198.18.1.x address problems
Quote from: Anotherone Kevin, I have told you before, this is the 582n spooflist (the intercept cache table).
Anotherone,
If you had told me that, I think I would have remembered.
My observation though is that if this were a router issue, then I would expect the problem to be seen across a number of devices - it has only been seen on the Win8.1 platform and disappeared when that platform had its DNS server changed and remained "corrected" when the DNS resolver was switched back to the TG582n.
I have just looked at the list and do see some strange entries - many of which I have no intentional attempt to connect to.
Quote {Kevin}=>dns server debug spoof list
Spoof IP FQDN Real IP Flags
198.18.1.183 img.stb.s-msn.com 0.0.0.0 Not resolved
198.18.1.184 appexbingweather.trafficmanager.net 0.0.0.0 Not resolved
198.18.1.185 go.microsoft.com 0.0.0.0 Not resolved
198.18.1.186 img.s-msn.com 0.0.0.0 Not resolved
198.18.1.187 ws12.gti.mcafee.com 0.0.0.0 Not resolved
198.18.1.188 apis.google.com 0.0.0.0 Not resolved
198.18.1.189 fbcdn-sphotos-f-a.akamaihd.net 0.0.0.0 Not resolved
198.18.1.190 fbcdn-creative-a.akamaihd.net 0.0.0.0 Not resolved
198.18.1.191 dns.msftncsi.com 0.0.0.0 Not resolved
198.18.1.192 sqm.telemetry.microsoft.com 0.0.0.0 Not resolved
198.18.1.193 edge.quantserve.com 0.0.0.0 Not resolved
198.18.1.194 d.p-td.com 0.0.0.0 Not resolved
198.18.1.195 rtd.tubemogul.com 0.0.0.0 Not resolved
198.18.1.196 pixel.tapad.com 0.0.0.0 Not resolved
198.18.1.197 p.univide.com 0.0.0.0 Not resolved
198.18.1.198 cm.adgrx.com 0.0.0.0 Not resolved
198.18.1.199 plugin.mediavoice.com 0.0.0.0 Not resolved
198.18.1.168 www.samknows.com 0.0.0.0 Not resolved
198.18.1.169 sls.update.microsoft.com 0.0.0.0 Not resolved
198.18.1.170 fe2.ws.microsoft.com 0.0.0.0 Not resolved
198.18.1.171 www.fujitsu.com 0.0.0.0 Not resolved
198.18.1.172 ssl.gstatic.com 0.0.0.0 Not resolved
198.18.1.173 www.gstatic.com 0.0.0.0 Not resolved
198.18.1.174 urs.microsoft.com 0.0.0.0 Not resolved
198.18.1.175 www.google.com 0.0.0.0 Not resolved
198.18.1.176 updatekeepalive.mcafee.com 0.0.0.0 Not resolved
198.18.1.177 www.google.co.uk 0.0.0.0 Not resolved
198.18.1.178 client.wns.windows.com 0.0.0.0 Not resolved
198.18.1.179 sports.services.appex.bing.com 0.0.0.0 Not resolved
198.18.1.180 en-gb.appex-rf.msn.com 0.0.0.0 Not resolved
198.18.1.181 watson.telemetry.microsoft.com 0.0.0.0 Not resolved
198.18.1.182 su3.mcafee.com 0.0.0.0 Not resolved
The emboldened items I have (during looking at the issues on the Win8.1 platform) successfully connected to on the Win7 plat form - BOTH devices are using the same TG582n resolver - this is not making sense to me.
EDIT: As you suggest, the real point of interest here NOW is why these addresses are not getting resolved? Is one looking at a TG582n issue or (another) PN DNS issue?
Kevin
Grrrr!!
It has come back again!
There are no unresolved names in the TG spoof list.
ipconfig /displaydns makes no sense.
Thoughts anyone please? Does this look like malware at work? This is my new(ish) play platform whose "trial" AV expired on 12th Dec and I've yet to update it - this weekend's job which at present I cannot do due to URL resolution issues!
It has come back again!
There are no unresolved names in the TG spoof list.
ipconfig /displaydns makes no sense.
C:\Users\Kevin>ipconfig /displaydns
Windows IP Configuration
wpad
----------------------------------------
Name does not exist.
plus.net
----------------------------------------
Record Name . . . . . : plus.net
Record Type . . . . . : 1
Time To Live . . . . : 44049
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 212.159.9.2
Record Name . . . . . : plus.net
Record Type . . . . . : 1
Time To Live . . . . : 44049
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 212.159.8.2
C:\Users\Kevin>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kevin>ipconfig /displaydns
Windows IP Configuration
Could not display the DNS Resolver Cache.
C:\Users\Kevin>ipconfig /displaydns
Windows IP Configuration
C:\Users\Kevin>ipconfig /displaydns
Windows IP Configuration
client.wns.windows.com
----------------------------------------
Record Name . . . . . : client.wns.windows.com
Record Type . . . . . : 5
Time To Live . . . . : 36
Data Length . . . . . : 8
Section . . . . . . . : Answer
CNAME Record . . . . : wns.notify.windows.com.akadns.net
Record Name . . . . . : wns.notify.windows.com.akadns.net
Record Type . . . . . : 5
Time To Live . . . . : 36
Data Length . . . . . : 8
Section . . . . . . . : Answer
CNAME Record . . . . : db3.wns.notify.windows.com.akadns.net
Record Name . . . . . : db3.wns.notify.windows.com.akadns.net
Record Type . . . . . : 5
Time To Live . . . . : 36
Data Length . . . . . : 8
Section . . . . . . . : Answer
CNAME Record . . . . : db3ab.wns.windows.com
Record Name . . . . . : db3ab.wns.windows.com
Record Type . . . . . : 1
Time To Live . . . . : 36
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 157.55.44.125
db3wns4011707.wns.windows.com
----------------------------------------
Record Name . . . . . : DB3WNS4011707.wns.windows.com
Record Type . . . . . : 1
Time To Live . . . . : 1796
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 157.55.236.121
C:\Users\Kevin>ipconfig /displaydns
Windows IP Configuration
isatap.lan
----------------------------------------
Name does not exist.
db3wns4011707.wns.windows.com
----------------------------------------
Record Name . . . . . : DB3WNS4011707.wns.windows.com
Record Type . . . . . : 1
Time To Live . . . . : 956
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 157.55.236.121
wpad
----------------------------------------
Name does not exist.
Thoughts anyone please? Does this look like malware at work? This is my new(ish) play platform whose "trial" AV expired on 12th Dec and I've yet to update it - this weekend's job which at present I cannot do due to URL resolution issues!
No, I'm trying to update it. Will try the uninstall!
EDIT: McAfee uninstalled / Re-installed / Rebooted and all fine... for an hour or so - broken again!
Totally confused! TG did report more unresolved spoofs - reason not known.
Google DNS resolves g.microsoft.com to different address to TG/PN DNS.
Wim8.1 platform cannot connect to g.microsoft.comn Win7 is OK.
EDIT: McAfee uninstalled / Re-installed / Rebooted and all fine... for an hour or so - broken again!
Totally confused! TG did report more unresolved spoofs - reason not known.
Google DNS resolves g.microsoft.com to different address to TG/PN DNS.
Wim8.1 platform cannot connect to g.microsoft.comn Win7 is OK.
Quote C:\Users\Kevin>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kevin>ipconfig /displaydns
Windows IP Configuration
Could not display the DNS Resolver Cache.
C:\Users\Kevin>ipconfig /displaydns
Windows IP Configuration
go.microsoft.com
----------------------------------------
Record Name . . . . . : go.microsoft.com
Record Type . . . . . : 5
Time To Live . . . . : 414
Data Length . . . . . : 8
Section . . . . . . . : Answer
CNAME Record . . . . : www.go.microsoft.akadns.net
Record Name . . . . . : www.go.microsoft.akadns.net
Record Type . . . . . : 1
Time To Live . . . . : 414
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 64.4.11.25
C:\Users\Kevin>ping go.microsoft.com
Pinging www.go.microsoft.akadns.net [64.4.11.25] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 64.4.11.25:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Users\Kevin>tracert go.microsoft.com
Tracing route to www.go.microsoft.akadns.net [64.4.11.25]
over a maximum of 30 hops:
1 5 ms 4 ms 4 ms dsldevice.lan [192.168.1.254]
2 52 ms 58 ms 79 ms lo0-central10.pcl-ag07.plus.net [195.166.128.188
]
3 70 ms 74 ms 79 ms link-b-central10.pcl-gw02.plus.net [212.159.2.18
6]
4 78 ms 64 ms 78 ms xe-9-0-0.pcl-cr02.plus.net [212.159.0.218]
5 71 ms 82 ms 66 ms ae2.pcl-cr01.plus.net [195.166.129.6]
6 70 ms 77 ms 76 ms ae1.ptw-cr01.plus.net [195.166.129.0]
7 74 ms 71 ms 71 ms ae2.ptw-cr02.plus.net [195.166.129.5]
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * ^C
C:\Users\Kevin>nslookup
Default Server: dsldevice.lan
Address: 192.168.1.254
> go.microsoft.com
Server: dsldevice.lan
Address: 192.168.1.254
Non-authoritative answer:
Name: www.go.microsoft.akadns.net
Address: 64.4.11.25
Aliases: go.microsoft.com
> server 8.8.8.8
Default Server: google-public-dns-a.google.com
Address: 8.8.8.8
> go.microsoft.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: www.go.microsoft.akadns.net
Address: 134.170.184.137
Aliases: go.microsoft.com
> exit
C:\Users\Kevin>tracert 134.170.184.137
Tracing route to 134.170.184.137 over a maximum of 30 hops
1 8 ms 6 ms 4 ms dsldevice.lan [192.168.1.254]
2 44 ms 37 ms 52 ms lo0-central10.pcl-ag07.plus.net [195.166.128.188
]
3 47 ms 45 ms 46 ms link-b-central10.pcl-gw02.plus.net [212.159.2.18
6]
4 46 ms 46 ms 46 ms xe-9-0-0.pcl-cr02.plus.net [212.159.0.218]
5 46 ms 45 ms 47 ms ae2.pcl-cr01.plus.net [195.166.129.6]
6 47 ms 44 ms 46 ms ae1.ptw-cr01.plus.net [195.166.129.0]
7 46 ms 46 ms 46 ms igblmdistc7504.uk.msft.net [195.66.224.140]
8 116 ms 119 ms * ae15-0.nyc-96cbe-1b.ntwk.msn.net [207.46.45.225]
9 139 ms 133 ms 133 ms ae5-0.yto01-96cbe-1b.ntwk.msn.net [207.46.39.118
]
10 133 ms 132 ms 134 ms ae0-0.yto01-96cbe-1a.ntwk.msn.net [207.46.38.56]
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 169 ms 168 ms 174 ms ae2-0.cys01-96cbe-1a.ntwk.msn.net [204.152.140.1
16]
16 * * * Request timed out.
17 191 ms 190 ms 190 ms 191.234.82.236
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
Quote from: Townman No, I'm trying to update it. Will try the uninstall!
EDIT: McAfee uninstalled / Re-installed / Rebooted and all fine... for an hour or so - broken again!
Do you really want to run McAfee that badly ?
Or just enable windows firewall and install windows defender
Quote from: npr Do you really want to run McAfee that badly ?
It's worse than that,
Do you really want to run Windows that badly ?
Quote from: purleigh
Do you really want to run Windows that badly ?
Yes
Funny guys!
Well Wiin8 has finally finished doing its updates which are not exactly verbose about anything actually happening. I'm now wondering if this problem is related to busy background coms.
I set the DNS to 8.8.8.8 for the duration (on the Win8 NIC) and successfully completely updated Win8.1. Really am learning to hate this version of Win with a real passion!
Now that the updating is complete, I have switched the DNS settings back to auto and will monitor what happens.
The whole thing has been quite confusing; in the past when I've seen these spoofed IPs it has been down to PN DNS issues and on my WIn7 platform. As above, today they have been seen only on the Win8 platform connected to the same router which has been working without issue for the Win7 PC.
DNS resolutions appear to be largely as expected, put pings refer to a spoofed IP. Completely confused as to what has been happening and why.
Any wisdom from the PN team would be most welcome.
Thank you to everyone for their input today - you just about stopped me throwing this piece of kit through the window, thereby avoiding me being cold this Christmas!
Kevin
Well Wiin8 has finally finished doing its updates which are not exactly verbose about anything actually happening. I'm now wondering if this problem is related to busy background coms.
I set the DNS to 8.8.8.8 for the duration (on the Win8 NIC) and successfully completely updated Win8.1. Really am learning to hate this version of Win with a real passion!
Now that the updating is complete, I have switched the DNS settings back to auto and will monitor what happens.
The whole thing has been quite confusing; in the past when I've seen these spoofed IPs it has been down to PN DNS issues and on my WIn7 platform. As above, today they have been seen only on the Win8 platform connected to the same router which has been working without issue for the Win7 PC.
DNS resolutions appear to be largely as expected, put pings refer to a spoofed IP. Completely confused as to what has been happening and why.
Any wisdom from the PN team would be most welcome.
Thank you to everyone for their input today - you just about stopped me throwing this piece of kit through the window, thereby avoiding me being cold this Christmas!
Kevin
You could have ceremoniously set fire to it, then you wouldn't be cold or have a broken window !
If anyone asks what on earth are you doing, just say you are testing the Windows firewall
If anyone asks what on earth are you doing, just say you are testing the Windows firewall
Sorry Kevin, I know your problem isn't funny, but that was.
Anotherone,
The secret of a good life is to have fun and laugh when you can - do not take technical trials too seriously. It has been trying weekend, this episode was preceded by configuration difficulties with an OKI printer, which apparently has a less than obvious configuration save / apply procedure. To say nothing of extending a network on a router to which I have no admin access!
Thank God tomorrow is another day, even if is is a Monday.
Kevin
The secret of a good life is to have fun and laugh when you can - do not take technical trials too seriously. It has been trying weekend, this episode was preceded by configuration difficulties with an OKI printer, which apparently has a less than obvious configuration save / apply procedure. To say nothing of extending a network on a router to which I have no admin access!
Thank God tomorrow is another day, even if is is a Monday.
Kevin