advance.

:1005531


This thread was automatically locked due to age.
Parents
  • 0

    Hello Dereck,

    I'm not using Little Snitch, so I can't tell how it resolves the names.

    Using the host command in a terminal window lets you resolve names to addresses and do reverse lookups (IP to name). So host es-web-4.sophos.com returns something like

    es-web-4.sophos.com is an alias for es-web-4.sophos.com.edgesuite.net

    es-web-4.sophos.com.edgesuite.net is an alias for xnnn.y.akamai.net

    xnnn.y.akamai.net had address nnn.nnn.nnn.nnn

    Usually you get two different addresses, they depend on your location. They idea is that you get a host "near" you for a vendor's service. Using host nnn.nnn.nnn.nnn normally gives you xnnn-nnn-nnn-nnn.deploy.akamaitechnologies.com though (and no hint which vendor/service uses this address). 

    Christian

    :1005539
Reply
  • 0

    Hello Dereck,

    I'm not using Little Snitch, so I can't tell how it resolves the names.

    Using the host command in a terminal window lets you resolve names to addresses and do reverse lookups (IP to name). So host es-web-4.sophos.com returns something like

    es-web-4.sophos.com is an alias for es-web-4.sophos.com.edgesuite.net

    es-web-4.sophos.com.edgesuite.net is an alias for xnnn.y.akamai.net

    xnnn.y.akamai.net had address nnn.nnn.nnn.nnn

    Usually you get two different addresses, they depend on your location. They idea is that you get a host "near" you for a vendor's service. Using host nnn.nnn.nnn.nnn normally gives you xnnn-nnn-nnn-nnn.deploy.akamaitechnologies.com though (and no hint which vendor/service uses this address). 

    Christian

    :1005539
Children
No Data