Results 1 to 10 of 10

Thread: VPN Traffic ..

  1. #1
    Senior Member
    Join Date
    Oct 2003
    Posts
    707

    VPN Traffic ..

    For some odd reason I keep getting this message over and over ...

    Virtual Private Network traffic has been detected to 200.112.1.242
    Do you want to automatically set a rule to allow VPN communications with this server ??


    Obviously, I select No. But this message continues to pop up ..

    Operating System : Windows XP Home Edition ..
    I also run Freedom which is an all in one package that comes included with my Sympatico Premium Service .. It includes Anti-Virus, Anti-Spyware, Firewall .. I scan my computer with Ewido Anti-Malware (Free version) weekly ... And do the weekly virus scanning etc etc ..

    Everything is updated ... Anyone have any ideas ??
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    have you checked to see what application(s) are making the request?

    netstat -b should give you more info. (at least, on xp pro sp2)

    Have you tried to capture it?

    Any rogue processes that you don't recognize?

    Any recent updates to programs that you already use and the application signature may have changed?

    What brand antivirus/firewall/etc?

    "Terra Networks" seems to offer many different services....
    http://www.terra.cl/

    http://www.dnsstuff.com/tools/whois.ch?ip=200.112.1.242
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    [1] That's the thing Phishpreek80 I can't seem to figure out which application is trying to establish the connection .. That is why I am here asking ..

    [2] I ran the command netstat -b .. Just curious is there anyway for me to save the output other then copying and pasting it into wordpad ??

    [3] I haven't tried to capture it ..

    [4] As for any rogue processes that I don't recognize .. I ran TCPView .. See attachment ..

    [5] Yesterday I updated Adobe Reader .. and that's about it ..

    [6] As for the brand of firewall and antivirus .. That would be Freedom (It comes included with my Sympatico Premium Service .. Sympatico being my I.S.P ) ... Product Version: 5.1.3.36337 which is the lastest.. Latest definitions ...

    Have any more suggestions ??
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    [2] I ran the command netstat -b .. Just curious is there anyway for me to save the output other then copying and pasting it into wordpad ??
    Can't you just run the command

    C:\netstat -b >C:\netstat.txt



    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    See my attachment below .. Thanks morganlafey ...
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  6. #6
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Personally I use the process ID command.....

    netstat -aon

    Then match the id to task manager.....

    not familiar with the -b .......yet.....using my 98 machine right now

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Originally posted here by morganlefay
    Can't you just run the command

    C:\netstat -b >C:\netstat.txt



    MLF
    Another neat trick is to add an interval to that. If the communication is scheduled (every x minutes, connect to y server and upload z file), then you may not see the communication active.

    netstat -b 2 >> c:\tmp\suspicious.txt

    Does your firewall have logging? Is it enabled?
    Can you filter for that ip address or range of ip addresses and give an idea of how often?
    A lot of host based firewalls also log which application are making the connection? If yours doesn't maybe find a new one?

    Can you enable a firewall elsewhere to block the outbound attempt and log the activity?
    (such as your border device)

    When did it start?

    Have you tried to "roll back" via system restore?

    morganlefay: I also like to match it to process id, that would be

    netstat -ab or netstat -abn
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    Is it my imagination ( i haven't used Windows in about three years ), but see these couple lines?

    lsass.exe:824 UDP ULYSSES:4500 *:*
    lsass.exe:824 UDP ULYSSES:isakmp *:*

    Does the lsass.exe process manage isakmp connections? I can't remember. You definately have something up.

  9. #9
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    kcore: Good catch. I just noticed it and came to point it out. My eyes were still blurry from waking up when I first tried to look at that .txt file. Now that I have some coffee in me, there it is staring me in the face...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  10. #10
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    I did do a Roll Back and all is well now .. Thanks a lot for the help and suggestions guys ..
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •