-
June 21st, 2006, 02:44 AM
#1
VPN Traffic ..
For some odd reason I keep getting this message over and over ...
Virtual Private Network traffic has been detected to 200.112.1.242
Do you want to automatically set a rule to allow VPN communications with this server ??
Obviously, I select No. But this message continues to pop up ..
Operating System : Windows XP Home Edition ..
I also run Freedom which is an all in one package that comes included with my Sympatico Premium Service .. It includes Anti-Virus, Anti-Spyware, Firewall .. I scan my computer with Ewido Anti-Malware (Free version) weekly ... And do the weekly virus scanning etc etc ..
Everything is updated ... Anyone have any ideas ??
-
June 21st, 2006, 03:04 AM
#2
have you checked to see what application(s) are making the request?
netstat -b should give you more info. (at least, on xp pro sp2)
Have you tried to capture it?
Any rogue processes that you don't recognize?
Any recent updates to programs that you already use and the application signature may have changed?
What brand antivirus/firewall/etc?
"Terra Networks" seems to offer many different services....
http://www.terra.cl/
http://www.dnsstuff.com/tools/whois.ch?ip=200.112.1.242
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
June 21st, 2006, 03:32 AM
#3
[1] That's the thing Phishpreek80 I can't seem to figure out which application is trying to establish the connection .. That is why I am here asking ..
[2] I ran the command netstat -b .. Just curious is there anyway for me to save the output other then copying and pasting it into wordpad ??
[3] I haven't tried to capture it ..
[4] As for any rogue processes that I don't recognize .. I ran TCPView .. See attachment ..
[5] Yesterday I updated Adobe Reader .. and that's about it ..
[6] As for the brand of firewall and antivirus .. That would be Freedom (It comes included with my Sympatico Premium Service .. Sympatico being my I.S.P ) ... Product Version: 5.1.3.36337 which is the lastest.. Latest definitions ...
Have any more suggestions ??
-
June 21st, 2006, 05:03 AM
#4
[2] I ran the command netstat -b .. Just curious is there anyway for me to save the output other then copying and pasting it into wordpad ??
Can't you just run the command
C:\netstat -b >C:\netstat.txt
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
June 21st, 2006, 05:22 AM
#5
See my attachment below .. Thanks morganlafey ...
-
June 21st, 2006, 05:33 AM
#6
Personally I use the process ID command.....
netstat -aon
Then match the id to task manager.....
not familiar with the -b .......yet.....using my 98 machine right now
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
June 21st, 2006, 12:31 PM
#7
Originally posted here by morganlefay
Can't you just run the command
C:\netstat -b >C:\netstat.txt
MLF
Another neat trick is to add an interval to that. If the communication is scheduled (every x minutes, connect to y server and upload z file), then you may not see the communication active.
netstat -b 2 >> c:\tmp\suspicious.txt
Does your firewall have logging? Is it enabled?
Can you filter for that ip address or range of ip addresses and give an idea of how often?
A lot of host based firewalls also log which application are making the connection? If yours doesn't maybe find a new one?
Can you enable a firewall elsewhere to block the outbound attempt and log the activity?
(such as your border device)
When did it start?
Have you tried to "roll back" via system restore?
morganlefay: I also like to match it to process id, that would be
netstat -ab or netstat -abn
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
June 21st, 2006, 01:31 PM
#8
Is it my imagination ( i haven't used Windows in about three years ), but see these couple lines?
lsass.exe:824 UDP ULYSSES:4500 *:*
lsass.exe:824 UDP ULYSSES:isakmp *:*
Does the lsass.exe process manage isakmp connections? I can't remember. You definately have something up.
-
June 21st, 2006, 02:13 PM
#9
kcore: Good catch. I just noticed it and came to point it out. My eyes were still blurry from waking up when I first tried to look at that .txt file. Now that I have some coffee in me, there it is staring me in the face...
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
June 21st, 2006, 06:03 PM
#10
I did do a Roll Back and all is well now .. Thanks a lot for the help and suggestions guys ..
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|