Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Neotrace program snoops on me

Reply
Thread Tools

Neotrace program snoops on me

 
 
Tiny Toes
Guest
Posts: n/a
 
      02-01-2005
A little way back I installed a trace program with a GUI called Neotrace
by Neoworx inc, subsequently the program was bought out by a well-known
security firm. I rarely use the program unless i get consistently pinged
by a site.

I found out that every time i use this program it tries to contact an
address in the following range:

216.49.80.0
216.49.81.255

I am somewhat annoyed at this. The whole point of shelling out money for
the program in the first place was security and privacy!

Short of blocking these ip addresses, which I've done, there doesn't
seem much else to do. Any ideas? TIA.

 
Reply With Quote
 
 
 
 
Michael J. Pelletier
Guest
Posts: n/a
 
      02-02-2005
Tiny Toes wrote:

> A little way back I installed a trace program with a GUI called Neotrace
> by Neoworx inc, subsequently the program was bought out by a well-known
> security firm. I rarely use the program unless i get consistently pinged
> by a site.
>
> I found out that every time i use this program it tries to contact an
> address in the following range:
>
> 216.49.80.0
> 216.49.81.255
>
> I am somewhat annoyed at this. The whole point of shelling out money for
> the program in the first place was security and privacy!
>
> Short of blocking these ip addresses, which I've done, there doesn't
> seem much else to do. Any ideas? TIA.


Those addresses belong to Mcafee. What is strange is that those addresses
are a class C but end in 0 and 255 (network IP for 216.49.80 and broadcast
IP for 216.49.81). Unfortunately I am not familiar with the application or
how it works. Why would they want a "phone home" subroutine in their
software? Updates or Licenses maybe?

I am not sure what affect blocking the addresses will have. Have you tried
calling Mcafee?

Michael

 
Reply With Quote
 
 
 
 
Vanguard
Guest
Posts: n/a
 
      02-02-2005
"Tiny Toes" <"mimimi"@pqw67$!.pn> wrote in message
news:41ff689f$0$19079$(E-Mail Removed)...
>A little way back I installed a trace program with a GUI called
>Neotrace
> by Neoworx inc, subsequently the program was bought out by a
> well-known
> security firm. I rarely use the program unless i get consistently
> pinged
> by a site.
>
> I found out that every time i use this program it tries to contact an
> address in the following range:
>
> 216.49.80.0
> 216.49.81.255
>
> I am somewhat annoyed at this. The whole point of shelling out money
> for
> the program in the first place was security and privacy!
>
> Short of blocking these ip addresses, which I've done, there doesn't
> seem much else to do. Any ideas? TIA.
>



So where did you think all that data came from on showing you a map of
the hops in the route when tracing to a target host? You could install
a packet sniffer, like Ethereal and actually take a look to see what was
in the traffic between you and the McAfee host.

--
__________________________________________________ __________
Post your replies to the newsgroup. Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
__________________________________________________ __________

 
Reply With Quote
 
Michael J. Pelletier
Guest
Posts: n/a
 
      02-02-2005
Vanguard wrote:

So where did you think all that data came from on showing you a map of
the hops in the route when tracing to a target host?**You*could*install*
a packet sniffer, like Ethereal and actually take a look to see what was
in the traffic between you and the McAfee host.

If you are talking about the DNS names, they should have come from his DNS
servers (queried by his DNS servers).

Michael
 
Reply With Quote
 
Vanguard
Guest
Posts: n/a
 
      02-02-2005
"Michael J. Pelletier" <(E-Mail Removed)> wrote in message news:z4_Ld.16655$0u.175@fed1read04...
> Vanguard wrote:
>
> So where did you think all that data came from on showing you a map of
> the hops in the route when tracing to a target host? You could install
> a packet sniffer, like Ethereal and actually take a look to see what was
> in the traffic between you and the McAfee host.
>
> If you are talking about the DNS names, they should have come from his DNS
> servers (queried by his DNS servers).
>
> Michael



Yeah, so? That only gives him the IP address if he enters an IP name. How does that discover and provide the mapping info between his host and the target host? Does doing a DNS lookup tell you anything about WHERE is that hop? In a traceroute, do YOU see anything in the output that tells you WHERE is that hop? You'll have to get the mapping info for WHERE are those hops from McAfee's database.

--
__________________________________________________ __________
Post your replies to the newsgroup. Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
__________________________________________________ __________

 
Reply With Quote
 
Michael J. Pelletier
Guest
Posts: n/a
 
      02-02-2005
Vanguard wrote:

> "Michael J. Pelletier" <(E-Mail Removed)> wrote in message
> news:z4_Ld.16655$0u.175@fed1read04...
>> Vanguard wrote:
>>
>> So where did you think all that data came from on showing you a map of
>> the hops in the route when tracing to a target host? You could install
>> a packet sniffer, like Ethereal and actually take a look to see what was
>> in the traffic between you and the McAfee host.
>>
>> If you are talking about the DNS names, they should have come from his
>> DNS servers (queried by his DNS servers).
>>
>> Michael

>
>
> Yeah, so? That only gives him the IP address if he enters an IP name.
> How does that discover and provide the mapping info between his host and
> the target host?


Reverse DNS lookups

> Does doing a DNS lookup tell you anything about WHERE is
> that hop?


Traceroute has been around since about 1988. Here is my very, very basic
explanation:

1) A client starts a traceroute to some computer. It works by incrementing
the TTL field in the IP packet by one. Starting at 1

2) When a node, router, firewall (note that is not always the case) receives
the IP packet it will decrement it. The IP packet will result to zero when
"mapping" the furthest node at any given time. The furthest node will
discard the IP packet because it has been expired (TTL = 0). Note TTL
(means Time To Live). The packet is not silently discarded though, the node
that dropped the packet because the TTL resulted in a 0 value will send
back a message with it's IP address.

3) The client, who started the traceroute, will do a reverse DNS lookup on
the IP to get it's name (if it has a name in DNS that is).

Now, if you are using the command line version of traceroute (or tracert in
windows) you will get a line-by-line representation of the path from you to
the other node.

There have been some graphical clients I have seen in the past that add all
sorts of icons and graphics but the basics are the same.

On the command line try:
In windows try: tracert www.yahoo.com
In Linux/BSD/UNIX try: traceroute www.yahoo.com


> In a traceroute, do YOU see anything in the output that tells
> you WHERE is that hop? You'll have to get the mapping info for WHERE are
> those hops from McAfee's database.
>


First no need to yell man, chill. Second, not sure if McAfee would want to
provide reverse DNS mapping for everyone especially when we all get if for
free anyway.

Michael
 
Reply With Quote
 
Jim Watt
Guest
Posts: n/a
 
      02-02-2005
On Tue, 01 Feb 2005 18:01:37 -0800, "Michael J. Pelletier"
<(E-Mail Removed)> wrote:

>Unfortunately I am not familiar with the application or
>how it works.


Then why try and answer a question where as usual you know ****
all.

Neotrace was distributed as a sort of shareware deal where
you were encouraged to pay money for an updated version and
it downloaded map information and upgrades from its company
site. The product was bought by McAfee and seems to have
been dumped, but presumably the adddress in the legacy program
belongs to them now.

As the program worked quite well and did not expire, I'd carry on
using it and don't worry about any activity as its not a problem.

Unless anyone can suggest a good freeware replacement for it?

The earlier version of Neotrace had a nicer interface than the later
one where I think they were keener to sell the full version so cut the
free one down a lot.

--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
Jim Watt
Guest
Posts: n/a
 
      02-02-2005
On Wed, 2 Feb 2005 01:00:03 -0600, "Vanguard"
<(E-Mail Removed)> wrote:

>Yeah, so? That only gives him the IP address if he enters an IP name.
>How does that discover and provide the mapping info between his host and the target host?


It maintains a cache of data and it queries whois servers to find
out the details of where the IP's are supposed to be located

It was a good idea for an integrated tracert and performance
monitoring tool with a GUI One of my clients used to run it all
day long to monitor the ping times down his VPN.
--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
Vanguard
Guest
Posts: n/a
 
      02-02-2005
"Michael J. Pelletier" <(E-Mail Removed)> wrote in message news:HG0Md.16674$0u.161@fed1read04...
> Vanguard wrote:
>
>> "Michael J. Pelletier" <(E-Mail Removed)> wrote in message
>> news:z4_Ld.16655$0u.175@fed1read04...
>>> Vanguard wrote:
>>>
>>> So where did you think all that data came from on showing you a map of
>>> the hops in the route when tracing to a target host? You could install
>>> a packet sniffer, like Ethereal and actually take a look to see what was
>>> in the traffic between you and the McAfee host.
>>>
>>> If you are talking about the DNS names, they should have come from his
>>> DNS servers (queried by his DNS servers).
>>>
>>> Michael

>>
>>
>> Yeah, so? That only gives him the IP address if he enters an IP name.
>> How does that discover and provide the mapping info between his host and
>> the target host?

>
> Reverse DNS lookups


Show me the output of *your* nslookup (or whatever you use to retrieve DNS records). I'd like to see the location information provided in those records. Getting an IP name for an IP address (rDNS) or an IP address for an IP name says nothing about *location*.

>> Does doing a DNS lookup tell you anything about *where* is
>> that hop?

>
> Traceroute has been around since about 1988. Here is my very, very basic
> explanation:

<snip - yadda yadda yadda - nothing to do with showing a map of locations>

Do a traceroute. What do you see? Which field shows the *location* of each hop? You see an IP address or IP name in the hops. Okay, so what country is that hop in? What state? What city? That info is NOT provided in a traceroute.

> There have been some graphical clients I have seen in the past that add all
> sorts of icons and graphics but the basics are the same.


Yes, some show a nice little tree or node map. Node maps still do NOT show you *location*. They just show the logical connections whether they be a foot away to the next device or thousands of miles apart. Node 1 connects to node 2 which connects to node 3 and so on. Okay, but *where* is node N? Los Angeles? New York? Vienna? Hong Kong?

The problem that I've seen with providing a *geographical* map of the nodes is the locations are often not correct. Tracing to, say, cpe-024-210-105-245.twmi.rr.com (the spammer's IP name in his spam post in 24hoursupport.helpdesk newsgroup) who is in Michigan traces instead to Virginia. Once the boundary host is hit for Road Runner, that's as far as you get so the geographical map isn't that helpful. You can see an example of the geophraphical mapping of nodes in the trace by using the freebie http://www.mycooltools.com (you need to register so use an e-mail alias).
 
Reply With Quote
 
Vanguard
Guest
Posts: n/a
 
      02-02-2005
"Jim Watt" <(E-Mail Removed)_way> wrote in message news:(E-Mail Removed)...
> On Wed, 2 Feb 2005 01:00:03 -0600, "Vanguard"
> <(E-Mail Removed)> wrote:
>
>>Yeah, so? That only gives him the IP address if he enters an IP name.
>>How does that discover and provide the mapping info between his host and the target host?

>
> It maintains a cache of data and it queries whois servers to find
> out the details of where the IP's are supposed to be located


By "it" do you mean McAfee's cache of data? DNS lookups and traceroutes don't return WhoIs info (or do they with some other parameter?), so I have to go lookup the WhoIs records separately myself to find out WHERE that hop in the route *might* be located. So NeoTrace and VisualRoute apparently try to combine the two step (traceroute and whois lookup) into a graphical application showing a geographical map of the route.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to javac a java program w/ another java program which is w/o a main method cjeffwang@yahoo.com Java 1 10-31-2005 04:25 AM
System program/ Application program ?? Parvsandhu Java 2 07-11-2005 09:08 AM
how to convert a java program to an exe program ola Java 3 02-16-2004 09:42 AM
Calling Java program in another Java program Rey Java 4 12-12-2003 10:18 PM
passing data between Java program and C program--help pipi Java 1 07-21-2003 05:02 AM



Advertisments