Re: Help required with suspicous internet activity
From: Michael (Michael-nospam_at_bigpond.net.au)
Date: 09/28/04
- Next message: Russell Gadd: "ZoneAlarm doesn't recognise AVG antivirus"
- Previous message: Rob Slade, doting grandpa of Ryan and Trevor: "REVIEW: "Minding the Machines", William M. Evan/Mark Manion"
- In reply to: Michael: "Help required with suspicous internet activity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Sep 2004 20:17:17 GMT
"Michael" <Michael-nospam@bigpond.net.au> wrote in message
news:6g25d.3171$5O5.3154@news-server.bigpond.net.au...
>I have logged the following outbound traffic from my gateway machine from
> one of the internal XP machines
>
> It appears to be a sequence of ten connection attempts to a specific IP
> address.
[snip]
To follow up - I managed to do a netstat using -b and got the following
"unknown components" when the connection was in a CLOSE_WAIT state
Active Connections
TCP XPMachine32:3389 XPMachine32:0 LISTENING 756
-- unknown component(s) --
[svchost.exe]
TCP XPMachine32:1668 202.168.8.80:http CLOSE_WAIT 992
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\WININET.dll
-- unknown component(s) --
[svchost.exe]
UDP XPMachine32:ntp *:* 880
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
-- unknown component(s) --
[svchost.exe]
Using process explorer from sysinternals at the same time the services for
that instance of svchost were
LmHosts
SSDPSRV
WebClient
- Next message: Russell Gadd: "ZoneAlarm doesn't recognise AVG antivirus"
- Previous message: Rob Slade, doting grandpa of Ryan and Trevor: "REVIEW: "Minding the Machines", William M. Evan/Mark Manion"
- In reply to: Michael: "Help required with suspicous internet activity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
