Re: Help required with suspicous internet activity

From: Michael (Michael-nospam_at_bigpond.net.au)
Date: 09/28/04


Date: Tue, 28 Sep 2004 20:17:17 GMT


"Michael" <Michael-nospam@bigpond.net.au> wrote in message
news:6g25d.3171$5O5.3154@news-server.bigpond.net.au...
>I have logged the following outbound traffic from my gateway machine from
> one of the internal XP machines
>
> It appears to be a sequence of ten connection attempts to a specific IP
> address.

[snip]

To follow up - I managed to do a netstat using -b and got the following
"unknown components" when the connection was in a CLOSE_WAIT state

Active Connections
  TCP XPMachine32:3389 XPMachine32:0 LISTENING 756
  -- unknown component(s) --
  [svchost.exe]
  TCP XPMachine32:1668 202.168.8.80:http CLOSE_WAIT 992
  c:\windows\system32\WS2_32.dll
  C:\WINDOWS\system32\WININET.dll
  -- unknown component(s) --
  [svchost.exe]
  UDP XPMachine32:ntp *:* 880
  c:\windows\system32\WS2_32.dll
  c:\windows\system32\w32time.dll
  ntdll.dll
  -- unknown component(s) --
  [svchost.exe]

Using process explorer from sysinternals at the same time the services for
that instance of svchost were
LmHosts
SSDPSRV
WebClient



Relevant Pages

  • ssh tunnel question
    ... into is getting the ssh tunnel to behave the way i need. ... the soon to be proxy box is running apache with a simple site to test ... but i cannot connect to 9090 on the gateway machine (connection ... the idea here is that the gateway machine is running ppp w/NAT and i'd ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Protecting Windows ICS gateway PC?
    ... I used to run a win98SE Internet Connection Sharing gateway machine ... I think its the ADVANCED tab? ...
    (comp.security.firewalls)
  • TCP stack messed up ?
    ... My OpenBSD 4.0 gateway machine loses its connection to the local network every two days or so. ... ifconfig fxp0 down ...
    (comp.unix.bsd.openbsd.misc)
  • Re: Help required with suspicous internet activity
    ... I have logged the following outbound traffic from my gateway machine from ... It appears to be a sequence of ten connection attempts to a specific IP ... It was going through the svchost super daemon so I could not figure out ...
    (comp.security.misc)
  • Help required with suspicous internet activity
    ... I have logged the following outbound traffic from my gateway machine from ... It appears to be a sequence of ten connection attempts to a specific IP ... It was going through the svchost super daemon so I could not figure out ...
    (alt.computer.security)