prl_naptd attempts strange connections

Discussion in 'Installation and Configuration of Parallels Desktop' started by Dylan Bromby, Feb 25, 2010.

  1. Dylan Bromby

    Dylan Bromby Bit poster

    Messages:
    3
    I run Little Snitch on Snow Leopard. It's reporting prl_naptd is attempting to connect to domains and IP addresses located in Amsterdam. It seems suspicious to me. Little Snitch also reports prl_naptd connects to my mail server which I don't need it to do. First off - does anyone else see this sort of strange connection behaviour? I'm also curious if this amounts to some type of infection? I only use WinXP via Parallels for testing web development and for SQL management; I don't use it for general browsing. Has anyone experienced or know of an infection of some kind via Parallels? Any general thoughts about this? Thanks!
     
    Dylan Bromby, Feb 25, 2010
    #1
  2. Marc M

    Marc M Bit poster

    Messages:
    1
    This can always depend, but I noticed the same thing. I hope this will be of help to others out there.

    In my situation Little Snitch was asking for access to 195.222.17.38 & port 7024 UDP (vmsvc)

    Now is you did a Whois search with the wrong database, it will show the netherlands as a server address, but as it is a European address I did one other quick search using the correct Whois database which is ripe.net

    In my case it was Kaspersky which I use as my Windows Security Suite, and below is the Whois info for that Ip Address Request

    ------------------------------------------------------------------------------------------------------
    Whois has started ...

    % This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See http://www.ripe.net/db/support/db-terms-conditions.pdf

    % Note: This output has been filtered.
    % To receive output for a database update, use the "-B" flag.

    % Information related to '195.222.17.32 - 195.222.17.63'

    inetnum: 195.222.17.32 - 195.222.17.63
    netname: EE-KASPERSKY-HOUSING
    descr: Kaspersky Lab ZAO
    descr: Geroev Panfilovtsev 10
    descr: 125363 Moccow
    country: EE
    admin-c: SF1624-RIPE
    tech-c: SF1624-RIPE
    status: ASSIGNED PA
    mnt-by: AS3327-MNT
    source: RIPE # Filtered

    person: Sergey Fomin
    address: System Administrator /Kaspersky Lab Ltd
    address: 10, Geroyev Panfilovtsev Str.,
    address: 123363, Moscow, Russia
    phone: +7 495 797 87 00
    phone: +7 495 797 87 07
    fax-no: +7 495 797 87 00
    nic-hdl: SF1624-RIPE
    abuse-mailbox: abuse@kaspersky.com
    mnt-by: MACOMNET-MNT
    source: RIPE # Filtered

    % Information related to '195.222.0.0/19AS3327'

    route: 195.222.0.0/19
    descr: Data Telecom, 195.222.0/19
    origin: AS3327
    mnt-by: AS3327-MNT
    source: RIPE # Filtered
    ------------------------------------------------------------------------------------------------------
     
    Marc M, Jul 9, 2010
    #2

Share This Page