Re: pc generating unauthorized http scans



Hi,

You can use Wireshark to see whats going on actually. You can find
some clues like source port of your machine from it then give command
in CMD "netstat -ano" This would list all the TCP connections with PID
of the process. Then go to Task Manager and find process EXE with the
same PID (you may have to add the PID column in there). You can even
use system information to find the path from where the EXE is running
(in software environment > running tasks). Then end task it and delete
the EXE. This would mostly solve the problem.

Regards,

On Thu, Nov 20, 2008 at 5:24 AM, Donald Raikes <DON.RAIKES@xxxxxxxxxx> wrote:

Hello,
Recently, our corporate security team identified that my windows xp pc was performing a number of http scans of other systems within our network.

I am not running any kind of scans, nor have I authorized anything to run such scans.

How can I determine what is performing these scans?



--
("Relax, its only ONES and ZEROS !")

Shreyas Zare
Co-Founder, Technitium
eMail: shreyas@xxxxxxxxxxxxxx

..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam@xxxxxxxxxxxxxx

Join Sci-Tech News group and get the latest science & technology news
in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news
to join.



Relevant Pages

  • RE: Increase in TCP 6129 (Dameware) scans?
    ... One of our security notices made it's to an infected user who ran our ... forensic tool (SecCheck), uncovered: ... PID 4504 194.xx.yy.zzz:3362 63.89.60.2:6129 SYN_SENT ...
    (Incidents)
  • Re: problem: SSL certificate associated with website in IIS changes upon reboot
    ... You probably won't see the PID ... in the process list, as I suspect that this exe runs at startup, does ... : Primary User Domain: NT AUTHORITY ...
    (microsoft.public.inetserver.iis.security)
  • Re: Cross ref handles/pids/exe
    ... I have the name of an .exe that I ... So the phrase "its THandle" needs clarification. ... another program through its pid or its .exe or path. ... And since a program might have zero, one, or many window handles, it doesn't really make sense, in general, to talk about "the" handle of a program when you mean a window handle. ...
    (comp.lang.pascal.delphi.misc)
  • Re: [SLE] chkroot claims top infected
    ... > for ps command" result. ... PID 4: not in ps output ... CWD 4: / ... EXE 4: / ...
    (SuSE)
  • Re: problem with running an win32 exe
    ... You'll have to use the RedirectStandardOutput property of the ... >the exe get calls but not performing the operation for which it meant. ... >when iam runnig the exe i am getting the outupt. ...
    (microsoft.public.dotnet.framework.aspnet)