notice that all the IP's are 127.0.0.1? That specific IP is used for local stuff only. For example if you want to block a site using Hosts then type 127.0.0.1 then the site you want. This works by loopbacking a packet from your computer back to your computer so I would not worry about it dude. If you can get another IP or something then you can block them individually using your firewall
netstat always only shows the word before the first dot, so that would probably be activate.microsoft.com
yea, lol, this will also happen if you have any entry in your Hosts file like adobe cracks or system mechanic cracks
127.0.0.1 activate.microsoft.com 100% he has that line added in the HOST file. Nothing to worry dude. En contraire that line is for your own benefit. It blocks MS to snoop into your pc.
I just noticed something VERY odd! Because i was curious i just ran a netstat -bfo and found that there are 4 connections to mpa.microsoft.com via firefox! (Actually i have that address in my hosts file so normally it should be routed to the loopback.) Anyhow, i thought how odd and exited firefox and opened opera instead. No connections to mpa. Then i got even more curious and openend thunderbird, just to see what happens. And in deed the same thing happened: 4 connections to mpa via thunderbird! So unless i am totally misinterpreting this now, something in 7 seems to be hijacking the executables of the standard email and browser programs in order to communicate right through the firewall with the mpa server. Obviously i will have to do more investigating here, but perhaps you could check if you experience something similar. commandline: netstat -bfo
Thanks for the responses guys. I'm quite aware of the etc/hosts file and the localhost loopback "phenomenon". The thing that worried me is how come it says state established instead of state closed? Just making sure that the address in hosts is preventing access. Adding the -bf tag made me see it was indeed adobe So nothing to worry about yet fellas. @Phazor i'm not getting anything like that, but we should investigate.
Well i can say that much: It is 100% reproducible here. FF and TB off: No conns to mpa. FF and TB on: 4 conns to mpa via FF and 4 more via TB. FF and TB off: No conns to mpa. I can repeat that endlessly...
I too have this same thing happening. However, I see it with Avast and Utorrent if FF is not running.
I have a genuine retail key and I do not see this behavior. Been running cports for a while and nothing. No call backs to microsoft at all.
Just rebooted to Vista, which has a loader as well, and get the very same thing. I see it with AppleMobileDevice from iTunes.
Guy's firstly 127.0.0.1 is the internal loop back ip address for your machine and yes you will get a connection established but only to your machine and not the said site - also if you have hostlist blocking microsoft mpa and office then you will get the same result - pannic when it dont say 127.0.0.1 you can also check out the sysinternal's site for tool's to monitor connection and all sort's of monitoring tool's all free... I can assure you that everything is ok with what you are getting on netstat if you are not sure try tracert to 127.0.0.1 and you will just get one hop to 127.0.0.1 let me know how you get on TA !