Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Something talking to Adobe when their software is not installed??

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      firewalluser
      last edited by

      Noticed a few weird entries in the fw log,

      Jan 10 14:12:59 Direction=OUT WAN Icon Easy Rule: Add to Block List 80.44.233.2:59253
      80-44-233-2.dynamic.dsl.as9105.com Icon Easy Rule: Pass this traffic 66.235.148.128:80
      Cannot resolve TCP:S
      pass/100000101
      Jan 10 14:12:59 LAN Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 192.168.10.20:55333 Icon Easy Rule: Pass this traffic 66.235.148.128:80
      Cannot resolve

      The ip address seems to be linked to an address block assigned by Arin to Adobe, inc.

      Problem is I dont have any adobe software installed, no pdf no flash and there is no adobe software installed anywhere else, namely a set top tvbox and another windows 7 machine.

      So does anyone have any ideas why my machine and pfsense seem to be trying to connect to this ip address & port 80 even though in the browser nothing displays?

      Fw is only a few hours old, the win7 machine is a few days old from fresh installs.
      TIA.

      Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

      Asch Conformity, mainly the blind leading the blind.

      1 Reply Last reply Reply Quote 0
      • S
        Supermule Banned
        last edited by

        Adobe has a bonjour service and thats used by multiple vendors.

        Further more a lot of cookies refer to 2o7.net which is also Adobe.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          What has IP 192.168.10.20?

          1 Reply Last reply Reply Quote 0
          • F
            firewalluser
            last edited by

            Win7.

            Problem is the win7 machine was not being used at the time, so there was no reason for it to be going out online, this was the only ip address which I could resolve to an actual entity as well, there were lots of entries going out to servers I could not identify who they belong too, but the adobe ip address is the only one I could identitfy.

            I could understand if say Resolver (now default in 2.2rc) was going out to lookup dns entries but I'd see different traffic headed for a different destination port, but these are packets going to port 80 that when you use a browser to visit the ip address there's nothing displayed so its probably a backup route when whatever cant get out of the lan, as I cant block port 80 traffic for obvious reasons.

            Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

            Asch Conformity, mainly the blind leading the blind.

            1 Reply Last reply Reply Quote 0
            • jahonixJ
              jahonix
              last edited by

              @firewalluser:

              Problem is the win7 machine was not being used at the time,

              Does it mean that the device was switched off?

              You can, of course, just create a block rule for the IPs in question and enable logging.
              See which devices try to establish a connection.

              1 Reply Last reply Reply Quote 0
              • F
                firewalluser
                last edited by

                Just on the desktop, not being used.

                Problem with blocking ip's is dns entries change all the time especially with stuff going over akamami, fastly and other content providing networks, is there anything that keeps track of dns entry changes?

                Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

                Asch Conformity, mainly the blind leading the blind.

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  I would probably install an outbound firewall on the Win7 box and look at what's opening outbound connections. It's probably nothing to worry about though. Adobe make a lot of software that's used in many places.
                  Is this a clean install of Win7 or an OEM install complete with bloatware?

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • S
                    Supermule Banned
                    last edited by

                    Why no use the Packet Capture utility in pfSense?

                    1 Reply Last reply Reply Quote 0
                    • F
                      firewalluser
                      last edited by

                      @stephenw10:

                      I would probably install an outbound firewall on the Win7 box and look at what's opening outbound connections. It's probably nothing to worry about though. Adobe make a lot of software that's used in many places.
                      Is this a clean install of Win7 or an OEM install complete with bloatware?

                      Steve

                      Clean install from an iso, just windows no bloatware, apart from Intel Driver managerment tool which installs .net4.5 so that came off again to reduce the number of windows updates, firefox (NoScript & Cookie Controller), Avira, 7-zip, Win32DiskImager (copy pfsense iso to memstick) and thats it. Avira was installed first, then firefox.

                      @Supermule:

                      Why no use the Packet Capture utility in pfSense?

                      It times out after a while, so I've been using a raspberrypi hooked upto an external hd to log the data, but each time I've left it for any length of time as its got a 2tb drive, it crashes and trashes the data. Its fine for a few hours when I'm testing it, but anything above that it crashes so I never get a chance to do a really long packet capture to piece things together properly.

                      Edit.

                      If I wanted to change the way the packet capture works on pfsense, whats the best way of going about it?

                      TIA.

                      Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

                      Asch Conformity, mainly the blind leading the blind.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Change it in what way?
                        You can use tcpdump directly at the command line if the webgui doesn't have the options you need:
                        https://doc.pfsense.org/index.php/Sniffers,_Packet_Capture#tcpdump

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • F
                          firewalluser
                          last edited by

                          I'll see what I can do.

                          Still learning what I can and cant do on pfsense at the moment.

                          Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

                          Asch Conformity, mainly the blind leading the blind.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.