What is this exactly

[Hamzah Abusamak 0]

I am getting this  from time to time, I dont know what is about

plus I dont know what program is going to recieve the incoming connection.

[Arakasi 549]

Hello,

A whois returns the following:

inetnum: 82.221.105.0 - 82.221.105.255
netname: IS-ORANGEWEBSITE
descr: OrangeWebsite.com
country: IS
org: ORG-OFO1-RIPE
admin-c: OTD3-RIPE
tech-c: OTD3-RIPE
status: ASSIGNED PA
mnt-by: MNT-ADVANIA
source: RIPE # Filtered

organisation: ORG-OFO1-RIPE
org-name: OrangeWebsite Finland Oy
org-type: OTHER
address: Hannikaisenkatu 14
abuse-c: OTD3-RIPE
mnt-ref: MNT-ADVANIA
mnt-by: MNT-ADVANIA
source: RIPE # Filtered

role: OrangeWebsite.com Technical Department
address: OrangeWebsite.com
address: Klapparstigur 7
address: 101 Reykjavik
address: Iceland
abuse-mailbox: abuse@orangewebsite.com
admin-c: AK12182-RIPE
tech-c: AK12182-RIPE
mnt-by: MNT-ADVANIA
nic-hdl: OTD3-RIPE
source: RIPE # Filtered

[Arakasi 549]

It would appear they are a hosting company.

Do you have dealings or service with OrangeWebsite ?

[Hamzah Abusamak 0]

No OrangeWebsite I have no idea about it. the strange thing its an inbound traffic to nowhere.

[Arakasi 549]

Also take caution as port 5353 can be used for the following reasons:

 

-iChat, Mac OS X Bonjour/Zeroconf port
-Multicast DNS (MDNS) [iESG] (IANA official) Primarily on Mac OSX , possibly p2p ?
-Backdoor.Optix (2004.02.10) - a backdoor trojan horse that gives an attacker unauthorized access to an infected computer by opening TCP port 5353 and listening for incoming connections.
-Avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS IPv4 or IPv6 UDP packet to port 5353.
References: [CVE-2011-1002], [BID-46446]
-Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address.
References: [CVE-1999-0438]

 

Also see this link:

hxxp://www.pc-library.com/ports/tcp-udp-port/5353/

 

My recommendation is this:
 

Run an In-depth scan on all local drives for your system.

Edited March 24, 2014 by Arakasi

[Hamzah Abusamak 0]

Okay, but why there is no application path?

it says " a remote computer is attempting to communicate with an application on this computer"

 

Where is that local application ?

[Hamzah Abusamak 0]

Do you know that shodan.io for haxers

somone trying to access  the  computer ? right ?

Edited March 24, 2014 by Hamzah Abusamak

[Arakasi 549]

The application in question could be a reclusive executable, or an obfuscated one. Thus, recommend running a full in-depth scan.

I am unaware of shodan.io, where did you reference that ?

 

For now, i would check Remember Action (create rule) and Deny.

You can refer back if any of your applications begin to reveal issues, and delete the rule.

[Hamzah Abusamak 0]

ok

shodan.io  is  a website, type it on ur address bar

[Arakasi 549]

ok

shodan.io  is  a website, type it on ur address bar

 

I see now, you are right.

The domain must be behind the proxy orangewebsite or simply hosted there.

Edited March 24, 2014 by Arakasi

[Aryeh Goretsky 378]

Hello,

 

Shodan is a company which scans the public Internet for accessible computers.  In this case, it looks like they were scanning the IP range belonging to your ISP and attempted to connect to your computer.  This is why it is a good idea to run a firewall, and to place a router between your modem and computer, in order to block direct connection attempts from the Internet to your computer(s).

 

Regards,

 

Aryeh Goretsky

[Arakasi 549]

Thank you for the clarification Mr. Goretsky.

Very nice indeed.

[Hamzah Abusamak 0]

I see, by the way, how can I reset my Eset to the default values as it was first installed ?

[Arakasi 549]

Hi,

 

The best method is to uninstall and reinstall.

 

Manually will have a few steps.

 

To reset the firewall rules to default, follow the directions outlined here : hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN941

 

If you would like to reset to default settings and values of everything else you can open the Advanced setup and click the button labeled "Default" in the lower right corner.
 

[Hamzah Abusamak 0]

ok if i opt to uninstall and reinstall. can i  keep the updated signature ? I don't want to waste some megabytes downloading a new signature db

[Arakasi 549]

No, database is removed as well, and license.

 

Will have to use the later route of pressing default buttons and options etc.

Edited March 25, 2014 by Arakasi

[Hamzah Abusamak 0]

Why I can't delete or disable these things ?

I want to have the full control over every single process.

[Hamzah Abusamak 0]

I am getting crazy, what is this about ? what is that tracking and opencandy thing

[Arakasi 549]

Why I can't delete or disable these things ?

I want to have the full control over every single process.

Click the Toggle Application Tree to delete your rules.

[Arakasi 549]

I am getting crazy, what is this about ? what is that tracking and opencandy thing

 

Open Candy is malware. It is a classification of  adware called win32/OpenCandy

ESET detects this and i recommend running an In-depth scan on the system.

 

What is OpenCandy and why does it trigger a threat warning?

[Marcos 5,070]

I'd suggest running a full disk scan with both potentially unwanted and unsafe applications enabled. They are not malicious but you may not want to have them on your computer.