2 Replies Latest reply on Aug 20, 2011 3:36 PM by theflyingmonkey

    Risky Connections

    theflyingmonkey

      Hi, I am using McAfee Internet Security and I was wondering how does McAfee determine whether or not a site/ip is risky?  I noticed that when I went to gamefaqs.com, my risky connection attempted and blocked went up by 1 or 2 counts.  I always went on gamefaqs.com and never had this happen before, but now it is happening and I checked to make sure it was gamefaqs.com by visiting the site 4 times and the total risky connection was up to about 8 or 10.

       

      If anyone needs to know about the firewall settings, I have it set to Stealth with firefox set to outgoing.  The ip address that is listed as a risky connection is 68.142.79.70, I haven't gone to gamefaqs.com for a while because of this.  So if anyone can help, such as the moderators I would appreciate it.

        • 1. Re: Risky Connections
          Peter M

          We would need a McAfee Firewall Technician to answer that as the internal workings of the software are never divulged to us I'm afraid.  Getting one on a weekend will be difficult.

           

          Are you talking about Incoming Events?   As you know they are info only on blocked attempts and can vary from machine to machine depending on where you are.

           

          I haven't seen any unusual activity as a result of going there myself but then my browsers are all set to their default settings and so is Firewall, which on my machine is Full access.

           

          All I know is that SiteAdvisor and WOT both approve of it:

           

           

          Capture.JPG

           

          Maybe someone will spot this that knows more than I do.

           

          Meanwhile I'll move this over to the Firewall section for better attention if you wish..

           

           

           

           

           

           

          .

           


           

          Message was edited by: Ex_Brit on 19/08/11 9:04:40 EDT PM
          • 2. Re: Risky Connections
            theflyingmonkey

            I am not sure if they are incoming events or not.  But if you go Navigation -> Security Report and then scroll down to Firewall, it says the Programs Allowed, Programs Blocked, ect.  In that section it said Risky Connections attempted, Risky Connections allowed, and Risky Connection Blocked.

             

            I didn't even know about this until I decided to check the Security Report and I noticed that it used to be zero and it was in the 20s for Connection attempted.  Since I only went to gamefaqs.com, I tried going on one more time and the connections increase by 2, I repeated this 3 more times and it just kept increasing.  When I went to other sites nothing.

             

            As for gamefaqs.com, I don't think that it is gamefaqs.com fault or anything because I managed to find the source of the Risky Connection which was the ip address 68.142.79.70.  I found this by going to Firewall -> Netguard.  It listed the last attempted connection by this ip and to be sure I tried going on gamefaqs.com 10 minutes later and the time changed.  By clicking the Arrow thing next to the ip it said that it was last attempted by Firefox.  When I tried on my Ubuntu virtual machine (also on outgoing), it would say last attempted by Oracle VM VirtualBox Manager.

             

            Looking around the internet I only found that gamefaqs.com ip address isn't 68.142.79.70, and that this ip belongs to limelight networks.  Since when I did a reverse ip lookup using http://www.yougetsignal.com/tools/web-sites-on-web-server/, and searched up gamefaqs.com the ip address didn't match.  I not sure but maybe there is something on gamefaqs.com that is part of a different site and is causing this like maybe the ads on gamefaqs.com are linked to 68.142.79.70.

             

            I really want to visit the site again, but I would like to see what a McAfee expert has to say about this connection by 68.142.79.70, since even though I have Firefox set to outgoing, my McAfee firewall set to Stealth and I don't have any script from gamefaqs.com allowed through NoScript.  I just want to find out why this is happening and should I be concerned?