Results 1 to 8 of 8

Thread: My External Ip

  1. #1
    Newbie
    Join Date
    Aug 2019
    Posts
    3

    Default My External Ip

    This is my first post, so if this isn't the place to ask these questions, forgive me.

    Web Filter is sending me notifications that something is trying to reach "myexternalip. com"

    Is this something to be concerned with? If so, where do I begin investigating what is going on?


    Malware Sites website visit blocked:
    Web Filter blocked hxxx://myexternalip.com/raw (Malware Sites)

    Causal Event: WebFilterEvent
    {
    "reason": "BLOCK_CATEGORY",
    "appName": "web_filter",
    "requestLine": "GET hxxx://myexternalip.com/raw",
    "sessionEvent": {
    "entitled": true,
    "hostname": "PERMAN-Laptop",
    "CServerPort": 80,
    "protocol": 6,
    "protocolName": "TCP",
    "serverLatitude": 41.2616,
    "localAddr": "/192.168.100.162",
    "SServerAddr": "/216.239.32.21",
    "remoteAddr": "/216.239.32.21",
    "serverIntf": 1,
    "CClientAddr": "/192.168.100.162",
    "serverCountry": "US",
    "sessionId": 102630298152901,
    "SClientAddr": "/71.68.73.44",
    "clientCountry": "XL",
    "CClientPort": 49718,
    "policyRuleId": 0,
    "timeStamp": "2019-08-30 12:02:56.577",
    "serverLongitude": -96.182,
    "clientIntf": 2,
    "policyId": 1,
    "SClientPort": 38355,
    "bypassed": false,
    "SServerPort": 80,
    "CServerAddr": "/216.239.32.21",
    "tagsString": ""
    },
    "timeStamp": "2019-08-30 12:02:56.618",
    "flagged": true,
    "blocked": true,
    "category": "Malware Sites",
    "ruleId": 56,
    "categoryId": 56
    }

  2. #2
    Untangler
    Join Date
    Jul 2017
    Location
    Midlands, UK
    Posts
    56

    Default

    It looks like it is a laptop that is trying to access that URL.

    Do you have some sort of Dynamic DNS IP updater running on that laptop?

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,991

    Default

    No worries since it was blocked.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Newbie
    Join Date
    Aug 2019
    Posts
    3

    Default

    Not that I'm aware of. I just rebuilt this machine after the May update sent my computer until BSOD mode. (Literally just got it up and running today.)

    Would wireshark give me any clues as to what process is making the request?

  5. #5
    Newbie
    Join Date
    Aug 2019
    Posts
    3

    Default

    Quote Originally Posted by jcoffin View Post
    No worries since it was blocked.
    Just trying to learn this new tool a little bit. I'm not an IT pro, just an engineer trying to keep our network secure.

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,991

    Default

    Tcpview will show which process is generating the traffic.

    https://docs.microsoft.com/en-us/sys...nloads/tcpview
    sperman likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,698

    Default

    Quote Originally Posted by jcoffin View Post
    Tcpview will show which process is generating the traffic.
    10 to 1 it's chrome extension. Or maybe a facebook ad script or similar.
    Last edited by jcoehoorn; 08-30-2019 at 12:11 PM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.1.1 to protect 500Mbits for ~400 residential college students and associated staff and faculty

  8. #8
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,315

    Default

    netstat -o -b , then look at PID and identify them in task manager
    sperman likes this.
    The world is divided into 10 kinds of people, who know binary and those not

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2