How to tell if active connections are potentially dangerous/suspicious?

[cheesekraft 0]

Hello, I am wondering how can we check if active connections in the firewall status window are potentially suspicious or dangerous? I run Skype from Thailand, and I am getting an outbound connection to Luxembourg. Chrome.exe/TCP is green and has a USA IP (I assume this is just the IP of the sites I am browsing?) 

 

How about inbound connections, are these only when programs need to update or upload something online? If so, it seems like it would be best to disable all inbound connections and then make exceptions when needed. I just did not find a good explanation of these topics, thank you!

 

[GT500 854]

You can check the IP address that the connection is originating from or the IP address of the destination at various websites such as hpHosts to see if it is on a blacklist. There are other websites as well, but a lot of them catalog malicious files on the Internet, and probably shouldn't be posted on the forums.

[G_girl 0]

Hi,  I'm no Skype expert, but there have been some recent issues brought up lately  by Steve Gibson and Leo Laporte on their security now show http://www.grc.com/securitynow.htm

Sorry I don't recall exactly which episode, but it was one of the most recent.

 

I'm also always checking the OA firewall status window, and notice alot of unusual connections to various countries even when logging in to a US Amazon or Netflix site, which usually want to go to Denmark and a few times Panama (???) in order to display images properly.

 

related: Krebs on Security Privacy 101: Skype Leaks

 

http://krebsonsecurity.com/2013/03/privacy-101-skype-leaks-your-location/

[GT500 854]

Amazon has their own CDN (content delivery network), which usually involves having servers in various countries around the world in order to provide better service.

[Arnold72 0]

If you use process hacker and in the network section,you can right click and do a whois search.Also a traceroute.