RE: Connections Watcher

Mon, 02 Oct 2000 13:53:38 -0700 

You may want to get a sniffer and take a look at the packets yourself.  That
may give you a clue (by looking at the payload at least).


My $.02

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Yvette Hirth
Sent: Monday, October 02, 2000 4:36 PM
To: Firewall Discussion List
Subject: Connections Watcher


I have Internet ToolBox and am using the "Connections Watcher" feature.
Periodically, especially late in the afternoon, I hear hard-drive activity
from my PC when it is idle, which makes me suspect I have a virus that is
trying to send some type of data out.  We have a f/w that probably will
block outbound stuff, but I can't be certain, until I know from what port
(if any) the data is being sent.

Connections Watcher shows me stuff like this:

Protocol    LocalIP    LocalPort    RemoteIP    RemotePort    State
TCP         0.0.0.0    1025         0.0.0.0     0             Listen
UDP         0.0.0.0    3028         0.0.0.0     0             Listen

Some stuff is obvious, like RemotePort 23 (telnet sessions I requested be
established).  Others are not, like 1025 - I recognize that to be a dynamic
port, but with a local and remote IP of 0's, what's the deal there?

Is there any way to track down these ports other than shutting everything
down?  YES, I know about the port list, I've listened to the other posters,
Puh-Leeze don't flame me.  How can I tell who dynamically allocated port
1025?  And, would a trojan show up for a long time, or just when it's
sending/trying_to_send it's data out?

TIA
Yvette
-----------------------------------------------------------------------
Miss Yvette Seifert Hirth, CCP, CDP       Voice: (847) 263 6800
The DBT Group, Inc.                       Fax:   (847) 263 6801
176 Ambrogio Drive                        Email: [EMAIL PROTECTED]
Gurnee, IL  60031                         WWW:   http://www.dbtgroup.com

NOTE:    Please remove all occurrences of "nospam." from my address before
sending me email!

"... there were people who believed with absolute faith and absolute
dogmatism in something.  And they were so serious in this matter that they
insisted that the rest of the world agree with them.  And then they would do
things that were directly inconsistent with their own beliefs in order to
maintain that what they said was true."
--Richard P. Feynman


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to