I find this behavior most discouraging.
Why is it doing that?
And more importantly, how do I turn it off?
its sending us all your personal files!
helo david,
vvvv by itself does not access the internet. if you are starting vvvv as boygrouping /server or /client it will access the network you specified and there may be specific nodes in a patch you open that start a network communication. but vvvv itself does not phone home or anywhere else!
This is the IP (and port) that the firewall blocked for vvvv.exe
And no, I did not start it as a boygroup client/server. It’s a vanilla unzip.
62.41.85.115:2304
62.41.85.26:2305 :2309 (two different ports)
62.41.85.98:
62.41.85.8:2312
64.18.21.1:2313
194.7.115.81:2300 :2316 (two different ports)
edit The destination port is actually port 80. The above ports where source ports.
Most of them is in the Netherlands from what I can see.
If I block vvvv permanently I can see it sends requests about once a second or so in the log.
\o/
It appears to only happen once when vvvv it fresh from unzip.
It won’t run without this communication taking place (just hangs until I let it chat).
I have a packet capture that I can analyze tomorrow when I have time.
sounds scary…
running
netstat -abo
in a dosbox shows a list of processes and their udp/tcp connections. can you actually see those connections there?
also probably try to virusscan vvvv.exe
anybody else with that behavior?
nope… no text …
My firewall (comodo) also told me that vvvv wanted to access the internet. I somehow thought (really don´t know why) it might be the new Screenshotter and didn´t investigate further. will do tomorrow.
It s obvious that Julian Assange is responsible for that…
I tried again today and strangely vvvv doesn´t want to connect to the internet anymore. But I also had look at the firewall log and as I already mentioned vvvv had tried to access the internet.
62.41.85.115 SourcePort: 51366 Dest-Port: 80
62.41.85.8 SourcePort: 61225 Dest-Port: 80
VVVV does not appear to do it any more to me ether.
From the pcap I made it does not appear to be malicious at least.
Although you can’t actually see the sender app in the capture it’s IP address lines up with the one that I posted above as well as the time vvvv started.
It appear to request a RSS feed from BBC containing “The latest stories from the Home section of the BBC News web site.”
It got bounced around two times with 301 moved permanently until it got a valid source for the request.
Could be a dll mismatch framing vvvv for a connection made by firefox.
The default bookmarks does include a RSS live bookmark pointing to BBC.
It’s ether a very weird coincidence or something triggered while loading vvvv.
But a professional firewall usually does not mistake in the source for the connection so I keep scratching my head here. Especially as others have reported the same IP.
Where you running FF at that time?
vvvv does seem to start reliably (and faster) now so who knows what happened.
I had the same thing happen a while ago (vvvv accessing the internet) but did not bother with it then(just killed it).
I got same: V4 is trying to get internet access. Mine is 224.0.0.252.
I attahed a wireshark caputre of it. But I dont understand it, apparently just trying to join a V2 group. (Are this the other two unknown twins of V3 and V4? ;D
Is it possible that is happens because the browser plugin of V4 is using Internet Eplorer ActiveX, where you have BBC feeds? And starting V4, loads Internet Explorer, which is looking for feeds?
myLogs.zip (393 Bytes)
224.0.0.252 isn’t exactly the internet.
As for 239.255.255.250
http://www.nthelp.com/upnpscrewup.htm
And finally
Btw I don’t have IE on my computer.
Might look a little deeper if I find inspiration.