Thread: DWX 1.3 weird connections
View Single Post
Old 01-19-11, 09:43 AM   #1
Castout
Silent Hunter
 
Join Date: Nov 2006
Location: Jakarta
Posts: 4,794
Downloads: 89
Uploads: 6
Default DWX 1.3 weird connections
Follow up from here

http://www.redrodgers.com/forums/sho...t=4912&page=69


Quote:
I've noticed that dangerous waters.exe to try to connect to the following without me actually trying to play with anyone(outbound connection).

IPv4: 111.94.x.x, 119.110.x.x (TCP destination port 80)
IPv6: ff02:1:ff61:75bd (ICMPv6)


Does anybody know what's going on?

I'm not accusing anything just found it strange I don't think the exe would need to communicate to any server.
Quote:
Umm thanks for the reply from my firewall log/event list actually


My adapter ini looks something like this. I tried playing online yesterday but it failed neither of us could see each other session. I've allowed dangerous waters.exe to connect out and accept connection. My firewall logged that I connected out to my opponent computer but I just couldn't see any session while the firewall never logged even any connection attempt from him when I tried to host(nothing logged as blocked and no incoming connection logged).

This file contains all adapters found on this system:
Local Area Connection - IPv6 - fe80:xxx:75bd
Teredo Tunneling Pseudo-Interface - IPv6 - 2001:0:4137xx6xx:e21f
Teredo Tunneling Pseudo-Interface - IPv6 - fe80:xxx:e21f
6TO4 Adapter - IPv6 - 2002xx:x:1de0
Local Area Connection - IPv4 - 118.136.29.224

As far as I know my iSP is not using any IPv6 protocol. Must be windows 7 thing perhaps.

And yesterday I noticed something which confused me too. While I was trying to host with ip 118.136.29.224(and my opponent's was 70.164.96.xx) the firewall logged that dangerouswaters.exe was connecting to 118.136.29.1, to port 1900 ??! Perhaps it was trying to tell the local network of the DW opened session?!
Quote:
Thanks for the suggestion

I don't think I'm having any problem with UPnP service. I think DW is trying to alert the local LAN maybe. It tries to connect to IPv6 and IPv4 addresses.

The IPv4 addresses is always showing as local ip(same country) either to port 1900 or port 80 and none other.

I'm sure it's only happening with DW.

Do I need to reinstall the application?
As for Sertore asking whether the system is infected with malware I must say no. I've scanned the system from time to time and the system itself is no more than 2 months old. However because of me being a political activist I believe I've been a victim of hacking from time to time especially in 2009 and in the week when I just got this new rig but unless the hacking did serious damage as to not allow the system to boot successfully I would never be sure whether I've been victimized by such attacks.
__________________
Castout is offline   Reply With Quote