Network Connection Constantly Sending and Recieving

TheMSsForum.com: The Microsoft Software Forum

Hi,

I have a client machine that is constantly transmitting and recieving bytes.
In the past day and a half it has sent 32 billion bytes and recieved 23
billion bytes. I have run Symantec Antivirus full scan with no results. I
have run the lates Microsoft Malicious Software removal tool with no results.
I ran Windows Defender with no results. I did a netstat on the machine and
it has an open port to all of our client machines on our LAN. For some of
the machines 2 or 3 ports. I am going to run a couple of rootkit detectors
as well. Can I close the ports on the one client machine manually? If so
how?

Thanks,

Steve
--
Steve
Systems Administrator
PSI
Top

Re: Network Connection Constantly Sending and Recieving by S

S
Fri May 11 18:31:28 CDT 2007

What does that mean - "an open port to all of our client machines"?
Do some captures (with Microsoft Network Monitor or Wireshark) to analyse
what is transmitted, and where to/from.

Use Process Monitor
(http://www.microsoft.com/technet/sysinternals/utilities/processmonitor.mspx)
to identify process responsible. You can close ports by shutting down the
process; alternaively, you can firewall the ports off to prevent
connections.

Maybe you're running a Skype supernode?

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *


"Plasticman" <sekerman@plastics.com> wrote in message
news:BEFD140F-384A-414D-828D-ED8146696A72@microsoft.com...
> Hi,
>
> I have a client machine that is constantly transmitting and recieving
> bytes.
> In the past day and a half it has sent 32 billion bytes and recieved 23
> billion bytes. I have run Symantec Antivirus full scan with no results.
> I
> have run the lates Microsoft Malicious Software removal tool with no
> results.
> I ran Windows Defender with no results. I did a netstat on the machine
> and
> it has an open port to all of our client machines on our LAN. For some of
> the machines 2 or 3 ports. I am going to run a couple of rootkit
> detectors
> as well. Can I close the ports on the one client machine manually? If so
> how?
>
> Thanks,
>
> Steve
> --
> Steve
> Systems Administrator
> PSI


Top

Re: Network Connection Constantly Sending and Recieving by Zoned

Zoned
Sat May 12 12:07:35 CDT 2007

On May 11, 4:55 pm, Plasticman <seker...@plastics.com> wrote:
> Hi,
> ....... I am going to run a couple of rootkit detectors
> as well. Can I close the ports on the one client machine manually? If so
> how?
>
> Thanks,
>
> Steve
> --
> Steve
> Systems Administrator
> PSI

There are loads of rootkit scanners on www.antirootkit.com/software/index.htm
Try a few of the ones in bold. Some seem to be better at finding
certain rootkits while others may find one but cant remove it,
good luck,
Z

Top

Re: Network Connection Constantly Sending and Recieving by fiftysixkilo

fiftysixkilo
Sun May 13 10:57:41 CDT 2007

On May 11, 11:55 am, Plasticman <seker...@plastics.com> wrote:
> Hi,
>
> I have a client machine that is constantly transmitting and recieving bytes.
> In the past day and a half it has sent 32 billion bytes and recieved 23
> billion bytes. I have run Symantec Antivirus full scan with no results. I
> have run the lates Microsoft Malicious Software removal tool with no results.
> I ran Windows Defender with no results. I did a netstat on the machine and
> it has an open port to all of our client machines on our LAN. For some of
> the machines 2 or 3 ports. I am going to run a couple of rootkit detectors
> as well. Can I close the ports on the one client machine manually? If so
> how?
>
> Thanks,
>
> Steve
> --
> Steve
> Systems Administrator
> PSI

You could try using a application level firewall like ZoneAlarm. Also
check the ports it is using against some of the known ports and make
sure it's not some application installed or misconfigured that is
making the connections.

Top

Re: Network Connection Constantly Sending and Recieving by Lincoln

Lincoln
Sun May 13 20:58:21 CDT 2007

You could also use TCPView from Sysinternals (now microsoft). Though unless
you have a good understanding of what are "normal" processes you might be
overwhelmed.

<fiftysixkilo@gmail.com> wrote in message
news:1179071861.349616.221460@u30g2000hsc.googlegroups.com...
> On May 11, 11:55 am, Plasticman <seker...@plastics.com> wrote:
>> Hi,
>>
>> I have a client machine that is constantly transmitting and recieving
>> bytes.
>> In the past day and a half it has sent 32 billion bytes and recieved 23
>> billion bytes. I have run Symantec Antivirus full scan with no results.
>> I
>> have run the lates Microsoft Malicious Software removal tool with no
>> results.
>> I ran Windows Defender with no results. I did a netstat on the machine
>> and
>> it has an open port to all of our client machines on our LAN. For some
>> of
>> the machines 2 or 3 ports. I am going to run a couple of rootkit
>> detectors
>> as well. Can I close the ports on the one client machine manually? If
>> so
>> how?
>>
>> Thanks,
>>
>> Steve
>> --
>> Steve
>> Systems Administrator
>> PSI
>
> You could try using a application level firewall like ZoneAlarm. Also
> check the ports it is using against some of the known ports and make
> sure it's not some application installed or misconfigured that is
> making the connections.
>


Top