[EXTERNAL] RE: Unbound-Control.exe outgoing connections
RayG
rgsub1 at btinternet.com
Tue Jan 30 17:32:22 UTC 2024
Interesting thought, but that last one does not look like WU.
services.gfe.nvidia.com
I'll drop an email to NL support and see if they have an explanation.
From: Jeff Westhead <jeffrey.j at microsoft.com>
Sent: Tuesday, January 30, 2024 5:27 PM
To: unbound-users at lists.nlnetlabs.nl; RayG <rgsub1 at btinternet.com>
Subject: Re: [EXTERNAL] RE: Unbound-Control.exe outgoing connections
Disclaimer that I am not a WU expert... Windows connects to Windows Update
servers periodically but I can't explain why the connection would originate
from the unbound control process. Is there any chance this is being
misreported somehow? Could you perhaps try running Netlimiter on a machine
that doesn't have Unbound installed? It should detect the same outgoing
connections.
_____
From: Unbound-users <unbound-users-bounces at lists.nlnetlabs.nl
<mailto:unbound-users-bounces at lists.nlnetlabs.nl> > on behalf of RayG via
Unbound-users <unbound-users at lists.nlnetlabs.nl
<mailto:unbound-users at lists.nlnetlabs.nl> >
Sent: Tuesday, January 30, 2024 6:06 AM
To: unbound-users at lists.nlnetlabs.nl
<mailto:unbound-users at lists.nlnetlabs.nl> <unbound-users at lists.nlnetlabs.nl
<mailto:unbound-users at lists.nlnetlabs.nl> >
Subject: [EXTERNAL] RE: Unbound-Control.exe outgoing connections
Here is another example that has just popped up.
I use Netlimiter
(https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.netli
miter.com%2F <https://www.netlimiter.com/>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567253478%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=496KNnRYxVlygcr82eXegTMGoqt4wyj6wKHGdC%2BYVoc%3D&rese
rved=0) to ask about all outgoing
connections then I I agree with what is being asked for I allow it and it
will work without issue from then on.
I have purposely left the setting as ask as I wanted to capture as many
instances as possible I could select deny and I would never get that popup
again.
I am hoping this will be useful at some point. The process ID no longer
exists in my system. I will take a look next time it pops up, that may shed
some more light.
Outgoing connection - TCP(6)
From
Unbound Remote Control Tool
services.gfe.nvidia.com
To
London, United Kingdom of Great Britain and Northern Ireland
Application:
Process ld:
Local Address:
Remote Address:
unbound-control.exe
Process 14668
<My IPv4 address> Port 56914
152.199.20.80 Port: 443 Whois
RayG
-----Original Message-----
From: RagG <rgsub1 at btinternet.com <mailto:rgsub1 at btinternet.com> >
Sent: Sunday, January 28, 2024 8:33 PM
To: unbound-users at lists.nlnetlabs.nl
<mailto:unbound-users at lists.nlnetlabs.nl>
Subject: Unbound-Control.exe outgoing connections
Hi, Has anyone any idea of why on rare occasions Unbound-control.exe wants
to make the connection detailed below?
They pop up at random times and for do apparent reasons. I thought this
program was (mainly) to control the local instance.
Thanks
Outgoing connection - TCP(6)
From: Unbound Remote Control Tool
To: 20.54.24.148
Dublin, Ireland
Application: unbound-control.exe
Process ld: Process 10956
Local Address: <My IPv4 address> Port 56817 Remote Address: 20.54.24,148
Port 443 Whois
===========================================
C:\>dig -x 20.54.24.148
; <<>> DiG 9.17.14 <<>> -x 20.54.24.148
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43656 ;; flags: qr rd
ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;148.24.54.20.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
24.54.20.in-addr.arpa. 157 IN SOA ns1-01.azure-dns.com.
azuredns-hostmaster.microsoft.com. 1 3600 300 2419200 300
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Sun Jan 21 17:16:21 GMT
Standard Time 2024 ;; MSG SIZE rcvd: 140
===========================================
Whois information:
#
# ARIN WHOIS data and services are subject to the Terms of Use # available
at:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.arin.n
et%2Fresources%2Fregistry%2Fwhois%2Ftou%2F
<https://www.arin.net/resources/registry/whois/tou/>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567262053%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=NQzfhAL2YHNENEAv%2BUkmXvc%2F3gFU7n7Z3DGpTGBbG5k%3D&re
served=0
#
# If you see inaccuracies in the results, please report at #
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.arin.n
et%2Fresources%2Fregistry%2Fwhois%2Finaccuracy_reporting%2F
<https://www.arin.net/resources/registry/whois/inaccuracy_reporting/>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567267861%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=CWfJVqiQSo36Cv5w6bnN8%2F5p1V1QPhQeGEUGS9l%2BueE%3D&re
served=0
#
# Copyright 1997-2024, American Registry for Internet Numbers, Ltd.
#
NetRange: 20.33.0.0 - 20.128.255.255
CIDR: 20.33.0.0/16, 20.40.0.0/13, 20.128.0.0/16, 20.64.0.0/10,
20.36.0.0/14, 20.34.0.0/15, 20.48.0.0/12
NetName: MSFT
NetHandle: NET-20-33-0-0-1
Parent: NET20 (NET-20-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Microsoft Corporation (MSFT)
RegDate: 2017-10-18
Updated: 2021-12-14
Ref:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Frdap.arin.
net%2Fregistry%2Fip%2F20.33.0.0
<https://rdap.arin.net/registry/ip/20.33.0.0>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567272611%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=2fgj45WI2KYyCCm1ZFEMMUGMbeZplYjvdmKXjuVK440%3D&reserv
ed=0
OrgName: Microsoft Corporation
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2023-11-17
Comment: To report suspected security issues specific to traffic
emanating from Microsoft online services, including the distribution of
malicious content or other illicit or illegal material through a Microsoft
online service, please submit reports to:
Comment: *
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcert.micro
soft.com%2F <https://cert.microsoft.com/>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567277530%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=FefpIgyusZduSzyH8OSsksUy%2Bkc6fQkc59GerrCREcQ%3D&rese
rved=0.
Comment:
Comment: For SPAM and other abuse issues, such as Microsoft
Accounts, please contact:
Comment: * abuse at microsoft.com <mailto:abuse at microsoft.com> .
Comment:
Comment: To report security vulnerabilities in Microsoft products
and services, please contact:
Comment: * secure at microsoft.com <mailto:secure at microsoft.com> .
Comment:
Comment: For legal and law enforcement-related requests, please
contact:
Comment: * msndcc at microsoft.com <mailto:msndcc at microsoft.com>
Comment:
Comment: For routing, peering or DNS issues, please
Comment: contact:
Comment: * IOC at microsoft.com <mailto:IOC at microsoft.com>
Ref:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Frdap.arin.
net%2Fregistry%2Fentity%2FMSFT <https://rdap.arin.net/registry/entity/MSFT>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567283058%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=OVnrAMDQhaeZgs7y1nb0YUz3V8QJzxfVw9jP38XCGPY%3D&reserv
ed=0
OrgAbuseHandle: MAC74-ARIN
OrgAbuseName: Microsoft Abuse Contact
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse at microsoft.com <mailto:abuse at microsoft.com>
OrgAbuseRef:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Frdap.arin.
net%2Fregistry%2Fentity%2FMAC74-ARIN
<https://rdap.arin.net/registry/entity/MAC74-ARIN>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567287375%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=951dus5Qq9qBOisYgkrMZTA%2FuyaTt6d9%2BqcXZXyatNo%3D&re
served=0
OrgTechHandle: MRPD-ARIN
OrgTechName: Microsoft Routing, Peering, and DNS
OrgTechPhone: +1-425-882-8080
OrgTechEmail: IOC at microsoft.com <mailto:IOC at microsoft.com>
OrgTechRef:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Frdap.arin.
net%2Fregistry%2Fentity%2FMRPD-ARIN
<https://rdap.arin.net/registry/entity/MRPD-ARIN>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567292166%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=gmsX8Q4CXSusl6Xk%2BHEYKvPvULCgTbxtJXimzyJdwNo%3D&rese
rved=0
OrgTechHandle: SINGH683-ARIN
OrgTechName: Singh, Prachi
OrgTechPhone: +1-425-707-5601
OrgTechEmail: pracsin at microsoft.com <mailto:pracsin at microsoft.com>
OrgTechRef:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Frdap.arin.
net%2Fregistry%2Fentity%2FSINGH683-ARIN
<https://rdap.arin.net/registry/entity/SINGH683-ARIN>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567296943%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=vg01RfxJ%2BeidN0IkbTrUepMCDH4eELMqubqKfFCSs%2BI%3D&re
served=0
OrgTechHandle: BEDAR6-ARIN
OrgTechName: Bedard, Dawn
OrgTechPhone: +1-425-538-6637
OrgTechEmail: dabedard at microsoft.com <mailto:dabedard at microsoft.com>
OrgTechRef:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Frdap.arin.
net%2Fregistry%2Fentity%2FBEDAR6-ARIN
<https://rdap.arin.net/registry/entity/BEDAR6-ARIN>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567301713%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=zkbzTuh6AZdpuOxp6dr%2FeFr97Z1xdu1umLy4bL%2Fh%2B9I%3D&
reserved=0
OrgTechHandle: IPHOS5-ARIN
OrgTechName: IPHostmaster, IPHostmaster
OrgTechPhone: +1-425-538-6637
OrgTechEmail: iphostmaster at microsoft.com
<mailto:iphostmaster at microsoft.com>
OrgTechRef:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Frdap.arin.
net%2Fregistry%2Fentity%2FIPHOS5-ARIN
<https://rdap.arin.net/registry/entity/IPHOS5-ARIN>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567306662%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=f7gMzxAcV98iy81ltKqJRD4y974zz0%2FlMz9nsg7FJpM%3D&rese
rved=0
OrgRoutingHandle: CHATU3-ARIN
OrgRoutingName: Chaturmohta, Somesh
OrgRoutingPhone: +1-425-882-8080
OrgRoutingEmail: someshch at microsoft.com <mailto:someshch at microsoft.com>
OrgRoutingRef:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Frdap.arin.
net%2Fregistry%2Fentity%2FCHATU3-ARIN
<https://rdap.arin.net/registry/entity/CHATU3-ARIN>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567311494%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=goItgF8ocOzm84IaNR7SC%2BVGY15p3uPWb9fXeNBVq9E%3D&rese
rved=0
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.arin.n
et%2Fresources%2Fregistry%2Fwhois%2Ftou%2F
<https://www.arin.net/resources/registry/whois/tou/>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567316212%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=fFLetWcTv%2BXbks1bLGcj0A2dfrltlO1Ufe%2BsEYwkpcY%3D&re
served=0
#
# If you see inaccuracies in the results, please report at
#
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.arin.n
et%2Fresources%2Fregistry%2Fwhois%2Finaccuracy_reporting%2F
<https://www.arin.net/resources/registry/whois/inaccuracy_reporting/>
&data=05%7C02%7Cjeffrey.j%40microsoft.com%7Cac65edc06dd6487ae25c08dc219ccd8b
%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638422204567320397%7CUnknown%7
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0
%3D%7C0%7C%7C%7C&sdata=esT7aa30u2y%2B2ZnJHUom%2BhfWY24YzIiGXw8Z8VpFT3Y%3D&re
served=0
#
# Copyright 1997-2024, American Registry for Internet Numbers, Ltd.
#
Regards
Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20240130/73222497/attachment-0001.htm>
More information about the Unbound-users
mailing list