SirNicholasIV Posted May 23, 2012 Share Posted May 23, 2012 Malware bytes has told me it has blocked this twice now anyone know what it is? : IP-BLOCK 83.128.74.152 (Type: incoming, Port: 10167, Process: skype.exe) EDIT: I also find it especially weird the IP is in the netherlands.... 152-074-128-083.dynamic.caiway.nl Country : Netherlands Link to comment Share on other sites More sharing options...
Hum Posted May 23, 2012 Share Posted May 23, 2012 Maybe because it is an .exe ... ? Link to comment Share on other sites More sharing options...
Charisma Veteran Posted May 23, 2012 Veteran Share Posted May 23, 2012 I think it's this: http://www.iss.net/security_center/reference/vuln/PortalOfDoom.htm that's a known port it uses. I wasn't aware it could/would get in through Skype, though. Not 100% sure but I'd guess that's why Malwarebytes doesn't like it. Link to comment Share on other sites More sharing options...
Miuku. Posted May 23, 2012 Share Posted May 23, 2012 Skype uses a bunch of really nasty techniques and some that it relies on - like the P2P directory, my guess would be it's that. Or someone on your friends / contacts has contracted something nasty and is bombing that particular port. goretsky 1 Share Link to comment Share on other sites More sharing options...
+BudMan MVC Posted May 23, 2012 MVC Share Posted May 23, 2012 so how is port 10167 even open to your machine? Are you not behind a nat router? Or did the process open up that port via UPnP on your router? Is it tcp or udp? https://support.skype.com/en-us/faq/FA148/Which-ports-need-to-be-open-to-use-Skype What port do you have setup for skype to use? See the above link. goretsky 1 Share Link to comment Share on other sites More sharing options...
SirNicholasIV Posted May 23, 2012 Author Share Posted May 23, 2012 I just let it set the ports I didn't change anything.. also I am behind a cisco/linksys router. Link to comment Share on other sites More sharing options...
cybertimber2008 Posted May 23, 2012 Share Posted May 23, 2012 Can you post the output of "netstat -tna"? Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted May 23, 2012 MVC Share Posted May 23, 2012 I get this ALL the time. Taken from the Malwarebytes website Which was also the first result in a google search for "Malwarebytes skype" Skype is a Peer-to-Peer (P2P) application. This means that it connects to a wide variety of IP addresses dynamically in order to establish a connection from one point to another. Because of this, Skype may sometimes connect to IP addresses that are also known for hosting malicious content such as malware. For this reason, Malwarebytes Anti-Malware may block such connections, though this should not affect your usage of Skype or the quality of communication through Skype itself. If the notifications occur frequently and you wish to disable them while still allowing Malwarebytes Anti-Malware to continue protecting your PC by blocking the malicious websites, then you may do the following: Open Malwarebytes Anti-Malware and access the Protection tab Uncheck the box next to Show tooltip balloon when malicious website is blocked. Click the Exit button http://helpdesk.malw...are-block-skype goretsky 1 Share Link to comment Share on other sites More sharing options...
+BudMan MVC Posted May 23, 2012 MVC Share Posted May 23, 2012 "I just let it set the ports I didn't change anything.." Well then it prob is using that port.. And then opened on your router via UPnP? Do you have that enabled? No unsolicited traffic should even get to your machine from behind a nat router. So either the traffic is an answer to your initiated traffic, or you have the port open via a forward or a UPnP some software opened it up. for example not setting a port on skype to use, and letting it use UpnP. WW seems to have the answer to what the traffic is -- not some old trojan/backdoor. goretsky 1 Share Link to comment Share on other sites More sharing options...
Recommended Posts