Re: Need Opinion on the Following Suspicious Activity

Giganews Newsgroups
Subject: Re: Need Opinion on the Following Suspicious Activity
Posted by:  Colin Nash [MVP] (cnas…@xmvps.org)
Date: Thu, 17 Aug 2006

"Jeff Lloyd" <jbl20…@alltel.net> wrote in message
news:cc219$44e4ec79$4528b82c$105…@ALLTEL.NET...
>I noticed that even when I have nothing open in Windows XP Pro SP2, there
>is activity galore...see below.  I am not too sure how to address this.
>Spyware software didn't catch anything out of the ordinary and ZoneAlarm
>Firewall did not catch anything sinister either.  There is always net
>activity being received onto my computer even when it is not being used and
>nothing is running.  Please advise if at all possible as to what this is:
>Thanks very much.
>
> Microsoft Windows XP [Version 5.1.2600]
> (C) Copyright 1985-2001 Microsoft Corp.
>
> C:\Documents and Settings\user>netstat
>
> Active Connections
>
>  Proto  Local Address          Foreign Address        State
>  TCP    xppro:1046      64.215.164.234:http    ESTABLISHED
>  TCP    xppro:1047      207.46.20.93:http      ESTABLISHED
>  TCP    xppro:1048      64.4.21.189:https      ESTABLISHED
>  TCP    xppro:2869      192.168.0.1:6063      TIME_WAIT
>  TCP    xppro:2869      192.168.0.1:6064      TIME_WAIT
>  TCP    xppro:2869      192.168.0.1:6065      TIME_WAIT

The http connections are the Windows Update site.  Maybe you have automatic
updates turned on? (good)

The other lines appear to be UPnP traffic from your computer to your local
router.  Nothing suspicious.  You can disable Universal Plug and Play on the
router and/or turn off the services that support it on your PC if you don't
like it.  (Start-> Run-> SERVICES.MSC and set SSDP Discovery Service and
Universal Plug
and Play Device Host to disabled and stopped  )  MSN/Windows Live Messenger,
if you use it, is also known to generate some UPnP traffic on its own
regardless of whether you turn the services off.

About UPnP:
http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/upnpxp.mspx
http://en.wikipedia.org/wiki/Universal_Plug_and_Play

--
Colin Nash
Microsoft MVP
Windows Shell/User

Replies

In response to

Need Opinion on the Following Suspicious Activity posted by Jeff Lloyd on Thu, 17 Aug 2006