I was dealing with a FIOS TV issue when I saw some odd traffic on my only Windows box. (My Fiancé's pc) While both are blocked, I want to know what is going on, and could use some help.
Packet filter rule #7 TCP x.x.x.x:49854 → 111.68.17.154: 80 [SYN] len=52 ttl=127
Packet filter rule #8 TCP x.x.x.x:49856 → 187.45.205.56:80 [SYN] len=52 ttl=127
It seems that every time I open Firefox these two show up. I get the same packets on my Linux Laptop as well, so I do not think it is an infection. That made me think it was a plug in thing, so I disabled all her plug ins and tried again. I was still seeing these two IP's. I have ruled out the AV as well.
This led me to believe it is a Mozilla thing. Opening up IE on her box, with Firefox closed, does not produce these IP's in the log. This further boosted my suspicion that it is a Mozilla thing.
111.68.17.154 shows up as: JMF, Web Hosting Company, Japan
187.45.205.56 show it as a Brazil addres, but I get this message inside the response when I use dnsstuff. --> You don't have permission to use this service
Looking at the packets in Wireshark shows they are empty packets, data wise. 0 byte conversation. (They are all SYN packets)
Does anyone have any insight to these IP's and any relationship with Mozilla?
Thanks,
C68
This thread was automatically locked due to age.