1 2 Previous Next 13 Replies Latest reply: May 24, 2011 5:17 PM by Peacekeeper RSS

    Risky Connection Blocked for Steam

    thegilpins

      Hi,

       

      McAfee firewall connection has blocked ip 208.64.202.252 for Steam.exe on my PC today.

       

      Can anyone please let me know why McAfee thinks this IP address is reisk for steam?

       

      Thanks

        • 1. Re: Risky Connection Blocked for Steam
          Hayton

          This IP address resolves to a server in Kansas somewhere - the map shows it in some distance from Wichita - belonging to or used by valvesoftware.com

           

          All the IP addresses on that server  - or at least in the range 208.64.202.10 to 208.64.202.252 - are showing red in the McAfee Labs Email Reputation assessment.

           

          This would seem to imply that the server has been hacked, or compromised in some way, to send spam email. If the server has been hacked it would also make any downloads from it suspect.

           

          I can find no definite evidence that it would be unsafe to download steam.exe from this server, but if you can get it from another server then I would advise you to do so.

          • 2. Re: Risky Connection Blocked for Steam
            Peacekeeper

            Peter I have been getting these popups for weeks.  Worth  talk about them in our next call but will have to wait till next week. Netguard is the cause as far as I can see.  As no this weeks call emailed you know who.

             

            Message was edited by: Peacekeeper on 22/05/11 1:44:32 PM
            • 3. Re: Risky Connection Blocked for Steam
              Hayton

              I'm puzzled by one thing. The IP address given does indeed resolve to valvesoftware.com according to the whois trace, but this address is not listed as one of their primary IP addresses according to the Threat Intelligence results.

               

              The possibility remains that the Domain Name Server is compromised in some way : the Google searches showed DNS tree listings from several sources associating that IP address with a range of unsavoury sites. When I tried to follow them through mcshield threw a fit and Chrome hung (Firefox went into a loop and started eating memory) so I don't know what that really means (it remains unchecked). Probably too much data being downloaded - the listings were long ones.

               

              (Correction : I can't replicate the search results in this user account because I set up Parental Controls to enforce Google Safesearch Strict. I'll have to wait until I go back to the admin account and try it again from there.)

               

              All I can see otherwise is that the sites operated by valvesoftware, and all its downloads, are safe; none of them appear to be on any blacklists anywhere. So this 'risky' connection is being blocked, I would say, just for spam (actual or potential). If you can find a way to Trust this address in your firewall, it might be safe to allow steam.exe to be downloaded.

               

              [Green] http---valvesoftware.com.png

              [Green] http---valvesoftware2.com.png

               

              Message was edited by: Hayton on 22/05/11 05:44:20 IST

               

              Message was edited by: Hayton on 22/05/11 06:03:38 IST
              • 4. Re: Risky Connection Blocked for Steam
                Peacekeeper

                thegilpins

                Open netguard  ie Web and email protection/ firewall and netguard you should see the address mentioned there. I have allowed it. Next time you get 1 take a pic and post it here please so I can pass it on. Steam got too many users to have this popup irritating people. If it is legit reason we'd better find out.

                • 5. Re: Risky Connection Blocked for Steam
                  thegilpins

                  Thanks guys. I will post of I get another message.

                   

                  I did get the same post for ip address 208.64.203.16 as well.

                   

                  Knowing these ip addresses belong to valve (the owner of steam) gives me some confidence that they are safe.

                   

                  Appreciate your quick replies.

                  • 6. Re: Risky Connection Blocked for Steam
                    Hayton

                    That IP address also shows as high-risk for email. Looking at the mail traffic stats I think I can see why the mail servers (if that's what they are) have been flagged as suspect : there are periodic spikes in the traffic, which is often associated with spam email attacks. There may be a perfectly good explanation for the spikes, but the monitoring programs just report what they find.

                    208.64.203.16 - IP - McAfee Labs Threat Center.png

                    valvesoftware.com - Domain - McAfee Labs Threat Center.png

                    • 7. Re: Risky Connection Blocked for Steam
                      thegilpins

                      Still getting further ip addresses blocked for steam. Attached is an image that shows them.

                       

                      Blocks.png

                      • 8. Re: Risky Connection Blocked for Steam
                        Peacekeeper

                        Thanks can you post the actual popup so I can discusss with the techs when they start work

                        • 9. Re: Risky Connection Blocked for Steam
                          thegilpins

                          Hi,

                           

                          Here is a popup as requested:

                           

                          Block.jpg

                          1 2 Previous Next