connection attempts from Japan 150.70.84.41?

[Mike]

I'm testing 2.2e on a vmware guest with Server 2003 SP2 and running wireshark.  I'm seeing my HTTP GET requests mimiced from an IP in Japan.

E.G., I request the following...
7321   1910.531322   adsl-070-148-057-138.sip.bhm.bellsouth.net   192.168.0.4   HTTP   GET /Mike/install/BeyondCompare/ HTTP/1.1

and a few minutes later this request shows up...
8459   2076.797807   150.70.84.41   192.168.0.4   HTTP   GET /Mike/install/BeyondCompare/ HTTP/1.0

This pattern repeats, with japan requesting whatever path and file I browse a few minutes later.

Anybody got any ideas?

Thanks,
Mike

[rejetto]

hi mike.
yours doesn't seem a bug report. moved.
i guess your requests are monitored, and someone is willing to download everything you do.

i remember some years ago, opera behaved this way, telling google everything i got, and google crawled there to extend its mighty index.

[Mike]

Would you care to expand on "i guess your requests are monitored, and someone is willing to download everything you do." ?  That sounds pretty ominous...

[rejetto]

i cannot say much more. i have not your computer under my fingers to investigate.
there is a software, or a piece of it (like a plugin), monitoring your http requests and sending them to...japan?
such monitoring can be made in many ways, from sniffing, to just asking.

it may sound new to you, but it sounded new to me too when i found it was happening (opera and google). To be clearer:
you request to server Y.
your request is monitored and communicated to Z, the dark entity.
Z requests to server Y.
you don't know it's happening, only server Y knows.
if this was already happening, there's a little chance you would notice.
the reason why you noticed it now, it's because YOU were both the browser and the server.

you may want to know what's software is doing the job.
maybe by watching your software configuration it could be clear, but making no assumptions about it, i can say a method could be: to use a sniffer to watch what's happening just after you make the request with your browser.
by telling what packet contains the "watching", you can tell the port, and from the port you can tell the software. Bang: you found it.

[Mike]

Thanks so much for the reply.

I am not really browser and server.  The "browser" in these cases are from at least four different clients, in four different cities.  I having trouble imagining what dark entity could be watching requests from four such diverse clients to my server.  Thus my attention is drawn to the common element (hfs?)

I destroyed the vm and rebuilt fresh only to observe the activity again.

Yes it sounds new to me.  The connection gets RST and dropped no reply harmlessly? enough, but it just bothers me that some anonymous entity knows my file and folder structure based on others browsing to me.

I'm not an expert - I suppose I have just enough knowledge to be nervous....

[rejetto]

99% the monitoring is done on the browsers (or on the client side, anyway).

opera was doing this when it was ad-ware (with banners). now it is freeware.