Unauthorized internet access [Archive] - SUNFLOWERS Community Boards

View Full Version : Unauthorized internet access

mcJabba

14-02-2006, 02:31

Immediately after startup , KOH tries to access the internet and send data towards 64.158.176.215. This belongs to a company called Level3 :

Whois Information

Level 3 Communications, Inc. LC-ORG-ARIN (NET-64-152-0-0-1)
64.152.0.0 - 64.159.255.255
Akamai Customer Care LVLT-ACC-221-64-158-176-192 (NET-64-158-176-192-1)
64.158.176.192 - 64.158.176.255

# ARIN WHOIS database, last updated 2005-07-05 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

OrgName: Akamai Customer Care
OrgID: ACC-221
Address: 8 Cambridge Center
City: Cambridge
StateProv: MA
PostalCode: 02142
Country: US

NetRange: 64.158.176.192 - 64.158.176.255
CIDR: 64.158.176.192/26
NetName: LVLT-ACC-221-64-158-176-192
NetHandle: NET-64-158-176-192-1
Parent: NET-64-152-0-0-1
NetType: Reallocated
Comment:
RegDate: 2005-03-18
Updated: 2005-03-18

OrgTechHandle: MM2768-ARIN
OrgTechName: Michelle, Mersereau
OrgTechPhone: +1-888-421-1003
OrgTechEmail: ccare@akamai.com

Level3 in turn is afaict a web hosting company that deals in a lot of areas, difficult to tell what are they using the info transferred for:

<a href=http://www.level3.com /a>

Point is, the app is transmitting data without notifying the owner. Why , and what is trasmitting? Anybody cares to comment?

Jabba

Angryminer

14-02-2006, 10:38

Welcome to the forum, MCJabba! :halloha:
Nice find, though nobody ever cared to find out what KoH likes to exchange with the internet.
Oh, which version of KoH are you playing? The european? The american? Please note that no american company was involved in the development or distribution of KoH. Only german Sunflowers, the bulgarian Black Sea Studios, the european department of EA and Paradox Entertainment, which is based in Sweden, if I remember correctly.
Perhaps you want to do a virus-scan on your computer. :wink:

Angryminer

Webmaster

14-02-2006, 11:16

KoH is aksing the DNS system for it's own IP address. this is normally done via nslookup. you can determine this by using a network monitor like ethereal.

there is no private data transferred besides the computers IP address.

candelarius

14-02-2006, 16:48

I use Norton Internet Security, which I have prompted to notify me each time any application attempts to access the 'net. I find that every single PC game I have attempts to access the 'net every time I start up. So, this shouldn't be a big surprise.

Webmaster

14-02-2006, 17:00

does it tell the port? or type of communication?
DNS should be UDP 53

mcJabba

14-02-2006, 17:48

Level3 is hosting for Verizon which is my (laptop) ISP. Checked the package with Ethereal, doesn't look suspicious. The UDP port is 1079 or 1061 though. Anyway, false allarm, I'd say.

Thanks for the welcome, thanks webmaster and everyone for the quick replies.

Jabba