|Subject:||Re: Need Opinion on the Following Suspicious Activity|
|Posted by:||Colin Nash [MVP] (cnas…@xmvps.org)|
|Date:||Thu, 17 Aug 2006|
"Jeff Lloyd" <jbl20…@alltel.net> wrote in message
>I noticed that even when I have nothing open in Windows XP Pro SP2, there
>is activity galore...see below. I am not too sure how to address this.
>Spyware software didn't catch anything out of the ordinary and ZoneAlarm
>Firewall did not catch anything sinister either. There is always net
>activity being received onto my computer even when it is not being used and
>nothing is running. Please advise if at all possible as to what this is:
>Thanks very much.
> Microsoft Windows XP [Version 5.1.2600]
> (C) Copyright 1985-2001 Microsoft Corp.
> C:\Documents and Settings\user>netstat
> Active Connections
> Proto Local Address Foreign Address State
> TCP xppro:1046 18.104.22.168:http ESTABLISHED
> TCP xppro:1047 22.214.171.124:http ESTABLISHED
> TCP xppro:1048 126.96.36.199:https ESTABLISHED
> TCP xppro:2869 192.168.0.1:6063 TIME_WAIT
> TCP xppro:2869 192.168.0.1:6064 TIME_WAIT
> TCP xppro:2869 192.168.0.1:6065 TIME_WAIT
The http connections are the Windows Update site. Maybe you have automatic
updates turned on? (good)
The other lines appear to be UPnP traffic from your computer to your local
router. Nothing suspicious. You can disable Universal Plug and Play on the
router and/or turn off the services that support it on your PC if you don't
like it. (Start-> Run-> SERVICES.MSC and set SSDP Discovery Service and
and Play Device Host to disabled and stopped ) MSN/Windows Live Messenger,
if you use it, is also known to generate some UPnP traffic on its own
regardless of whether you turn the services off.
Need Opinion on the Following Suspicious Activity posted by Jeff Lloyd on Thu, 17 Aug 2006