Results 1 to 7 of 7
  1. #1
    3 Star Lounger
    Join Date
    Feb 2001
    Posts
    369
    Thanks
    2
    Thanked 1 Time in 1 Post
    I'm concerned that lots of basic apps, including explorer, and other random apps that have little or no business connecting to the internet, keep trying to connect to the internet via protocol 41.

    I understand(ish) that protocol 41 is tunnelling IPv6 datagrams via IPv4 packets.
    The IP addresses that most of these packets are directed to is hit-nxdomain.opendns.com, which I know is the OpenDNS address that OpenDNS servers resolve unresolvable domains to. I use openDNS as backup to my ISP's DNS servers, which are specified, as my routers seem poor at forwarding DNS requests for reasons I've never understood.

    What I don't understand is why such a wide variety of apps are sending these packets. I'm assuming it's something to do with Windows 7 networking, but I don't like it.

    I also don't understand if, for this traffic, the DNS servers would actually be those listed under the IPv6 tabs in my connection properties, rather than those under IPv4.

    Can anybody explain?

    Thanks

  2. #2
    Super Moderator Deadeye81's Avatar
    Join Date
    Dec 2009
    Location
    North Carolina, USA
    Posts
    2,654
    Thanks
    7
    Thanked 113 Times in 97 Posts
    Hi Mark,

    I do not have a definitive answer at this point, but some questions.

    Have you actively scanned for any malware on your computer?

    Perhaps this is connected to the HomeGroup feature built into Windows 7? Are Homegroups enabled or disabled on your machine? If it has not been disabled, you might do so to see what impact that would have on what you are observing. Homegroups require IPv6, and that is most likely one reason Windows 7 comes with IPv6 enabled by default at this time.
    Deadeye81

    "We make a living by what we get, we make a life by what we give." Sir Winston Churchill

  3. #3
    5 Star Lounger
    Join Date
    Jan 2010
    Location
    Los Angeles, CA
    Posts
    828
    Thanks
    4
    Thanked 38 Times in 34 Posts
    What I don't understand is why such a wide variety of apps are sending these packets.
    Another possibility is that many apps today "call home" to determine if there are updates. And some apps even use internet services for various reasons. Without knowing the individual apps it would be hard to give a definitive answer. (And as Gerald mentioned, Windows networking is also very chatty, especially if you set up a home group, or share anything among a network of computers, or if you are in a corporate network.)

  4. #4
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    South of the North Pole
    Posts
    919
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Windows networking is also very chatty
    Especially 7...its like an instant 4-alarm fire drill whenever I lose the network connection for any reason and I have a half dozen network windows open, so I know its checking the connection all the time, maybe even by the second judging how fast the response is. XP is much more laid back, might not even say a word until you actually try to negotiate with one of the network windows.

  5. #5
    3 Star Lounger
    Join Date
    Feb 2001
    Posts
    369
    Thanks
    2
    Thanked 1 Time in 1 Post
    Thanks for all your thoughts.

    After posting this, I disabled Teredo, but, surprisingly, the activity continues.

    After reading your posts, I've stopped the homegroup services, but that hasn't seemed to solve the problem either.

    I take the point about apps phoning home, but nothing is allowed out of my computer without explicit permission, and the strange thing is that none of the apps tries to phone home via a conventional port/protocol, or even tries to access their home network - all the activity is to hit-nxdomain.opendns.com.

    Baffled.

  6. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    You can always download Wireshark and check what those apps are trying to do at that address.
    Rui
    -------
    R4

  7. #7
    5 Star Lounger
    Join Date
    Dec 2003
    Location
    Burrton, KS, USA
    Posts
    833
    Thanks
    0
    Thanked 2 Times in 2 Posts
    You say that you have disabled Teredo. What happens if you go into the NIC settings and disable IPV6? (this will break homegroups but you are just testing at this point.)

    I don't like this mixture of protocols. It is complicated enough that I am not sure I understand it and so am not sure that there is not a hole in my firewall because of it........

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •