Jump to content
Anarelion

Dropbox 255.255.255.255 port 17500

Recommended Posts

Malwarebytes just started to block 255.255.255.255:17500 for dropbox process.

I think that Dropbox uses that port to find out other hosts in the local network to sync faster.

Edit to add: the exclusion rules should allow for a single app connecting to a single address, not completely whitelisting an app (which is unsafe).

 

Edited by Anarelion

Share this post


Link to post
Share on other sites

I got the same for dropbox, and svchost.exe port 68.

I will add though, that the exclusion and notification management in MBAM is sub-par compared to even Windows Defender. It's basically all or nothing, which I don't like either.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/20/17
Protection Event Time: 11:26 AM
Log File: c0f29f4a-ce28-11e7-8831-00ff80c6259a.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3304
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: 
IP Address: 255.255.255.255
Port: [68]
Type: Outbound
File: C:\Windows\System32\svchost.exe

(end)
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/20/17
Protection Event Time: 11:28 AM
Log File: ed5852d2-ce28-11e7-ab95-00ff80c6259a.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3304
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: 
IP Address: 255.255.255.255
Port: [17500]
Type: Outbound
File: C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe



(end)

 

Edited by Phoenix84

Share this post


Link to post
Share on other sites

Dropbox.exe, as well as any other executable sending traffic to 255.255.255.255 it seems (I have a game client that is doing that currently, which also triggers the issue).

Share this post


Link to post
Share on other sites

Me too

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/20/17
Protection Event Time: 2:39 PM
Log File: 85f91cc8-ce2a-11e7-af3e-e06995b1b05c.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3304
License: Premium

-System Information-
OS: Windows 10 (Build 14393.1884)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: 
IP Address: 255.255.255.255
Port: [17500]
Type: Outbound
File: C:\Users\Meni\AppData\Roaming\Dropbox\bin\Dropbox.exe

(end)

Share this post


Link to post
Share on other sites

I am having the same issue with IP address 255.255.255.255

various ports, 17500,

File dropbox.exe

Share this post


Link to post
Share on other sites

Add me to the Dropbox list and I'm also getting warnings for C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe . These just started a few minutes ago.

Share this post


Link to post
Share on other sites

Yes - exactly the same here. Dropbox.exe running in background on Windows 10, Chrome the default browser. Regular Malwarebytes pop-up warning me that "Website blocked". 

Share this post


Link to post
Share on other sites

I whitelisted the Dropbox IP as an Application Web process. It seems that Malwarebytes tends to block the IP due to it being a "broadcast IP" or something.

Hopefully this will be fixed for other apps showing the same trange issue.

Share this post


Link to post
Share on other sites

I'll add one more log to the mix.   I'm getting the dropbox block on port 17500 but also getting blocked on port 63618 when my canon scanner software reaches out to the network to get status from my wireless printer/scanner/fax.   

It looks to me like it's blocking based on an attempt by anything to broadcast to the network and not any specific application.    Once I get a few minutes I'll do some more specific digging and see if I can trigger it myself and eliminate the application aspect. 

-- logs --

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/20/17
Protection Event Time: 2:43 PM
Log File: 0aec44f0-ce2b-11e7-9cab-305a3a589034.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3304
License: Premium

-System Information-
OS: Windows 10 (Build 16299.64)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: 
IP Address: 255.255.255.255
Port: [63618]
Type: Outbound
File: C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(end)

Share this post


Link to post
Share on other sites

The svchost port 68 is a particular problem, because that's the DHCP broadcast.

If MBAM blocks it, you may lose internet connectivity (due to IP renew failure).

It might be a good idea to add an exception for that process ASAP, in case the devs don't push out an update fast enough.

Edited by Phoenix84

Share this post


Link to post
Share on other sites

I am also getting the same type of error for my buffalo NAS  devise

 

ip address 255.255.255.255

port 22036

nasnavi.exe

Share this post


Link to post
Share on other sites

Yes, I exited Dropbox and that stopped the dropbox.exe messages.  But now...on a lower frequency...I get a message that reads:


Website blocked
IP Address: 255.255.255.255
Port: 68
Type: Outbound
File: C:\Windows\System32\svchost.exe

Admittedly, that is not too helpful...But Dropbox.exe is not the only thing being affected.

Edited by Bruttium

Share this post


Link to post
Share on other sites

I have the same problem.  It just started about 5 minutes ago.  It gives me a "website blocked" message every 10 seconds.  It does not stop.  It is for ip address 255.255.255.255 and it identifies dropbox.exe, and it alternates between port 17500 and port 68, and it is outbound.  I have had dropbox and Malwarebytes Premium for years without any problems.  I wonder if dropbox.exe has gotten hacked.  I don't want to exclude dropbox.exe just in case it has been attacked and modified.

Share this post


Link to post
Share on other sites

I just opened up Malwarebytes and clicked on "Updates: Current" under Scan Status, and *something* downloaded...

And I haven't seen a dropbox.exe "popup" in the last couple of minutes.

Go have a look.

Share this post


Link to post
Share on other sites

this is the second widespread false positive within a week.. ive experienced many false positives like this...really getting annoying. not only that, hundreds or thousands of people who dont know to look at this forum are probably freaking out that they have a virus or dont know what to do. i feel like once the update goes out, people affected by it should get a notification like "what you saw was a false positive, no need to worry!" etc.. 

 

edit: pressed update, issue seems to be fixed

Edited by taintedbloop

Share this post


Link to post
Share on other sites
5 minutes ago, Bruttium said:

I just opened up Malwarebytes and clicked on "Updates: Current" under Scan Status, and *something* downloaded...

That seemed to have done the trick, thanks for posting.

I wanted to whitelist dropbox but I feared it might be a real hack and I'd end up with ransomware in my brain...

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.