Finding out strange traffic
- From: "Antti Mattila" <antti.mattilaremovethis@xxxxxxxxxxxx>
- Date: Thu, 30 Jun 2005 04:54:04 -0700
I have been investingating strange traffic that tries to connect to remote
port 80 on the Internet. There has been tens of different sites and they seem
to have nothing in common.
Virus DATs are in order, I have scanned the computers with Spybot and
Adaware.
And still it continues. I installed desktop firewalls even to desktops and
blocked port 80 and took a log. I'm pretty sure that no program that was
intentionally installed is causing the traggic.
Log shows that svchost.exe is connecting all around the world very
frequently on port 80.
Windows networking maybe easy to use as a programmer as you can use these
svchost etc. services for your networking needs, but how the hell do I find
out which program has started them (including from where)? Programs like
TCPView show that which command line has been used to start for example
svchost. But I have never seen anything except legimate looking rpcss or
something like that.
I think this is a shortcoming in Windows networking. Any ideas how can I dig
deeper?
.
- Follow-Ups:
- Re: Finding out strange traffic
- From: bumtracks
- Re: Finding out strange traffic
- From: allan_grossman
- Re: Finding out strange traffic
- Prev by Date: Re: Not enough storage is available to process this command
- Next by Date: User permissions for wireless LAN
- Previous by thread: can't access ICS on client
- Next by thread: Re: Finding out strange traffic
- Index(es):
Relevant Pages
|
|
