Re: unknown outgoing tcp traffic - should I be worried?
- From: bok118@xxxxxxxxx (Gerard Bok)
- Date: Sat, 10 Nov 2007 16:04:03 GMT
On Sat, 10 Nov 2007 15:16:05 +0000, abc@xxxxxxx wrote:
On Fri, 09 Nov 2007 13:36:05 GMT, bok118@xxxxxxxxx (Gerard Bok) wrote:
I think my problem is to identify what program is using the errant
From a cmd prompt if I enter "tasklist /svc" I get a list of what isrunning in each svchost instance.
I'm not 100% but I think the one causing the trouble has only one
entry "rpcss" because after suspending the svchost.exe process in Task
Manager I can no longer use the "tasklist" command and get an "rpc
server not available" error.
Any suggestions as to what to look for next??
Well, personally I would install a sniffer (e.g. Wireshark) and
find out, what is actually insite the traffic on port 80 to
These may be rather harmless http-get requests to a server that
is no longer available. (Indicating: originally bad traffic, but
now harmless because a bad server was taken of the air.)
Or you might see, that your PC is actually sending (your) data
over to 188.8.131.52. Which would be unacceptable.
Another way to go could be, examining your startup items,
disabling them one by one untill you get the one, responsible for
Or --if it is not an automatic process-- find out at which point
after reboot, the traffic starts.
- Prev by Date: Re: unknown outgoing tcp traffic - should I be worried?
- Next by Date: The BotBrigade Proposal, Botnet Versus Botnet
- Previous by thread: Re: unknown outgoing tcp traffic - should I be worried?
- Next by thread: Re: unknown outgoing tcp traffic - should I be worried?