Delgine 3D Tools & Content DeleD Community Edition
Forums
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

DeleD requires internet access.

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    DeleD Community Edition Forum Index -> DeleD Development
View previous topic :: View next topic  
Author Message
chronozphere
DeleD PRO user


Joined: 20 Jun 2006
Posts: 1010
Location: Netherlands

PostPosted: Fri Jan 29, 2010 10:14 pm    Post subject: DeleD requires internet access. Reply with quote

Hey guys,

This is quite disturbing. My firewall complains about DeleD seeking access to the internet.



192.186.1.37 is the IP-adress of my computer within my local network. I don't know why ICMP is used. Confused

Can anyone comment on this? Is this some kind of virus? Any way to track down the source of the problem?
Back to top
View user's profile Send private message
Paul-Jan
Site Admin


Joined: 08 Aug 2004
Posts: 3066
Location: Lage Zwaluwe

PostPosted: Sat Jan 30, 2010 6:44 am    Post subject: Reply with quote

Woah, disturbing indeed!

Basically, there are three options:
- Your firewall is mistaken,
- You are indeed suffering from a virus.
- There is a hidden component in DeleD that tries to ping somewhere. (???)

Is this your home-build development version or one of the released binaries? If you build it yourself that rules out some possibilities (and introduces some new ones). You might be able to "pause" inside the Delphi IDE when this dialog is showing, and take a look at the call stack.
Back to top
View user's profile Send private message Visit poster's website
Nocturn
DeleD PRO user


Joined: 08 Aug 2004
Posts: 635

PostPosted: Sat Jan 30, 2010 7:53 am    Post subject: Reply with quote

I've experienced that too since the CE Version. I've BackTracked which Application on my system (xpsp3) wants to send data about DeleD and it's the Windows Explorer (explorer.exe). If you have a kind of sophisticated Software Firewall that is very sensible you should know that the Explorer sends pretty much data (and guessing from the encrypted junk it want's usually to know which application, version, directx version and so on...). OR what else could trigger the Firewall is if you clicked from the Plugin-menu "Download more..." or any other link to the internet from DeleD.

If it's something bad you need to investigate more but it does not look unusual to me. If you block DeleD (what i recommend) it should still run without any problems.
Back to top
View user's profile Send private message
chronozphere
DeleD PRO user


Joined: 20 Jun 2006
Posts: 1010
Location: Netherlands

PostPosted: Sat Jan 30, 2010 10:20 am    Post subject: Reply with quote

DeleD still runs after blocking it. Actually, it's even usable while the firewall popup is showing (which means there's probably some threading going on).

I'm afraid it was the DeleD CE release I was running here. Shocked

It happened when I left my PC idle for a while. When I came back, the popup was there.

I tried wireshark to see what it was sending. I couldn't make anything out of it, as I didn't know which program sent what. It seemed like it was pinging some kind of computer of my ISP (did an Nslookup on the adress).

If anyone knows a way of capturing network activity for a specific process, I'd like to know about it. Smile
Back to top
View user's profile Send private message
granada
Team member


Joined: 07 Aug 2004
Posts: 1955
Location: England

PostPosted: Sat Jan 30, 2010 7:48 pm    Post subject: Reply with quote

Not had that problem yet !!,I seem to remember those corridor prefabs Wink .

Dave
_________________
AMD Phenom(tm)IIx6 1090t Processor 3.20 GHS
8.00 GB memory
Windows 7 64 bit
Nvida Geforce GTX 580
Back to top
View user's profile Send private message Visit poster's website
chronozphere
DeleD PRO user


Joined: 20 Jun 2006
Posts: 1010
Location: Netherlands

PostPosted: Sat Jan 30, 2010 8:12 pm    Post subject: Reply with quote

Quote:

,I seem to remember those corridor prefabs Wink .


Did you made 'em? Me likes! Very Happy
Back to top
View user's profile Send private message
granada
Team member


Joined: 07 Aug 2004
Posts: 1955
Location: England

PostPosted: Sat Jan 30, 2010 8:35 pm    Post subject: Reply with quote

Quote:
Did you made 'em? Me likes!


A long time ago i think,not as easy as i thought if i remember.Trying to get the parts to fit together was hard.Still thinking of making them again.

Dave
_________________
AMD Phenom(tm)IIx6 1090t Processor 3.20 GHS
8.00 GB memory
Windows 7 64 bit
Nvida Geforce GTX 580
Back to top
View user's profile Send private message Visit poster's website
AWM Mars
Member


Joined: 06 Jan 2010
Posts: 1195
Location: Wilts England

PostPosted: Mon Feb 01, 2010 5:33 pm    Post subject: Reply with quote

I pinged the url, it doesn't go anywhere... maybe its a local host?
Back to top
View user's profile Send private message Visit poster's website
adr
Member


Joined: 23 Jul 2005
Posts: 165

PostPosted: Tue Feb 02, 2010 1:46 am    Post subject: Reply with quote

you said you ping it yes? What was the ip address?
Back to top
View user's profile Send private message Yahoo Messenger
AWM Mars
Member


Joined: 06 Jan 2010
Posts: 1195
Location: Wilts England

PostPosted: Tue Feb 02, 2010 2:06 am    Post subject: Reply with quote

adr wrote:
you said you ping it yes? What was the ip address?

It shows the IP address in the firewall report (192.168.1.37) I added a http:// to it and put that into IE and Traceroute.
Might be worth trying a search at http://whois.com..... this is what I got.

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment: http://www.arin.net/reference/rfc/rfc1918.txt
RegDate: 1994-03-15
Updated: 2007-11-27

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail:

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail:

# ARIN WHOIS database, last updated 2010-01-31 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use

As I said, I suspect its a Local Host
_________________
Politeness is priceless when received, cost nothing to own or give, yet some cannot afford.

Checkout:
http://www.awm.mars.yourinside.com/
http://www.bccservices.co.uk
http://www.localtradecheck.co.uk
Back to top
View user's profile Send private message Visit poster's website
Paul-Jan
Site Admin


Joined: 08 Aug 2004
Posts: 3066
Location: Lage Zwaluwe

PostPosted: Tue Feb 02, 2010 11:16 am    Post subject: Reply with quote

Good searching, and yes it's the local address if his machine.

In the first post, Chronozphere writes:

Quote:
192.186.1.37 is the IP-adress of my computer within my local network.
Back to top
View user's profile Send private message Visit poster's website
chronozphere
DeleD PRO user


Joined: 20 Jun 2006
Posts: 1010
Location: Netherlands

PostPosted: Sat Feb 13, 2010 11:10 am    Post subject: Reply with quote

I don't think this is a "delphi virus" because I the IDE itsself seeks ICMP access too. so it's unlikely that the access is requested by some component of DeleD. the external adress: 195.241.77.55.

I did an nslookup and the corresponding name was: ns3.tiscali.nl (a machine of my ISP).

I don't think we need to worry about this. Guess it's just a Win7 driver (or my firewall) acting weird or something. Smile
Back to top
View user's profile Send private message
AWM Mars
Member


Joined: 06 Jan 2010
Posts: 1195
Location: Wilts England

PostPosted: Sat Feb 13, 2010 1:02 pm    Post subject: Reply with quote

Isn't there a link hookup in the Help menu, that brings you to the website and or forums?
That can trigger a false virus/firewall threat, same with some programmes that are set to auto update/check.
_________________
Politeness is priceless when received, cost nothing to own or give, yet some cannot afford.

Checkout:
http://www.awm.mars.yourinside.com/
http://www.bccservices.co.uk
http://www.localtradecheck.co.uk
Back to top
View user's profile Send private message Visit poster's website
chronozphere
DeleD PRO user


Joined: 20 Jun 2006
Posts: 1010
Location: Netherlands

PostPosted: Sat Feb 13, 2010 3:46 pm    Post subject: Reply with quote

I never use that menu item, so i guess that doesn't cause DeleD to seek access, especially not over ICMP Smile
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    DeleD Community Edition Forum Index -> DeleD Development All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum