Not Sure...Again

[Confused Computer User]

Hi all,

It's been a month since I posted on the blog and I think most of the die hard forum members are busy testing/using the beta release of Avast 5. I hope that one of them or any one really can help me with this issue.

I was surfing the web looking for voice techniques when I notice that the light for network activity on my ADSL modem is bleeping continually.

I used TCP View to see what was connected and saw the following had an Established link:
cds103.yy2.llnw.net

After about 70 Mb of download, the above mentioned link disappears and nothing happens.

If I look at the last part I've seen it before. It's more or less related to MS Update. I go to MS Update and I get a message that a new version of Windows update will have to be installed.

I do this and then nothing. I close MS Update, I open it again and I look at the history of updates. The only thing that shows up for 3 October 2009 is a database update for windows defender.

I even connected my laptop to the internet to see if something would happen and nothing.

What is this and why were 70Mb downloaded. I am running MBAM and SAS followed by Avast scans to see if anything shows up.

[polonus]

Hi Confused Computer User,

They have a contract with MS for delivering content: http://en.wikipedia.org/wiki/Limelight_Networks
Limelight brings dynamic streaming to the net. Were you into streaming content at the time of the actvity, or did Limelight deliver Windows defender updates for ye?
Webpage security report on the site is green.Summary

llnw.net ("L I M E L I G H T N E T W O R K S") is a domain controlled by four nameservers. All of them are on the same IP network. Incoming mail for llnw.net is handled by two mailservers at llnw.com. They are on the same IP network. llnw.net has one IP number , but the reverse is badger.phx2.llnw.net. llnw.com, edgeprism.net, siteprism.com, siteprism.net, limelightnetworks.com and at least four other hosts point to the same IP and also shares both nameservers and mailservers. llns.net, limelightnetworks.info, limelightmainstreet.us, limelightmainstreet.net and limelightmainstreet.org point to the same IP and also shares nameservers. llnw.jp, lmlt.net, limelight.net, limelight.com, llnetworks.com and at least twelve other hosts point to the same IP and also shares mailservers. as22822.net, llnetworks.net, edgedirect.net, limelightms.net, limelightms.com and at least twelve other hosts point to the same IP. 145.28.69.in-addr.arpa, 161.28.69.in-addr.arpa, 144.28.69.in-addr.arpa, 156.28.69.in-addr.arpa, 135.28.69.in-addr.arpa and at least 18 other hosts share nameservers with this domain. rt.llnw.com, llnetworks.net, edgedirect.net, limelightms.net, limelightms.com and at least 13 other hosts share mailservers with this domain. lg.llnw.net, rd.llnw.net, dl.llnw.net, ac.llnw.net, arn.llnw.net and at least 100 other hosts are subdomains to this hostname,

polonus

[Confused Computer User]

Much obliged for the reply Polonus.

llnw.net ("L I M E L I G H T N E T W O R K S") is a domain controlled by four nameservers. All of them are on the same IP network. Incoming mail for llnw.net is handled by two mailservers at llnw.com. They are on the same IP network. llnw.net has one IP number , but the reverse is badger.phx2.llnw.net. llnw.com, edgeprism.net, siteprism.com, siteprism.net, limelightnetworks.com and at least four other hosts point to the same IP and also shares both nameservers and mailservers. llns.net, limelightnetworks.info, limelightmainstreet.us, limelightmainstreet.net and limelightmainstreet.org point to the same IP and also shares nameservers. llnw.jp, lmlt.net, limelight.net, limelight.com, llnetworks.com and at least twelve other hosts point to the same IP and also shares mailservers. as22822.net, llnetworks.net, edgedirect.net, limelightms.net, limelightms.com and at least twelve other hosts point to the same IP. 145.28.69.in-addr.arpa, 161.28.69.in-addr.arpa, 144.28.69.in-addr.arpa, 156.28.69.in-addr.arpa, 135.28.69.in-addr.arpa and at least 18 other hosts share nameservers with this domain. rt.llnw.com, llnetworks.net, edgedirect.net, limelightms.net, limelightms.com and at least 13 other hosts share mailservers with this domain. lg.llnw.net, rd.llnw.net, dl.llnw.net, ac.llnw.net, arn.llnw.net and at least 100 other hosts are subdomains to this hostname,

To sum this up: "all roads lead to Rome" more or less. Right?

Hi Confused Computer User,

They have a contract with MS for delivering content: http://en.wikipedia.org/wiki/Limelight_Networks
Limelight brings dynamic streaming to the net. Were you into streaming content at the time of the actvity, or did Limelight deliver Windows defender updates for ye?

No streaming. I had FF closed and nothing else was connected to the internet. The defender update is weird. I used my Laptop riht after this issue with my desktop arose and it mad the same update but with only 400 Kb. So why the huge transfer of data?

SAS picked up a cookie, and MBAM said I was clean. Waiting for Avast but I think, based on your reply and the results I have from SAS and MBAM, that this isn't a virus. Still the above question remains.

Thank you for the quick post Polonus.

[polonus]

Hi Confused Computer User,

Now you know what the site-owner is into and while you mentioned Windowsdefender, and considering the site is clean, I would not be to overtly concerned with this issue. Content can come in from every corner to-day and some content contracters deliver, simple. Akamai has been doing that for ages now on behalf of various parties to get it there in time and for general support of the Internet backbone.
Anyway it is good you check on these issues, always keep a finger on the pulse there, and analyse your Internet connections etc.
Thanks for posting on the issue from all of us on the forums, just for the insight gained...

polonus

[Confused Computer User]

Thank you again polonus.
Your post always leave their reader feeling well informed

I hope to be back on the forum trying to help not just ask sometime in the near future (1.5 months or so).

Cheers.

[Confused Computer User]

Well I think I finally see why this happened. Take a gander at how windows update looks now. The only issue is why is this happening to my Vista Home Basic but not my Vista home premium..... What gives?

On that note does any one else have this same view of Win Update? If so, how did you do it?

[Confused Computer User]

Ok, well a bit of search revealed that, and I'm not fully certain but, Vista's update center is slowly being changed to resemble that of Win 7. I found two links. One is a Blog that specifies this, and the other is Microsoft site with the latest version of the Update agent.

http://www.aeroxp.org/board/index.php?s=248a16c21eaa19c29d591c91bdbc0156&showtopic=12804&pid=147181&st=0&#entry147181

http://support.microsoft.com/kb/946928/en-us

Oh well, now I can put this to rest.

Cheers.

[polonus]

Hi Confused Computer User,

Well, you researched it yourself, you now hold all the answers, non of which were disturbing, so you can leave this issue at rest. But during the process you learned quite some interesting facts, and that is the additional bonus of taking nothing for granted and explore it yourself - confusion turned into security.....

polonus