Results 1 to 9 of 9

Thread: My External Ip

  1. #1
    Newbie
    Join Date
    Aug 2019
    Posts
    10

    Default My External Ip

    This is my first post, so if this isn't the place to ask these questions, forgive me.

    Web Filter is sending me notifications that something is trying to reach "myexternalip. com"

    Is this something to be concerned with? If so, where do I begin investigating what is going on?


    Malware Sites website visit blocked:
    Web Filter blocked hxxx://myexternalip.com/raw (Malware Sites)

    Causal Event: WebFilterEvent
    {
    "reason": "BLOCK_CATEGORY",
    "appName": "web_filter",
    "requestLine": "GET hxxx://myexternalip.com/raw",
    "sessionEvent": {
    "entitled": true,
    "hostname": "PERMAN-Laptop",
    "CServerPort": 80,
    "protocol": 6,
    "protocolName": "TCP",
    "serverLatitude": 41.2616,
    "localAddr": "/192.168.100.162",
    "SServerAddr": "/216.239.32.21",
    "remoteAddr": "/216.239.32.21",
    "serverIntf": 1,
    "CClientAddr": "/192.168.100.162",
    "serverCountry": "US",
    "sessionId": 102630298152901,
    "SClientAddr": "/71.68.73.44",
    "clientCountry": "XL",
    "CClientPort": 49718,
    "policyRuleId": 0,
    "timeStamp": "2019-08-30 12:02:56.577",
    "serverLongitude": -96.182,
    "clientIntf": 2,
    "policyId": 1,
    "SClientPort": 38355,
    "bypassed": false,
    "SServerPort": 80,
    "CServerAddr": "/216.239.32.21",
    "tagsString": ""
    },
    "timeStamp": "2019-08-30 12:02:56.618",
    "flagged": true,
    "blocked": true,
    "category": "Malware Sites",
    "ruleId": 56,
    "categoryId": 56
    }

  2. #2
    Untangler
    Join Date
    Jul 2017
    Location
    Midlands, UK
    Posts
    57

    Default

    It looks like it is a laptop that is trying to access that URL.

    Do you have some sort of Dynamic DNS IP updater running on that laptop?

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,261

    Default

    No worries since it was blocked.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Newbie
    Join Date
    Aug 2019
    Posts
    10

    Default

    Not that I'm aware of. I just rebuilt this machine after the May update sent my computer until BSOD mode. (Literally just got it up and running today.)

    Would wireshark give me any clues as to what process is making the request?

  5. #5
    Newbie
    Join Date
    Aug 2019
    Posts
    10

    Default

    Quote Originally Posted by jcoffin View Post
    No worries since it was blocked.
    Just trying to learn this new tool a little bit. I'm not an IT pro, just an engineer trying to keep our network secure.

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,261

    Default

    Tcpview will show which process is generating the traffic.

    https://docs.microsoft.com/en-us/sys...nloads/tcpview
    sperman likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,724

    Default

    Quote Originally Posted by jcoffin View Post
    Tcpview will show which process is generating the traffic.
    10 to 1 it's chrome extension. Or maybe a facebook ad script or similar.
    Last edited by jcoehoorn; 08-30-2019 at 12:11 PM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.2.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  8. #8
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,320

    Default

    netstat -o -b , then look at PID and identify them in task manager
    sperman likes this.
    The world is divided into 10 kinds of people, who know binary and those not

  9. #9
    Newbie
    Join Date
    Nov 2016
    Posts
    6

    Default

    I'm getting the same warning. It's coming from chrome. I have 6 extensions and am trying to pin it down.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2