|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
02-03-2003, 03:10 PM
|
#1 |
|
Member (3 bit)
Join Date: Feb 2003
Posts: 4
|
Local Area Connection Help!!!
today i looked at my local area connection status and i see that i have 17, 179, 879, 905 packets sent and 14,714 packets recieved. What concerns me is the sent packets since it's so high. I turned the pc on in the morning and when i returned from school it was up to that number! Kazaa isn't running, no other p2p programs are running, no multplayer games have been played, and norton antivirus 2002 fully updated doesn't report anything. Can someone help me, i'm very concerned...is it a trojan, or any other malicious device? Your help and comments will be greatly helpful and beneficial.
a worried pc owner |
|
|
|
02-03-2003, 03:27 PM
|
#2 |
|
Member (12 bit)
Join Date: Jan 2002
Location: Central Arkansas
Posts: 2,170
|
Surely sounds like you have something running in the background. Try running Spybot , but be careful, some programs won't work if you remove the spyware or adware.
__________________
Roger "Our greatest glory is not in never falling, but in rising every time we fall." -Confucius |
|
|
|
|
02-03-2003, 04:35 PM
|
#3 |
|
Member (13 bit)
Join Date: Mar 1999
Posts: 6,791
|
Hi,
Also make sure you don't have any programs that periodically automatically check for updates on the internet. Are you running any firewall software such as ZoneAlarm? If not, you might want to check into this also. It will help catch things that want internet access. HTH |
|
|
|
|
02-03-2003, 07:31 PM
|
#4 |
|
Member (12 bit)
Join Date: Dec 1999
Location: Oklahoma
Posts: 3,261
|
The number does seem disproportionately high. I have several programs that access the internet frequently. Email, time server, weather and the like. But I don't think it would look like that.
|
|
|
|
|
02-04-2003, 04:47 AM
|
#5 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,771
|
With that many packets going out, you very likely have been infected with a trojan of some sort - that is using your machine as part of a distributed denial of service attack. If you don't have a firewall that can block OUTGOING packets (Zone Alarm, Sygate), GET ONE.
|
|
|
|
|
02-04-2003, 05:53 AM
|
#6 |
|
Member (13 bit)
Join Date: Oct 2000
Location: Scotland
Posts: 4,700
|
|
|
|
|
|
02-05-2003, 07:50 PM
|
#7 |
|
Member (3 bit)
Join Date: Feb 2003
Posts: 4
|
Local Area Network Help 2 HELP!!!
Hello, i'm back.
Well i rebooted by pc with the compaq restoration disk to see if that would make a difference. Everything proceeded as planned until i looked the next day and this time the sent packets was at 700,000,000,000. I downloaded zonealarm and i went to my tae kwon do at night. I returned and found that it had blocked one. It said it blocked internet access to 66.73.162.231 (TCP Port 1744) [TCP Flags: S]. And then i looked at the menu and it said that it had blocked 240 intrusions, one being high rated. My friend had tracked that one to adsl-66-73-162-231.dsl.chcgil.ameritech.net . What should i do? Your help will be greatly appreciated. |
|
|
|
|
02-05-2003, 08:44 PM
|
#8 |
|
The Preacher Man
Premium Member
Join Date: Apr 2000
Location: Dallas
Posts: 4,828
|
Did you reinstall Win98 over itself or reformat first? I've used a router and zone alarm for over a year and never get probed anymore. (thanks to router). Run these 2 tests and see what shows up:
https://grc.com/x/ne.dll?bh0bkyd2
__________________
"Don't be so open-minded that your brains fall out." |
|
|
|
|
02-06-2003, 03:07 AM
|
#9 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,771
|
I merged your 2 threads so we can keep some continuity here. In the future, it's suggested that you keep a single thread going till the issue is solved. Thanks!
|
|
|
|
|
02-06-2003, 02:10 PM
|
#10 |
|
Member (3 bit)
Join Date: Feb 2003
Posts: 4
|
Ah thanks everyone...i finally, just reformated (again) and used my router along with the zonealarm firewall. Nothing has happened yet! (knock on wood). Thanks again everyone for ur contributions and help. I'm greatly appreciative.
|
|
|
|
|
02-06-2003, 03:03 PM
|
#11 |
|
Staff
Premium Member
Join Date: Jul 1999
Location: Arlington, TN
Posts: 5,538
|
Compaq has it's own little bit of SpyWare on it.
|
|
|
|
|
02-06-2003, 03:48 PM
|
#12 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,771
|
mairving: yeah, but it isnt going to send THAT many packets in that period of time.
Hiding behind a router and Zone Alarm (which can monitor outbound) should keep you safe, but be careful what you allow as a server! |
|
|
|
|
02-06-2003, 04:09 PM
|
#13 |
|
Member (8 bit)
Join Date: Apr 2002
Location: Chicago
Posts: 156
  |
I did a little poking around and that IP address is definitely with Ameritech; you may be able to report the activity to them (especially if it occurs again in the future).
As far as the port number... all I can find out is that port 1744 is registered to a service called "ncmp-ft"... I have no idea what that is... obviously, an attack could be anything and just directed to that port if it is un-used. |
|
|
|
|
02-06-2003, 04:18 PM
|
#14 |
|
Staff
Premium Member
Join Date: Jul 1999
Location: Arlington, TN
Posts: 5,538
|
You can download a program called Vision from Foundstone that will tell you what process/program is using what port.
|
|
|
|
|
02-06-2003, 06:31 PM
|
#15 |
|
Member (11 bit)
Join Date: Nov 2001
Location: Massachusetts
Posts: 1,487
|
I talked to koguryoki on aim yesteray about this and i think that they are actually trying to connect to port 12345. He said: "it said that it had blocked internet access to ur computer [TCP Port 12345] from 66.73.162.231 (TCP Port 1744) [TCP Flags: S]"
Zone alarm is apparently still reporting attacks with the router. He doesn't think he is in the DMZ and no ports are forwarded to his computer. How is that possible to be connected to with a router and no dmz or port forwarding?
__________________
"When the only tool you have is a hammer, every problem starts to look like a nail." |
|
|
|
|
02-06-2003, 10:15 PM
|
#16 |
|
Member (10 bit)
Join Date: Jun 2002
Location: Middleofnowhere, Iowa
Posts: 580
|
mairving
I tried "vision" and couldn't get it to work. How did you configure it? cat
__________________
The harder I try, the problem gets worse, the trying gets harder and I start to curse. %$*^@+ &* When you get there don't come get me, you'll be lost again Last edited by catfishjoe_1; 02-06-2003 at 11:26 PM. |
|
|
|
|
02-06-2003, 11:30 PM
|
#17 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,771
|
12345?
You have hackers looking for netbus (are you SURE you don't have it? Get The Cleaner from Moosoft.com and make sure) or you are using Trend Micro Office Scan antivirus, my friend. http://zdnet.com.com/2100-1105-819807.html |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
