On Sun, 5 Jan 2014 23:54:41 -0600, Tim Peters wrote: [Bob Hanson]
... magnifying glass, I see it is two very long URLs ending with something like after the blah-blah: < ... akametechnology.com>
[Stephen J. Turnbull]
I suppose you tried cutting and pasting? [...]
Tried, but was unsuccessful. [Tim Peters]
I don't think this was cut 'n paste. Looking up the IP addresses returns legit Akamai URLs:
[...]
C:\Code>ping -a 23.59.190.113
Pinging a23-59-190-113.deploy.static.akamaitechnologies.com [23.59.190.113] with 32 bytes of data: ... C:\Code>ping -a 23.59.190.106
Pinging a23-59-190-106.deploy.static.akamaitechnologies.com [23.59.190.106] with 32 bytes of data: ...
Bob's "< ... akametechnology.com>" just looks like compounded typos.
Typos or blindos. ;-) Took a screenshot just now and zoomed in -- I can now verify that the URLs are as Tim has 'em above. [Stephen J. Turnbull]
So your alarm seems to be verified, but why this happened to a Python download I don't know. It could be DNS hacking between you and python.org, as well as something in the Python MSI.
[Tim Peters]
Honestly, for all we _know_, this firewall alert may have been triggered by some other program that just happened to wake up while Bob was installing Python. Sure, that's unlikely. But so is everything else about this ;-)
Unlikely as the firewall alert has the full correct path for *msiexec.exe*. I also keep tabs on all processes running, watch my firewall routinely, etc. And -- I'm almost paranoid enough to be a computer security guy. ;-) Wanted to add this tiny bit of info, but now I need to retire for the night. I'll check further on things in the morning. Bob Hanson