Technical Discussion
  >> Windows Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User bob2153
(newbie) Sat 24-Sep-11 12:49:21
Print Post

Security breach?


[link to this post]
 
Hope I'm onthe right board - if not plese will the mods move me to the right one?

Running Win XP. Computer has booted up and I noticed that the little blue internet connection light was flashing at regular intervals. It becomes clear that every 4 seconds computer is sending out a packet but I don't know why and there's nothing obvious running in Task Manager which it could be. Anyone inspired please? Thanks, Bob
Anonymous
(Unregistered)Sat 24-Sep-11 13:08:54
Print Post

Re: Security breach?


[re: bob2153] [link to this post]
 
In reply to a post by bob2153:
Hope I'm onthe right board - if not plese will the mods move me to the right one?

Running Win XP. Computer has booted up and I noticed that the little blue internet connection light was flashing at regular intervals. It becomes clear that every 4 seconds computer is sending out a packet but I don't know why and there's nothing obvious running in Task Manager which it could be. Anyone inspired please? Thanks, Bob
seems normal to me
Standard User camieabz
(sensei) Sat 24-Sep-11 13:24:44
Print Post

Re: Security breach?


[re: bob2153] [link to this post]
 
It's probably nothing, but if you want, you can try:

http://www.wireshark.org/

...to monitor the network activity. If you have reason to believe you might have a security issue, you can try Hijackthis, then paste the created logfile into:

http://www.hijackthis.de/

It will flag up anything it perceives to be odd or unknown (which is not necessarily a threat : my DNS server IPs are an 'unknown', but perfectly safe).

If you're not using an AV product and software firewall, I suggest you get one. smile


P.S. - there's a Security Forum section, but it's a Windows issue, so either will do.

~~~~~~~~~~


© Camieabz 2002-2011

All Connection Data ~ plusnet

Scottish Labour politician: “The SNP are on a very dangerous tack. What they are doing is trying to build up a situation in Scotland where the services are manifestly better than south of the border in a number of areas.”

Interviewer: ”Is that a bad thing?”

Scottish Labour politician: “No, but they are doing it deliberately.”


Register (or login) on our website and you will not see this ad.

Standard User Pipexer
(eat-sleep-adslguide) Sat 24-Sep-11 13:42:01
Print Post

Re: Security breach?


[re: bob2153] [link to this post]
 
Wouldn't worry about it. If you are just running the built-in firewall tho and want to put mind at rest, I'd install something like Kerio Personal Firewall and inspect the connections status tab on it, you will be able to see where traffic is going and what process is responsible. Use kerio 4.2.2, NOT later versions.

______________
Zen 8000 Active
Standard User tommy45
(fountain of knowledge) Sat 24-Sep-11 13:48:36
Print Post

Re: Security breach?


[re: bob2153] [link to this post]
 
It's probably it's "keep alive "feature, if you have a router, it will be sending and receiving data using the loopback (localhost) to keep the connection open between the 2 or any other devices that are within you local network, but yopu can check using the built it windows utility Netstat

open a command prompt window type in netstat -a this will display all open connecttions

My Broadband Speed TestMy Broadband Speed Test
http://www.speedtest.net/result/1109135337.png
http://www.speedtest.net/result/1088567519.png
http://www.pingtest.net/result/29483331.png
Results from http://www.speed.io
(Copied on 2011-09-18 22:29:00)
Download: 14772 Kbit/s
Upload : 1676 kbit/s
Connects : 2808 conn/min
Ping: 11 ms
Standard User bob2153
(newbie) Sat 24-Sep-11 14:05:17
Print Post

Re: Security breach?


[re: tommy45] [link to this post]
 
Thank you all for setting my mind at rest.Since I got this computer I have had Free AG installed and the windows firewall enabled. I did look at wireshark but it seemed very technical and well above my head. Tommy45's suggestion about the "keep alive" feature seems to be the solution ... netstat -a only shows up things I would expect to see (screen dump below), so I can now set my mind at rest that computer isn't infected and not cranking up usage on the bandwidth meter

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Bob>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP julie-25bed0b66:epmap julie-25bed0b66:0 LISTENING
TCP julie-25bed0b66:microsoft-ds julie-25bed0b66:0 LISTENING
TCP julie-25bed0b66:2869 julie-25bed0b66:0 LISTENING
TCP julie-25bed0b66:1034 julie-25bed0b66:0 LISTENING
TCP julie-25bed0b66:1464 localhost:1465 ESTABLISHED
TCP julie-25bed0b66:1465 localhost:1464 ESTABLISHED
TCP julie-25bed0b66:1470 localhost:1471 ESTABLISHED
TCP julie-25bed0b66:1471 localhost:1470 ESTABLISHED
TCP julie-25bed0b66:5152 julie-25bed0b66:0 LISTENING
TCP julie-25bed0b66:5152 localhost:1957 CLOSE_WAIT
TCP julie-25bed0b66:netbios-ssn julie-25bed0b66:0 LISTENING
TCP julie-25bed0b66:1494 ip-70-38-25-72.static.privatedns.com:http CLOSE
_WAIT
TCP julie-25bed0b66:3846 forums.thinkbroadband.com:http TIME_WAIT
TCP julie-25bed0b66:3847 209.85.229.138:http TIME_WAIT
TCP julie-25bed0b66:3859 www.thinkbroadband.com:http TIME_WAIT
TCP julie-25bed0b66:3860 www.thinkbroadband.com:http TIME_WAIT
UDP julie-25bed0b66:microsoft-ds *:*
UDP julie-25bed0b66:isakmp *:*
UDP julie-25bed0b66:4500 *:*
UDP julie-25bed0b66:ntp *:*
UDP julie-25bed0b66:1053 *:*
UDP julie-25bed0b66:1900 *:*
UDP julie-25bed0b66:3916 *:*
UDP julie-25bed0b66:ntp *:*
UDP julie-25bed0b66:netbios-ns *:*
UDP julie-25bed0b66:netbios-dgm *:*
UDP julie-25bed0b66:1900 *:*
UDP julie-25bed0b66:3915 *:*

My thanks to you for your excellent and prompt sharing of knowledge. Much appreciated
Bob
Standard User 12eason
(eat-sleep-adslguide) Sat 24-Sep-11 15:22:56
Print Post

Re: Security breach?


[re: bob2153] [link to this post]
 
In reply to a post by bob2153:
TCP julie-25bed0b66:1494 ip-70-38-25-72.static.privatedns.com:http CLOSE
_WAIT
Hmm. Know anyone in Canada?

___________________________________________________________________
           Firenet - V21 - Fast4 - f·2·s - eclipseinternet - entanet - aaisp.net -
Standard User jchamier
(knowledge is power) Mon 26-Sep-11 07:43:28
Print Post

Re: Security breach?


[re: 12eason] [link to this post]
 
In reply to a post by 12eason:
In reply to a post by bob2153:
TCP julie-25bed0b66:1494 ip-70-38-25-72.static.privatedns.com:http CLOSE
_WAIT
Hmm. Know anyone in Canada?


privatedns.com is a domain owned by iWeb.com - a webhosting company.

So it could be any web access.

James - be* pro - on THFB - sync about 17.2mbps - BQM
Standard User 12eason
(eat-sleep-adslguide) Mon 26-Sep-11 19:59:27
Print Post

Re: Security breach?


[re: jchamier] [link to this post]
 
Close, it's an automatically assigned domain name given by an ISP or server host to a customer whose static IP is 70.38.25.72. It's fairly standard procedure for IPs that don't have domain names. The connection is on the same port Citrix uses, so I'd guess it's a work thing. If it's not though, it could be a connection made by a virus to a central server in Canada. Certainly if it was an official work server I'd expect it to have a proper domain assigned to it, so it seems suspicious to me.

___________________________________________________________________
           Firenet - V21 - Fast4 - f·2·s - eclipseinternet - entanet - aaisp.net -
Standard User tommy45
(fountain of knowledge) Mon 26-Sep-11 21:03:02
Print Post

Re: Security breach?


[re: 12eason] [link to this post]
 
3 links maybe someone visited one of those web pages?

My Broadband Speed TestMy Broadband Speed Test
http://www.speedtest.net/result/1109135337.png
http://www.speedtest.net/result/1088567519.png
http://www.pingtest.net/result/29483331.png
Results from http://www.speed.io
(Copied on 2011-09-18 22:29:00)
Download: 14772 Kbit/s
Upload : 1676 kbit/s
Connects : 2808 conn/min
Ping: 11 ms
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to