Traffic Log Reports - What's Legitimate, and Who's Stealing Personal Data?

My question comes about because my Netgear router had to be exchanged for a new unit. I was using Sygate Personal Firewall (Free) at the time, and was receiving daily reports of others trying to scan my ports. So I downloaded Sygate Personal Firewall Pro to enhance protection while I was without a hardware firewall.

I quickly became interested in the Traffic Log, after learning of the different logs (security, packet, system and traffic) that the application offered. And I began paying careful attention to it, clearing it often before conducting any web activities so I could see what was happening.

I now know that everytime I try to download a page from a Yahoo website with a particular IP address (i.e. 216.109.126.22 for My Yahoo), in less than a thousand milliseconds my computer tries to send TCP data packets to us.a1.yimg.com (206.18.104.200), us.i1.yimg.com (12.129.72.136), and us.news1.yimg.com (12.129.72.144). I've blocked these from going out, and nearly all other traffic as well, establishing very narrow ranges of safe IP addresses my software firewall will permit communication with. And that's the tip of the iceberg. If I try to download the comic from www.dilbert.com (65.114.4.69), my computer tries to send data packets to adsremote.scripps.com (204.78.38.15). The list goes on and on and on; these are just a few examples.

Now that I'm blocking these 'extraneous' data packets from being sent, the web pages I want to see take 30 seconds to 5 minutes to download, instead of the usual couple seconds. But they do download eventually. Which tells me that the data packets being sent out without my permission to other IP addresses aren't neccessary for me to see the web pages I want. Call it paranoia, but I can only suspect that the data packets I'm blocking contain personal data such as my browsing habits going to marketing firms and the like. I completely erased all of the cookies I had, but this had no effect at all. Which isn't surprising, since the same kind of behavior (unwanted data packets going to odd IP addresses) occurs even when I visit a new website for the first time.

So as I said, I've configured Sygate Personal Firewall with a very narrow set of IP addresses that information can be sent or received from. I build up the set of "good IP's" each time I try connecting to a website by looking at the traffic log, seeing the IP that was blocked when I tried to connect to a desired website, and then including that IP into the allowed range of good IPs. And I'm steering clear of sites that want data packets sent to various alternative IPs when I try to download a webpage, looking for alternative sites for reading news and other activities.

So the key question I have is this: is there a legitimate reason why my computer should be sending a data packet to adsremote.scripps.com (204.78.38.15) when I try to read the daily Dilbert comic (65.114.4.69)? Other than the initial request from my browser to download the .html file(s) from a website, why should my browser be sending anything to anywhere else? I'm not a programmer or networking specialist, but I would sincerely like to know what's in those datapackets I'm blocking from leaving my computer. For the moment I'm just building my rules of which IPs are "safe" for my computer to communicate with, so I can visit an increasing number of websites. But I see no reason why I should be supplying any group or business with any data from my computer when its obviously not neccessary for the webpage I want to download to my computer. It may be extremely inconvenient waiting five minutes for a webpage to download, but if somebody wants information from me they should tell me, and possibly be paying me for it. I realize that they are providing me a service when I download a webpage from them. But as I said, I am steering away from those websites to alternatives that aren't mining my computer for information.

Are my assumptions in this totally wrong? Or am I right in assuming there is no legitimate reason why I should be sending data packets anywhere other than the IP address from which I requested the web page.

 

Ok, not sure if ill answer all your Q's but heres a shot

When your computer wants to get info from a web server, it must send a request. The request includes what page it wants to see etc. That request does not go directly to yahoo.com, it goes through multiple servers to get to the main server. Thats why if you run a traceroute to yahoo.com you will see a whole bunch of servers. By blocking that request your computer is probably trying to figure out another way to get the request out, another port or something like that im not really sure. But when you go to a webpage you have to send info like your IP address, what page you want, what port etc. You dont need to block that.

adsremote.scripps.com

thats probably the ads they have on the page, when the page starts to load there will be an image that is an ad, to get that image the html directs you to adsremote.scripps.com, thats the server the image is located on.

 

by blocking those ads, you are probably timing out the load of the ads and thus increasing the load time of the web page. Concern over security is good, but it looks like you're going a bit overboard to me.

 

I think you're expecting all the content from the webpages you visit to come from the same server. In practice, these days, at major sites, this is not the case. A single web document may have content called from ad servers, image servers, caching servers-- none of which necessarily have to share the same IP with the server the original document came from. While you may believe these packets may possibly contain personal information involuntarily snatched from your computer, the more likely explanation is they are simply requests for data just like your browser's call to the original webpage was.

 

I used to worry about the same things myself. If you are using spyware blockers like SpywareGuard and SpywareBlaster, scan for spyware regularly, and stay away from questionable sites, it won't be a major problem. If you're not sure, check the privacy policy. Don't forget to update Windows, too.