SecuritySpy causing Firewall Alert for URL benbird.plus.com
  • I've just tightened up my network security by installing a pfSense firewall with Snort Intrusion Detection and Protection and it is posting an alert for the IP address 212.56.101.192 (URL benbird.plus.com).

    The description for the Alert is (http_inspect) BARE BYTE UNICODE ENCODING.

    I wouldn't have be surprised to see SecuritySpy "phoning home" to check license validity but I would have expected to see it go to bensoftware.com.

    I did a little checking and plus.com (or actually plus.net) looks like an ISP in the UK which would make sense given that Ben Software is based in the UK but since my firewall is flagging the communication I'd like to have more info before I let the flagged communication to benbird.plus.com pass the firewall.

    Anyone have any info that could help me figure this out?

    Thanks,
    Terry
  • Hi Terry,

    This is indeed our server. We use it for a few different things, including "phoning home" to check the validity of the license, and for SecuritySpy to deliver diagnostic information (if you have the "Send diagnostic information back to developer" option enabled in SecuritySpy's Preferences). We also use it for our online store.

    The firewall just gets the IP, and must be doing a reverse DNS lookup on the IP and coming up with benbird.plus.com (which is the name automatically provided by our ISP, which we don't use) and ignoring or not finding our own bensoftware.com domains (like store.bensoftware.com) that also point to that IP.
  • Ben,

    Thanks for the reply and info. I'll open your IP in my firewall.

    Terry

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!