Severity: High
Activity: An intrusion attempt by 91.204.48.50 was blocked. Application path \DEVICE\HARDDISKVOLUME3\USERS\[myusername]\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
Status: Blocked
Date & Time: 1/5/2011 8:52:24 PM
Looking up the IP on ip-lookup.net reveals that it belongs to somewhere in the Ukraine. It's output is below:
# Query terms are ambiguous. The query is assumed to be: # "n 91.204.48.50" # # Use "?" to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=91.204.48.50
The referal (www.ripe.net/whois) database reveals the following:
Information related to '91.204.40.0 - 91.204.51.255'
inetnum: 91.204.40.0 - 91.204.51.255
netname: S-Point
descr: S.Point
country: UA
org: ORG-SA613-RIPE
admin-c: BD1979-RIPE
tech-c: BB3347-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: S-Point-MNT
mnt-routes: S-Point-MNT
mnt-domains: S-Point-MNT
source: RIPE # Filtered
organisation: ORG-SA613-RIPE org-name: S.Point org-type: OTHER address: Ukraine, Kyiv, 02140, Grishka st. 3-A e-mail: belov.dmitriy@point-host.net mnt-ref: S-Point-MNT admin-c: BD1979-RIPE tech-c: BB3347-RIPE mnt-by: S-Point-MNT source: RIPE # Filtered
person: Belov Dmitriy
address: 02140, Grishka st. 3-A
phone: +380975935244
nic-hdl: BD1979-RIPE
source: RIPE # Filtered
person: Barkov Boris
address: Ukraine, Kyiv, 02140, Grishka st. 3-A
phone: +380936456384
nic-hdl: BB3347-RIPE
source: RIPE # Filtered
% Information related to '91.204.48.0/22AS24965'
route: 91.204.48.0/22 descr: S.Point origin: AS24965 mnt-by: S-Point-MNT source: RIPE # Filtered
Well, I happen to have done some spot research a while ago regarding the installation directory of Google's Chrome browser and didn't get good vibes about the install location then. See, when a program installs itself, it's supposed to be a good neighbor and install to the applications folder on the OS that it's running on. Google has deemed this unnecessary for some reason and decided to make it nearly impossible for Chrome to be installed anywhere but the USER folder. This is not only rude, but very bad security practice. Among other things, this means that only the user that initially installed the application has access to it, but more importantly, the application runs without having the benefit of being in a protected folder and runs with whatever user rights the user happens to have.
I suspect someone has learned of a specific vulnerability related to Chrome and was attempting to exploit it, so I immediately uninstall Chrome and search for a way to put it where it belongs. I do like the browser because it's faster than any of the others. It happens that you can install it with a package of Google apps and that will install it properly. For those interested, here is the link: http://pack.google.com/intl/en/pack_installer.html in addition to Chrome, I grabbed the PC Tools Spyware Doctor with AntiVirus, thinking that more protection is warranted at this point until I can figure out why my hardware router didn't kill this.
After I got home today, I looked into the matter further, and lo and behold, up comes my new tool telling me I have tracking cookies. Well, those I really don't care too much about, especially after looking through the report. As far as my hardware router goes, it was doing what it was told to do, but I did manage to find a couple of things to modify it in the interests of security. Unfortunately, one of them disabled my ability to autosave this blog entry....go figure. After undoing that problem, I found a way to hopefully increase my online gaming speed by adding a QoS port range for World of Warcraft and Ventrilo. We'll see if that works. In case you are interested in doing something similar, here are a couple of links to get you started:
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=21015http://www.ventrilo.com/setup.php
As for your router setup, I'll leave that up to you, as they differ widely.