Who's Been Sleeping in My Bed?
December 5, 2012 7:10 AM   Subscribe

I installed PeerBlock recently, and am amazed how much it is blocking. Who are these guys, how did they get in my computer, and what can I do about it?

The list includes, but is not limited to:
  • IPredator VPN
  • Sony Network Taiwan
  • Trident Mediaguard
  • Chunghwa Telecom
  • DTAPS Copenhagen
  • Savvis
  • Evidenzia GmbH
  • China Daqing of Technology Network
  • Detected AP2P on True Internet
  • Detected AP2P on Smart Broadband
They all seem to be using UDP. I have Microsoft Security Essentials running and Ad-Aware.
posted by ubiquity to Computers & Internet (9 answers total) 15 users marked this as a favorite
Response by poster: Ewww, and Halliburton! Ewwwww!!!
posted by ubiquity at 7:12 AM on December 5, 2012 [1 favorite]

Security Essentials efficacy may have waned. It was the only AV to fail a recent independent test.

Get MalwareBytes, scan regularly.

HijackThis is another good free option for tracking changes to your computer.

... anyway, there are tons of software and Windows solutions in response to "what can I do about it" but I'll let someone more informed take it.

I'd guess most of those Chinese publishers are bs security software or some sort of foistware, but I'm not familiar with most of them. The Sony thing is clearly from one of their bullshit DVDs or Cds or games, I guess.
posted by mrgrimm at 7:21 AM on December 5, 2012 [1 favorite]

Are you running a torrent program?
posted by demiurge at 7:22 AM on December 5, 2012

PeerBlock comes from the torrent world and was conceived as a way to torrent without the "bad guys" seeing you, the "bad guys" being media and government entities that could potentially sue or prosecute you for downloading/uploading illegal content. As a result it has a kitchen sink approach to blocking. If it even has a whiff of being "bad" it gets tossed in. Hence Halliburton and even totally innocuous stuff like Savvis, which is a backbone Internet provider.

As for why you're connecting to these, either you're running a torrent program or your computer is infected as part of a botnet or something and connecting to a LOT of IPs around the world.
posted by zsazsa at 7:43 AM on December 5, 2012 [2 favorites]

Response by poster: Yes, running a torrent. —whistles innocently—
posted by ubiquity at 7:51 AM on December 5, 2012 [1 favorite]

Who are these guys, how did they get in my computer, and what can I do about it?

They are not "in" your computer; someone using their network is attempting to connect to you/your torrent program. You are already doing the thing you can be doing about it; blocking their attempts to connect. However, some of the ones you listed, e.g. ipredator are probably nonthreatening.
posted by beerbajay at 7:54 AM on December 5, 2012 [7 favorites]

If you're running a torrent, you're setting your computer to potentially connect to any other computer on the network that requests the same files that you do. Trident Mediaguard and Evidenzia are a concern, they certainly don't have your interests in mind. Chunghwa Telecom is just an ISP and probably harmless. Same with Sarvvis.

My recommendation is to kill the torrent and see what connections you're making without it. That will narrow down things to see if your computer is infected with some malware.
posted by demiurge at 8:07 AM on December 5, 2012

Who are these guys

It can be pretty much anyone. The blacklists for PeerBlock and similar programs are notoriously inaccurate. The idea is to block any sort of organization that is trying to disrupt or monitor your P2P sharing, but since the blacklist relies mainly on guesswork you will get a lot of false positives and false negatives.

how did they get in my computer

When you download and seed a torrent on a public torrent tracker, anyone else on the internet can join the swarm for that torrent and interact with your computer. By default you will download from anyone who advertises having the file, and upload to anyone who wants the data you've downloaded. The main point of something like PeerBlock is to ensure that you don't accidentally upload data to an organization that is going to use that information against you in a lawsuit or complaint to your ISP. This does not really work though because in most cases those organizations are lazy and just count all of the IP addresses listed in the swarm as infringing without actually connecting to any of them (for example, in one research study they posted an IP address of a networked printer to a public tracker, which would of course never transferred any data and would block all BitTorrent traffic, and they still received dozens of infringement notices for that IP address). At any rate these blocked requests are almost certainly not doing anything to your computer.

what can I do about it?

If you don't want a lot of random people connecting to your computer, stop using public trackers. Although there will always be weird requests that you'll see (usually blocked by your firewall) that will be from things like port scans for open SSH servers and whatnot. It's called Internet Background Noise. In general if you have a virus scanner, a decent firewall, and up-to-date software, you're not at much risk. If you use public trackers for downloading copyrighted with your home IP address and don't want your ISP to get infringement notices you are pretty much SOL though, you're going to get caught by somebody at some point.
posted by burnmp3s at 8:37 AM on December 5, 2012 [7 favorites]

If you don't want a lot of random people connecting to your computer, stop using public trackers.

THIS. A million times over. Research private trackers to find one that you are interested in. Or better yet, go with Usenet.
posted by kuanes at 9:16 AM on December 5, 2012

« Older How much extra safety would a crash helmet offer a...   |   Source of Mark Twain quotation Newer »
This thread is closed to new comments.