netstat question

[tokyosky]

Hello everyone I hope I am in the right place,

I have a problem sending mail!
I get the following error message box.
---------
An error occurred while sending mail.The mail server responded.
x-warning:212.180.*.* is listed at dnsbl.njabl.org
(127.0.0.9pen proxy--1059092404)
---------
The above ip address is listed as the adsl port ipaddress on my
netgear DG834GT
router.

As I don't have a fixed IP address simply powering off and on my router
I am
allocated a new IP address, but...

The first time this happend I had just logged on to my ISP to send an
email,
and detected the send mail problem. I suspected the ISP of giving me a
banned IP address. This happend a further twice.

Since then every time I log on to my ISP I do a mail send test.
However it
has now happend to me after a log on period of some 6hrs logged on and
suspect my machine is compromised some how. What do you think ?

I am running xppro sp2 with all the latest patches. I have run
NISecurity and it has found nothing, likewise addaware and spybot comeup
with nothing too. Windows Security Task Manager shows nothing either.

I had gone to the following site http://www.grc.com/x/ne.dll?rh1dkyd2
to check out my internet vulnerability profiling and all is secure
but I can't help feeling my machine is compromised in some way.

I have been useing the netstat -b command to see the activity on my
machine but am at a loss to understand what is going on. I know that
ccProxy.exe is part of symantec and is in it's normal directory
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ccproxy.exe

I am more interested in the Foreign Address part? Like this one earlier

TCP Dell-:3686 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3688 66.249.93.104:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3735
a212-180-125-169.deploy.akamaitechnologies.com:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3737
a212-180-125-169.deploy.akamaitechnologies.com:http ESTABLISHED 1568
[ccProxy.exe]

----------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:3297 localhost:3298 ESTABLISHED 3576
[firefox.exe]

TCP Dell-:3298 localhost:3297 ESTABLISHED 3576
[firefox.exe]

TCP Dell-:3395 cache.napster.com:http TIME_WAIT 0
TCP Dell-:3398
a194-158-126-22.deploy.akamaitechnologies.com:http TIME_WAIT 0
TCP Dell-:3401
a194-158-126-24.deploy.akamaitechnologies.com:http TIME_WAIT 0
----------------------------


And more recently this:

C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3902 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3844 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3846 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3900 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3844 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3846 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3900 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3902 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3845 198.65.111.254:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3847 198.65.111.254:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3901 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3903 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3783 TIME_WAIT 0
TCP Dell-:1025 localhost:3904 TIME_WAIT 0
TCP Dell-:1025 localhost:3896 TIME_WAIT 0
TCP Dell-:3899 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:10865 192.168.0.1:49153 TIME_WAIT 0
TCP Dell-:64903 192.168.0.1:49153 TIME_WAIT 0
-------------------------------------------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3902 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3900 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3900 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3902 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3901 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3903 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3896 TIME_WAIT 0
TCP Dell-:1025 localhost:3783 TIME_WAIT 0
TCP Dell-:1025 localhost:3904 TIME_WAIT 0
TCP Dell-:3844 localhost:1025 TIME_WAIT 0
TCP Dell-:3846 localhost:1025 TIME_WAIT 0
TCP Dell-:3845 198.65.111.254:http TIME_WAIT 0
TCP Dell-:3847 198.65.111.254:http TIME_WAIT 0
TCP Dell-:3899 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:10865 192.168.0.1:49153 TIME_WAIT 0
TCP Dell-:64903 192.168.0.1:49153 TIME_WAIT 0
---------------------------------------------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3925 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3923 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3923 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3925 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3924 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3926 66.249.93.96:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3935 TIME_WAIT 0
TCP Dell-:1025 localhost:3931 TIME_WAIT 0
TCP Dell-:1025 localhost:3900 TIME_WAIT 0
TCP Dell-:1025 localhost:3933 TIME_WAIT 0
TCP Dell-:1025 localhost:3939 TIME_WAIT 0
TCP Dell-:1025 localhost:3902 TIME_WAIT 0
TCP Dell-:1025 localhost:3912 TIME_WAIT 0
TCP Dell-:1025 localhost:3910 TIME_WAIT 0
TCP Dell-:1025 localhost:3937 TIME_WAIT 0
TCP Dell-:3921 localhost:1025 TIME_WAIT 0
TCP Dell-:3927 localhost:1025 TIME_WAIT 0
TCP Dell-:3929 localhost:1025 TIME_WAIT 0
TCP Dell-:3915 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3920 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3922 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3928 64.41.142.230:http TIME_WAIT 0
TCP Dell-:3930 64.41.142.230:http TIME_WAIT 0
TCP Dell-:52723 192.168.0.1:49153 TIME_WAIT 0

You help in this regard would be most welcome.


--


Alan
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

If you're going through hell, keep going.
Sir Winston Churchill (1874 - 1965)
British Statesman, Prime Minister, Author

 

[gwtc]

Hello everyone I hope I am in the right place,

I have a problem sending mail!
I get the following error message box.
---------
An error occurred while sending mail.The mail server responded.
x-warning:212.180.*.* is listed at dnsbl.njabl.org
(127.0.0.9pen proxy--1059092404)
---------
The above ip address is listed as the adsl port ipaddress on my
netgear DG834GT
router.

As I don't have a fixed IP address simply powering off and on my router
I am
allocated a new IP address, but...

The first time this happend I had just logged on to my ISP to send an
email,
and detected the send mail problem. I suspected the ISP of giving me a
banned IP address. This happend a further twice.

Since then every time I log on to my ISP I do a mail send test.
However it
has now happend to me after a log on period of some 6hrs logged on and
suspect my machine is compromised some how. What do you think ?

I am running xppro sp2 with all the latest patches. I have run
NISecurity and it has found nothing, likewise addaware and spybot comeup
with nothing too. Windows Security Task Manager shows nothing either.

I had gone to the following site http://www.grc.com/x/ne.dll?rh1dkyd2
to check out my internet vulnerability profiling and all is secure
but I can't help feeling my machine is compromised in some way.

I have been useing the netstat -b command to see the activity on my
machine but am at a loss to understand what is going on. I know that
ccProxy.exe is part of symantec and is in it's normal directory
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ccproxy.exe

I am more interested in the Foreign Address part? Like this one earlier

TCP Dell-:3686 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3688 66.249.93.104:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3735
a212-180-125-169.deploy.akamaitechnologies.com:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3737
a212-180-125-169.deploy.akamaitechnologies.com:http ESTABLISHED 1568
[ccProxy.exe]

----------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:3297 localhost:3298 ESTABLISHED 3576
[firefox.exe]

TCP Dell-:3298 localhost:3297 ESTABLISHED 3576
[firefox.exe]

TCP Dell-:3395 cache.napster.com:http TIME_WAIT 0
TCP Dell-:3398
a194-158-126-22.deploy.akamaitechnologies.com:http TIME_WAIT 0
TCP Dell-:3401
a194-158-126-24.deploy.akamaitechnologies.com:http TIME_WAIT 0
----------------------------


And more recently this:

C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3902 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3844 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3846 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3900 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3844 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3846 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3900 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3902 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3845 198.65.111.254:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3847 198.65.111.254:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3901 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3903 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3783 TIME_WAIT 0
TCP Dell-:1025 localhost:3904 TIME_WAIT 0
TCP Dell-:1025 localhost:3896 TIME_WAIT 0
TCP Dell-:3899 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:10865 192.168.0.1:49153 TIME_WAIT 0
TCP Dell-:64903 192.168.0.1:49153 TIME_WAIT 0
-------------------------------------------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3902 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3900 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3900 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3902 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3901 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3903 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3896 TIME_WAIT 0
TCP Dell-:1025 localhost:3783 TIME_WAIT 0
TCP Dell-:1025 localhost:3904 TIME_WAIT 0
TCP Dell-:3844 localhost:1025 TIME_WAIT 0
TCP Dell-:3846 localhost:1025 TIME_WAIT 0
TCP Dell-:3845 198.65.111.254:http TIME_WAIT 0
TCP Dell-:3847 198.65.111.254:http TIME_WAIT 0
TCP Dell-:3899 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:10865 192.168.0.1:49153 TIME_WAIT 0
TCP Dell-:64903 192.168.0.1:49153 TIME_WAIT 0
---------------------------------------------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3925 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3923 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3923 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3925 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3924 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3926 66.249.93.96:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3935 TIME_WAIT 0
TCP Dell-:1025 localhost:3931 TIME_WAIT 0
TCP Dell-:1025 localhost:3900 TIME_WAIT 0
TCP Dell-:1025 localhost:3933 TIME_WAIT 0
TCP Dell-:1025 localhost:3939 TIME_WAIT 0
TCP Dell-:1025 localhost:3902 TIME_WAIT 0
TCP Dell-:1025 localhost:3912 TIME_WAIT 0
TCP Dell-:1025 localhost:3910 TIME_WAIT 0
TCP Dell-:1025 localhost:3937 TIME_WAIT 0
TCP Dell-:3921 localhost:1025 TIME_WAIT 0
TCP Dell-:3927 localhost:1025 TIME_WAIT 0
TCP Dell-:3929 localhost:1025 TIME_WAIT 0
TCP Dell-:3915 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3920 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3922 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3928 64.41.142.230:http TIME_WAIT 0
TCP Dell-:3930 64.41.142.230:http TIME_WAIT 0
TCP Dell-:52723 192.168.0.1:49153 TIME_WAIT 0

You help in this regard would be most welcome.

two things. Are you using a proxy server of some sort?

Otherwise, go discuss this with your isp. I don't see how its a
TB/Moz/Net problem, then again, I could be wrong though.

 

[tokyosky]

tokyosky wrote:

Hello everyone I hope I am in the right place,

I have a problem sending mail!
I get the following error message box.
---------
An error occurred while sending mail.The mail server responded.
x-warning:212.180.*.* is listed at dnsbl.njabl.org
(127.0.0.9pen proxy--1059092404)
---------
The above ip address is listed as the adsl port ipaddress on my
netgear DG834GT
router.

As I don't have a fixed IP address simply powering off and on my router
I am
allocated a new IP address, but...

The first time this happend I had just logged on to my ISP to send an
email,
and detected the send mail problem. I suspected the ISP of giving me a
banned IP address. This happend a further twice.

Since then every time I log on to my ISP I do a mail send test.
However it
has now happend to me after a log on period of some 6hrs logged on and
suspect my machine is compromised some how. What do you think ?

I am running xppro sp2 with all the latest patches. I have run
NISecurity and it has found nothing, likewise addaware and spybot comeup
with nothing too. Windows Security Task Manager shows nothing either.

I had gone to the following site http://www.grc.com/x/ne.dll?rh1dkyd2
to check out my internet vulnerability profiling and all is secure
but I can't help feeling my machine is compromised in some way.

I have been useing the netstat -b command to see the activity on my
machine but am at a loss to understand what is going on. I know that
ccProxy.exe is part of symantec and is in it's normal directory
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ccproxy.exe

I am more interested in the Foreign Address part? Like this one earlier

TCP Dell-:3686 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3688 66.249.93.104:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3735
a212-180-125-169.deploy.akamaitechnologies.com:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3737
a212-180-125-169.deploy.akamaitechnologies.com:http ESTABLISHED 1568
[ccProxy.exe]

----------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:3297 localhost:3298 ESTABLISHED 3576
[firefox.exe]

TCP Dell-:3298 localhost:3297 ESTABLISHED 3576
[firefox.exe]

TCP Dell-:3395 cache.napster.com:http TIME_WAIT 0
TCP Dell-:3398
a194-158-126-22.deploy.akamaitechnologies.com:http TIME_WAIT 0
TCP Dell-:3401
a194-158-126-24.deploy.akamaitechnologies.com:http TIME_WAIT 0
----------------------------


And more recently this:

C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3902 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3844 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3846 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3900 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3844 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3846 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3900 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3902 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3845 198.65.111.254:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3847 198.65.111.254:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3901 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3903 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3783 TIME_WAIT 0
TCP Dell-:1025 localhost:3904 TIME_WAIT 0
TCP Dell-:1025 localhost:3896 TIME_WAIT 0
TCP Dell-:3899 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:10865 192.168.0.1:49153 TIME_WAIT 0
TCP Dell-:64903 192.168.0.1:49153 TIME_WAIT 0
-------------------------------------------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3902 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3900 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3900 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3902 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3901 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3903 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3896 TIME_WAIT 0
TCP Dell-:1025 localhost:3783 TIME_WAIT 0
TCP Dell-:1025 localhost:3904 TIME_WAIT 0
TCP Dell-:3844 localhost:1025 TIME_WAIT 0
TCP Dell-:3846 localhost:1025 TIME_WAIT 0
TCP Dell-:3845 198.65.111.254:http TIME_WAIT 0
TCP Dell-:3847 198.65.111.254:http TIME_WAIT 0
TCP Dell-:3899 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:10865 192.168.0.1:49153 TIME_WAIT 0
TCP Dell-:64903 192.168.0.1:49153 TIME_WAIT 0
---------------------------------------------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3925 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3923 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3923 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3925 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3924 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3926 66.249.93.96:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3935 TIME_WAIT 0
TCP Dell-:1025 localhost:3931 TIME_WAIT 0
TCP Dell-:1025 localhost:3900 TIME_WAIT 0
TCP Dell-:1025 localhost:3933 TIME_WAIT 0
TCP Dell-:1025 localhost:3939 TIME_WAIT 0
TCP Dell-:1025 localhost:3902 TIME_WAIT 0
TCP Dell-:1025 localhost:3912 TIME_WAIT 0
TCP Dell-:1025 localhost:3910 TIME_WAIT 0
TCP Dell-:1025 localhost:3937 TIME_WAIT 0
TCP Dell-:3921 localhost:1025 TIME_WAIT 0
TCP Dell-:3927 localhost:1025 TIME_WAIT 0
TCP Dell-:3929 localhost:1025 TIME_WAIT 0
TCP Dell-:3915 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3920 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3922 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3928 64.41.142.230:http TIME_WAIT 0
TCP Dell-:3930 64.41.142.230:http TIME_WAIT 0
TCP Dell-:52723 192.168.0.1:49153 TIME_WAIT 0

You help in this regard would be most welcome.

two things. Are you using a proxy server of some sort?

Otherwise, go discuss this with your isp. I don't see how its a
TB/Moz/Net problem, then again, I could be wrong though.

No I am not running a server of anysort and I have sent a copy
to my ISP, what I was looking for was someone knowledgeable
in reading the output I got, sorry it's not yourself.
--


Alan
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

If you're going through hell, keep going.
Sir Winston Churchill (1874 - 1965)
British Statesman, Prime Minister, Author

 

[tokyosky]

tokyosky wrote:

Hello everyone I hope I am in the right place,

I have a problem sending mail!
I get the following error message box.
---------
An error occurred while sending mail.The mail server responded.
x-warning:212.180.*.* is listed at dnsbl.njabl.org
(127.0.0.9pen proxy--1059092404)
---------
The above ip address is listed as the adsl port ipaddress on my
netgear DG834GT
router.

As I don't have a fixed IP address simply powering off and on my router
I am
allocated a new IP address, but...

The first time this happend I had just logged on to my ISP to send an
email,
and detected the send mail problem. I suspected the ISP of giving me a
banned IP address. This happend a further twice.

Since then every time I log on to my ISP I do a mail send test.
However it
has now happend to me after a log on period of some 6hrs logged on and
suspect my machine is compromised some how. What do you think ?

I am running xppro sp2 with all the latest patches. I have run
NISecurity and it has found nothing, likewise addaware and spybot comeup
with nothing too. Windows Security Task Manager shows nothing either.

I had gone to the following site http://www.grc.com/x/ne.dll?rh1dkyd2
to check out my internet vulnerability profiling and all is secure
but I can't help feeling my machine is compromised in some way.

I have been useing the netstat -b command to see the activity on my
machine but am at a loss to understand what is going on. I know that
ccProxy.exe is part of symantec and is in it's normal directory
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ccproxy.exe

I am more interested in the Foreign Address part? Like this one earlier

TCP Dell-:3686 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3688 66.249.93.104:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3735
a212-180-125-169.deploy.akamaitechnologies.com:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3737
a212-180-125-169.deploy.akamaitechnologies.com:http ESTABLISHED 1568
[ccProxy.exe]

----------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:3297 localhost:3298 ESTABLISHED 3576
[firefox.exe]

TCP Dell-:3298 localhost:3297 ESTABLISHED 3576
[firefox.exe]

TCP Dell-:3395 cache.napster.com:http TIME_WAIT 0
TCP Dell-:3398
a194-158-126-22.deploy.akamaitechnologies.com:http TIME_WAIT 0
TCP Dell-:3401
a194-158-126-24.deploy.akamaitechnologies.com:http TIME_WAIT 0
----------------------------


And more recently this:

C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3902 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3844 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3846 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3900 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3844 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3846 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3900 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3902 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3845 198.65.111.254:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3847 198.65.111.254:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3901 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3903 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3783 TIME_WAIT 0
TCP Dell-:1025 localhost:3904 TIME_WAIT 0
TCP Dell-:1025 localhost:3896 TIME_WAIT 0
TCP Dell-:3899 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:10865 192.168.0.1:49153 TIME_WAIT 0
TCP Dell-:64903 192.168.0.1:49153 TIME_WAIT 0
-------------------------------------------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3902 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3900 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3900 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3902 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3901 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3903 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3896 TIME_WAIT 0
TCP Dell-:1025 localhost:3783 TIME_WAIT 0
TCP Dell-:1025 localhost:3904 TIME_WAIT 0
TCP Dell-:3844 localhost:1025 TIME_WAIT 0
TCP Dell-:3846 localhost:1025 TIME_WAIT 0
TCP Dell-:3845 198.65.111.254:http TIME_WAIT 0
TCP Dell-:3847 198.65.111.254:http TIME_WAIT 0
TCP Dell-:3899 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:10865 192.168.0.1:49153 TIME_WAIT 0
TCP Dell-:64903 192.168.0.1:49153 TIME_WAIT 0
---------------------------------------------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3925 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3923 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3923 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3925 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3924 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3926 66.249.93.96:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3935 TIME_WAIT 0
TCP Dell-:1025 localhost:3931 TIME_WAIT 0
TCP Dell-:1025 localhost:3900 TIME_WAIT 0
TCP Dell-:1025 localhost:3933 TIME_WAIT 0
TCP Dell-:1025 localhost:3939 TIME_WAIT 0
TCP Dell-:1025 localhost:3902 TIME_WAIT 0
TCP Dell-:1025 localhost:3912 TIME_WAIT 0
TCP Dell-:1025 localhost:3910 TIME_WAIT 0
TCP Dell-:1025 localhost:3937 TIME_WAIT 0
TCP Dell-:3921 localhost:1025 TIME_WAIT 0
TCP Dell-:3927 localhost:1025 TIME_WAIT 0
TCP Dell-:3929 localhost:1025 TIME_WAIT 0
TCP Dell-:3915 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3920 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3922 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3928 64.41.142.230:http TIME_WAIT 0
TCP Dell-:3930 64.41.142.230:http TIME_WAIT 0
TCP Dell-:52723 192.168.0.1:49153 TIME_WAIT 0

You help in this regard would be most welcome.

two things. Are you using a proxy server of some sort?

Otherwise, go discuss this with your isp. I don't see how its a
TB/Moz/Net problem, then again, I could be wrong though.

No I am not running a server of anysort and I have sent a copy
to my ISP, what I was looking for was someone knowledgeable
in reading the output I got, sorry it's not yourself.
--


Alan
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

If you're going through hell, keep going.
Sir Winston Churchill (1874 - 1965)
British Statesman, Prime Minister, Author

 

[gwtc]

tokyosky wrote:

Hello everyone I hope I am in the right place,

I have a problem sending mail!
I get the following error message box.
---------
An error occurred while sending mail.The mail server responded.
x-warning:212.180.*.* is listed at dnsbl.njabl.org
(127.0.0.9pen proxy--1059092404)
---------
The above ip address is listed as the adsl port ipaddress on my
netgear DG834GT
router.

As I don't have a fixed IP address simply powering off and on my router
I am
allocated a new IP address, but...

The first time this happend I had just logged on to my ISP to send an
email,
and detected the send mail problem. I suspected the ISP of giving me a
banned IP address. This happend a further twice.

Since then every time I log on to my ISP I do a mail send test.
However it
has now happend to me after a log on period of some 6hrs logged on and
suspect my machine is compromised some how. What do you think ?

I am running xppro sp2 with all the latest patches. I have run
NISecurity and it has found nothing, likewise addaware and spybot comeup
with nothing too. Windows Security Task Manager shows nothing either.

I had gone to the following site http://www.grc.com/x/ne.dll?rh1dkyd2
to check out my internet vulnerability profiling and all is secure
but I can't help feeling my machine is compromised in some way.

I have been useing the netstat -b command to see the activity on my
machine but am at a loss to understand what is going on. I know that
ccProxy.exe is part of symantec and is in it's normal directory
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ccproxy.exe

I am more interested in the Foreign Address part? Like this one earlier

TCP Dell-:3686 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3688 66.249.93.104:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3735
a212-180-125-169.deploy.akamaitechnologies.com:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3737
a212-180-125-169.deploy.akamaitechnologies.com:http ESTABLISHED 1568
[ccProxy.exe]

----------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:3297 localhost:3298 ESTABLISHED 3576
[firefox.exe]

TCP Dell-:3298 localhost:3297 ESTABLISHED 3576
[firefox.exe]

TCP Dell-:3395 cache.napster.com:http TIME_WAIT 0
TCP Dell-:3398
a194-158-126-22.deploy.akamaitechnologies.com:http TIME_WAIT 0
TCP Dell-:3401
a194-158-126-24.deploy.akamaitechnologies.com:http TIME_WAIT 0
----------------------------


And more recently this:

C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3902 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3844 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3846 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3900 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3844 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3846 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3900 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3902 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3845 198.65.111.254:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3847 198.65.111.254:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3901 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3903 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3783 TIME_WAIT 0
TCP Dell-:1025 localhost:3904 TIME_WAIT 0
TCP Dell-:1025 localhost:3896 TIME_WAIT 0
TCP Dell-:3899 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:10865 192.168.0.1:49153 TIME_WAIT 0
TCP Dell-:64903 192.168.0.1:49153 TIME_WAIT 0
-------------------------------------------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3902 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3900 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3900 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3902 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3901 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3903 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3896 TIME_WAIT 0
TCP Dell-:1025 localhost:3783 TIME_WAIT 0
TCP Dell-:1025 localhost:3904 TIME_WAIT 0
TCP Dell-:3844 localhost:1025 TIME_WAIT 0
TCP Dell-:3846 localhost:1025 TIME_WAIT 0
TCP Dell-:3845 198.65.111.254:http TIME_WAIT 0
TCP Dell-:3847 198.65.111.254:http TIME_WAIT 0
TCP Dell-:3899 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:10865 192.168.0.1:49153 TIME_WAIT 0
TCP Dell-:64903 192.168.0.1:49153 TIME_WAIT 0
---------------------------------------------------------
C:\Documents and Settings\alan>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP Dell-:1025 localhost:3925 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3923 ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3683 localhost:3684 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3684 localhost:3683 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3923 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3925 localhost:1025 ESTABLISHED 1412
[firefox.exe]

TCP Dell-:3924 66.249.93.99:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:3926 66.249.93.96:http ESTABLISHED 1568
[ccProxy.exe]

TCP Dell-:1025 localhost:3935 TIME_WAIT 0
TCP Dell-:1025 localhost:3931 TIME_WAIT 0
TCP Dell-:1025 localhost:3900 TIME_WAIT 0
TCP Dell-:1025 localhost:3933 TIME_WAIT 0
TCP Dell-:1025 localhost:3939 TIME_WAIT 0
TCP Dell-:1025 localhost:3902 TIME_WAIT 0
TCP Dell-:1025 localhost:3912 TIME_WAIT 0
TCP Dell-:1025 localhost:3910 TIME_WAIT 0
TCP Dell-:1025 localhost:3937 TIME_WAIT 0
TCP Dell-:3921 localhost:1025 TIME_WAIT 0
TCP Dell-:3927 localhost:1025 TIME_WAIT 0
TCP Dell-:3929 localhost:1025 TIME_WAIT 0
TCP Dell-:3915 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3920 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3922 p15193564.pureserver.info:http TIME_WAIT
0
TCP Dell-:3928 64.41.142.230:http TIME_WAIT 0
TCP Dell-:3930 64.41.142.230:http TIME_WAIT 0
TCP Dell-:52723 192.168.0.1:49153 TIME_WAIT 0

You help in this regard would be most welcome.

two things. Are you using a proxy server of some sort?

Otherwise, go discuss this with your isp. I don't see how its a
TB/Moz/Net problem, then again, I could be wrong though.

No I am not running a server of anysort and I have sent a copy
to my ISP, what I was looking for was someone knowledgeable
in reading the output I got, sorry it's not yourself.

I didn't ask if you're running a server. I asked if you're running
through a proxy.

 

[LnkWizard]

<SNIPPED>

I didn't ask if you're running a server. I asked if you're running

through a proxy.

Have either of you twits heard of snipping

---------------------------------------------------------------------
Lnkwizard2 MCNGP 2^5

http://www.mcngp.com
"He who does not test himself is worthless indeed"
---------------------------------------------------------------------

 

[Leonidas Jones]

snip

Have either of you twits heard of snipping

---------------------------------------------------------------------
Lnkwizard2 MCNGP 2^5

http://www.mcngp.com
"He who does not test himself is worthless indeed"

Have you heard of basic politeness? Also, have you heard of a proper
sig delimiter? dash dash space

Lee

 

[gwtc]

snip



Have you heard of basic politeness? Also, have you heard of a proper
sig delimiter? dash dash space

Lee

the guy is using OE. That explains everything.

 

[LnkWizard]

the guy is using OE. That explains everything.

It works for me, 'nuff said.

---------------------------------------------------------------------
Lnkwizard2 MCNGP 2^5

http://www.mcngp.com
"He who does not test himself is worthless indeed"
---------------------------------------------------------------------

 

[Enkidu]

Hello everyone I hope I am in the right place,

I have a problem sending mail! I get the following error message box.
--------- An error occurred while sending mail.The mail server
responded. x-warning:212.180.*.* is listed at dnsbl.njabl.org
(127.0.0.9pen proxy--1059092404) --------- The above ip address is
listed as the adsl port ipaddress on my netgear DG834GT router.

As I don't have a fixed IP address simply powering off and on my
router I am allocated a new IP address, but...

Is that exactly what the message said, or did you replace parts of the
IP with '*'? If not that IP address range '212.180.*.*' appears to be
blacklisted by this outfit:

http://www.njabl.org

The Mail Server that you are trying to send to appears to be using that
blacklist and NJABL probably lists your address because it is part of a
dynamic address range, or NJABL appears to think so, and someone in that
address range has been reported as an open proxy.

This is a matter that you should take up with your ISP. It seems that
you are not using your ISP to send email. It is unlikely that you
yourself are the open proxy, but there are sites out there that can
check for you.

Can you send emails to some people, but not to others?

Cheers,

Cliff

 

[Ed Mullen]

It works for me, 'nuff said.

---------------------------------------------------------------------
Lnkwizard2 MCNGP 2^5

http://www.mcngp.com
"He who does not test himself is worthless indeed"

What? What works for you? OE? With its demonstrated flaws? Of which
you, apparently, aren't aware. If you're striving for credibility you
missed.

http://www.google.com/search?query=outlook express quotefix&num=50
http://mozilla.edmullen.net/moz_sigtag.html

 

[Leonidas Jones]

What? What works for you? OE? With its demonstrated flaws? Of which
you, apparently, aren't aware. If you're striving for credibility you
missed.

http://www.google.com/search?query=outlook express quotefix&num=50
http://mozilla.edmullen.net/moz_sigtag.html

I note the cross post here. Perhaps our friend is reading this in a
group where politeness is frowned upon, working sig delimiters are
against guidelines, and OE is the ap of choice. Son of a gun, there are
two MS groups aren't there?

To the OP: crossposting is rarely a good idea. On the rare occasions
where it is indicated, the crosspost should be clearly indicated in body
of the message, and a followup group for further discussion set.

Followup set to alt.fan.mozilla

Lee

 

[tokyosky]

Is that exactly what the message said, or did you replace parts of the
IP with '*'? If not that IP address range '212.180.*.*' appears to be
blacklisted by this outfit:

http://www.njabl.org

The Mail Server that you are trying to send to appears to be using that
blacklist and NJABL probably lists your address because it is part of a
dynamic address range, or NJABL appears to think so, and someone in that
address range has been reported as an open proxy.

This is a matter that you should take up with your ISP. It seems that
you are not using your ISP to send email. It is unlikely that you
yourself are the open proxy, but there are sites out there that can
check for you.

Can you send emails to some people, but not to others?

Cheers,

Cliff

Apologies for cross posting, if it offends anyone, there seems to be
differing
opinions on what is polite. Offending the principles of the group is
not going
to get me advice from those I can learn from. So thank you Cliff for your
response.

I am not using a proxy and send via the ISP mail server, with no sending
difficulties at all. In the error message I got I replaced the
figures with * so the
ban was specific to one address.

I originally suspected my ISP of providing me with blacklisted IP
addresses and
have been in touch with them since the beginning on this.

However my ISP is French and so I have not posted their response here.
Basically
the advice I have been given is to go about unblocking the IP address
with the njabl.org

I will test my machine to see if it's an open proxy.

Thank you for your input.



Alan
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

If you're going through hell, keep going.
Sir Winston Churchill (1874 - 1965)
British Statesman, Prime Minister, Author