PDA

View Full Version : What the hell is cluster.adultadworld.com??? (Help!)




Pentad
Feb 11, 2010, 11:49 PM
UPDATE: 02/13/10

I figured out what the problem was. I installed an adblocking host file from here (http://www.mvps.org/winhelp2002/hosts.htm) and I think its causing some issues. I know it shouldn't but once I renamed it and renamed my original hosts file everything went back to normal.



Hello all,

So, I'm setting up my Mac with some VPN stuff and I start looking at my route tables and when I do netstat -r I get this:


Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 13 0 en0
127 cluster.adultadwor UCS 0 0 lo0
cluster.adultadwor cluster.adultadwor UH 12 753 lo0
169.254 link#4 UCS 0 0 en0
192.168.1 link#4 UCS 2 0 en0
192.168.1.1 0:13:10:8:a9:47 UHLWI 13 0 en0 1097
192.168.1.101 cluster.adultadwor UHS 0 0 lo0
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI 2 28 en0

Internet6:
Destination Gateway Flags Netif Expire
localhost localhost UH lo0
fe80::%lo0 localhost Uc lo0
localhost link#1 UHL lo0
fe80::%en0 link#4 UC en0
ncc1701x.local 0:26:4a:12:70:e6 UHL lo0
ff01:: localhost Um lo0
ff02:: localhost UmC lo0
ff02:: link#4 UmC en0

What the hell is cluster.adultadworld.com??? :eek:

I have that site (with many others) blocked in my host file

If I do netstat -b I get:

Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp6 0 0 *.60551 *.*
udp4 0 0 *.60551 *.*
udp4 0 0 *.* *.*
udp6 0 0 *.52435 *.*
udp4 0 0 *.52435 *.*
udp6 0 0 *.49680 *.*
udp4 0 0 *.49680 *.*
udp6 0 0 *.56709 *.*
udp4 0 0 *.56709 *.*
udp6 0 0 *.62877 *.*
udp4 0 0 *.62877 *.*
udp6 0 0 *.58008 *.*
udp4 0 0 *.58008 *.*
udp6 0 0 *.53650 *.*
udp4 0 0 *.53650 *.*
udp6 0 0 *.65205 *.*
udp4 0 0 *.65205 *.*
udp6 0 0 *.56667 *.*
udp4 0 0 *.56667 *.*
udp6 0 0 *.63949 *.*
udp4 0 0 *.63949 *.*
udp4 0 0 192.168.1.101.kerberos *.*
udp6 0 0 *.kerberos *.*
udp4 0 0 192.168.1.101.netbios- *.*
udp4 0 0 192.168.1.101.netbios- *.*
udp4 0 0 192.168.1.101.ntp *.*
udp6 0 0 ncc1701x.ntp *.*
udp4 0 0 cluster.adultadw.ntp *.*
udp6 0 0 localhost.ntp *.*
udp6 0 0 localhost.ntp *.*
udp6 0 0 *.ntp *.*
udp4 0 0 *.ntp *.*
udp4 0 0 *.netbios-dgm *.*
udp4 0 0 *.netbios-ns *.*
udp4 0 0 *.* *.*
udp6 0 0 *.mdns *.*
udp4 0 0 *.mdns *.*
udp4 0 0 *.* *.*
icm6 0 0 *.* *.*

I'm not happy with : udp4 0 0 cluster.adultadw.ntp *.*

Can somebody help me out here? I am not what is going on here. I could really *REALLY* use some help.

Thanks!
-P



lucifiel
Feb 11, 2010, 11:49 PM
looks like a porn cookie!!

mac88
Feb 11, 2010, 11:52 PM
looks like a porn cookie!!

I agree. If not from your own doing, then from maybe one of those pop-ups you get using megaupload, rapidshare etc.

-aggie-
Feb 11, 2010, 11:53 PM
Watch pr0n much?

pooryou
Feb 12, 2010, 12:35 AM
looks like a porn cookie!!

Except that is the routing table.

--

Does the Conficker/Kido Worm affect Macs?

greygray
Feb 12, 2010, 12:58 AM
Pr0n cookie. . . mmm . . . :o

Peace
Feb 12, 2010, 01:02 AM
Do you have any torrent sharing going on ?

That's a lot of UDP ports open

Pentad
Feb 12, 2010, 08:28 AM
Thanks for the replies.

I honestly don't watch p0rn on my computer but I do browse Usenet from time to time...

Seriously though, I'm not a p0rn guy.

How can a p0rn cookie mess with the routing table?

Any suggestions from resetting my routing table?
:confused:

DisneySMAX
Feb 12, 2010, 08:37 AM
NTP is a Network Time Protocol and they use a "Cluster" of servers to set the time/syncing on your Mac. You have 2 external Time Servers listed there. One in ip4 and one in ip6.

udp6 0 0 ncc1701x.ntp *.*
udp4 0 0 cluster.adultadw.ntp *.*

"Adult Ad World" comes up in Google. I don't think it is malicious as it is just NTP. But it could be related to Adult adverts/popups.

benjamin747
Feb 12, 2010, 07:05 PM
NTP is a Network Time Protocol and they use a "Cluster" of servers to set the time/syncing on your Mac. You have 2 external Time Servers listed there. One in ip4 and one in ip6.

udp6 0 0 ncc1701x.ntp *.*
udp4 0 0 cluster.adultadw.ntp *.*

"Adult Ad World" comes up in Google. I don't think it is malicious as it is just NTP. But it could be related to Adult adverts/popups.

Try reinstalling... :D

Sure you had nothing to do with it. Lets just call it a pop up from a "good" site. :rolleyes:

pooryou
Feb 12, 2010, 07:54 PM
Thanks for the replies.

I honestly don't watch p0rn on my computer but I do browse Usenet from time to time...

Seriously though, I'm not a p0rn guy and other than a few games from Usenet I'm pretty normal.

How can a p0rn cookie mess with the routing table?

Any suggestions from resetting my routing table?
:confused:

I think you are going to need to ask somewhere where the users are a little more technically savvy, or at least the ones who click on your thread. ;)

Pentad
Feb 13, 2010, 01:45 PM
Ok, I figured out what was causing my problems and I was hoping somebody here could try something out...

First, I installed the adblock hosts file from here (http://www.mvps.org/winhelp2002/hosts.htm) and it worked great. However, as you can see by my OP that cluster.adultadworld.com shows up.

If I rename the hosts file and rename my original back I get this:


Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 14 24 en0
127 localhost UCS 0 0 lo0
localhost localhost UH 6 443041 lo0
169.254 link#4 UCS 0 0 en0
192.168.1 link#4 UCS 2 0 en0
192.168.1.1 0:13:10:8:a9:47 UHLWI 15 13 en0 1122
192.168.1.101 localhost UHS 1 3240 lo0
192.168.1.255 link#4 UHLWbI 1 104 en0

Internet6:
Destination Gateway Flags Netif Expire
localhost localhost UH lo0
fe80::%lo0 localhost Uc lo0
localhost link#1 UHL lo0
fe80::%en0 link#4 UC en0
ncc1701x.local 0:26:4a:12:70:e6 UHL lo0
ff01:: localhost Um lo0
ff02:: localhost UmC lo0
ff02:: link#4 UmC en0


As you can see its gone.



Now, I downloaded the latest hosts file from the site (http://www.mvps.org/winhelp2002/hosts.htm) and when I install that I get this:

Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 6 24 en0
127 540.scmg.net UCS 0 0 lo0
540.scmg.net 540.scmg.net UH 0 443168 lo0
169.254 link#4 UCS 0 0 en0
192.168.1 link#4 UCS 2 0 en0
192.168.1.1 0:13:10:8:a9:47 UHLWI 7 13 en0 777
192.168.1.101 540.scmg.net UHS 1 3348 lo0
192.168.1.255 link#4 UHLWbI 1 106 en0

Internet6:
Destination Gateway Flags Netif Expire
localhost localhost UH lo0
fe80::%lo0 fe80::1%lo0 Uc lo0
fe80::1%lo0 link#1 UHL lo0
fe80::%en0 link#4 UC en0
ncc1701x.local 0:26:4a:12:70:e6 UHL lo0
ff01:: localhost Um lo0
ff02:: localhost UmC lo0
ff02:: link#4 UmC en0

So now 540.scmg.net shows up.

I don't know why this hosts file would do this but thats the problem.


If I had some of the entries from the adblocking hosts file into my original OS X installed hosts file it doesn't seem to cause any problems.


I hope this helps anybody in the future.

Thanks for the replies,
P :)

Peace
Feb 13, 2010, 02:06 PM
Welll of course you're having problems. That host file is for Windows not Macs.

mcnicks
Feb 13, 2010, 02:12 PM
Your mac will use the hosts file to translate hostnames into IP addresses and vice versa. When it sees 127.0.0.1 in the routing table, it looks up the hosts file and finds a million entries. Presumably it is picking one at random then sticking with it.

enberg
Feb 13, 2010, 02:30 PM
hosts files is kind of a sucky way to block ads anyway. Try GlimmerBlocker instead.

Pentad
Feb 13, 2010, 08:33 PM
I wanted to reply to some of the comments:

hosts files is kind of a sucky way to block ads anyway. Try GlimmerBlocker instead.

Actually, its a great way to protect your computer. GlimmerBlocker is for HTTP only... Google for articles on protecting your computer via hosts.


Welll of course you're having problems. That host file is for Windows not Macs.


This could be and if it is then Apple is not following the RFC for implementation of a hosts file.

When it sees 127.0.0.1 in the routing table, it looks up the hosts file and finds a million entries. Presumably it is picking one at random then sticking with it.


I appreciate the reply but that is not how it works at all.



FYI: I have since tried the hosts file on Ubuntu, Slack, Windows (of course), and another MBP and it does appear that OS X handles it differently.


If you look at the routing tables on say Windows, you do not see any absurd routes appear....

My guess so far is that its a formatting issues, length issues, or some bizarre issue with their implantation.


Cheers!

ayeying
Feb 14, 2010, 01:38 AM
Actually, its a great way to protect your computer. GlimmerBlocker is for HTTP only... Google for articles on protecting your computer via hosts.

We're using hosts to block ads? seriously? Remember that one virus that altered the hosts file and caused havoc?

What type of ad will do that much damage to your mac?

MacintoshLC
Jul 14, 2010, 06:49 AM
hello
i registered just to reply here. i know this is an old thread, but for everyone having the same or similar problems for future reference.
the problem occurs because of a bug in os x, how it handles the hosts file.
just replace every instance in the mvps hosts file of 127.0.0.1 with 0.0.0.0 (except localhost of course), this will solve it.
and the mvps hosts file is a great way to block ads ;)