Did someone break through my firewall (ICF)?

  • Thread starter Thread starter George L
  • Start date Start date
G

George L

Why do I see a lot of "packets" being sent when I am not doing
anything? I have ICF on, is someone stealing my stuff? How can I
tell what is being transferred...specific files...like my MP3's????
 
George L said:
Why do I see a lot of "packets" being sent when I am not doing
anything? I have ICF on, is someone stealing my stuff? How can I
tell what is being transferred...specific files...like my MP3's???
Click to expand...

George,

When you use the XP firewall, outbound traffic isn´t monitored. XP´s
firewall only checks inbound traffic. All sorts of mallware can send out
packadges unhindered. What firewall do you have installed? When using
ZoneAlarm you can check settings to see what program is generating outbound
traffic and you can deny or admit programs to connect to the Internet.
Furthermore, I advice you to run Ad-Aware or Spybot to check for spyware.

Best regards,

Ben
 
The "packets" may be anything. Microsoft Automatic Updates, a spyware/trojan
or an application performing a live update by itself. Install a firewall
like ZoneAlarm (www.zonelabs.com) and monitor the outgoing traffic. Windows
XP's ICF only takes care of inbound traffic.

--
Regards,

Ramesh (MS-MVP)
(e-mail address removed)
http://www.mvps.org/sramesh2k

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

~ Please reply to newsgroup ~


Why do I see a lot of "packets" being sent when I am not doing
anything? I have ICF on, is someone stealing my stuff? How can I
tell what is being transferred...specific files...like my MP3's????
 
I installed ZoneAlarm...

I see repeat programs trying to access...and these three things....

1. vnsc-bak-dsl.genuity.net as destination DNS

2. Cisco VPN keeps trying to connect to 4.2.2.4:53

3. NetBios keeps trying to connect to 69.10.144.209:6667

What is happening? I still can't do a full virus scan....THANKS :-)
 
You don't need to worry about the notifications by Zone Alarm. But, don't
ignore the high-alert notifications. The medium alert prompts are the
results of a port scan (from a remote computer) or a PING.

You will need to concentrate on the "Applications" part. Block unwanted
applications from accessing the internet (using the programs tab in ZA).

--
Regards,
Ramesh (MS-MVP)
(e-mail address removed)
http://www.mvps.org/sramesh2k

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

~ Please reply to newsgroup ~


I installed ZoneAlarm...

I see repeat programs trying to access...and these three things....

1. vnsc-bak-dsl.genuity.net as destination DNS

2. Cisco VPN keeps trying to connect to 4.2.2.4:53

3. NetBios keeps trying to connect to 69.10.144.209:6667

What is happening? I still can't do a full virus scan....THANKS :-)
 
Great news...so how did these applications start doing this? (Like my
university VPN program.) Does it have anything to do with my virus
scan not starting because of a scan engibe error?

Also, I plan to stop these programs (repeat program and program
access)...do they sound familiar?

IAMSERV.EXE
NetBios Information
Generic Host Process for Win32 Services
 
IAMSERV.EXE seems to be a trojan. Check here:
http://vil.nai.com/vil/content/Print100237.htm

Block access for this program using ZoneAlarm. Reinstall the Anti-virus
software and update it. Perform a full system scan.

--
Ramesh - Microsoft MVP
Aim: SRamesh2k
(e-mail address removed)
http://www.mvps.org/sramesh2k


Great news...so how did these applications start doing this? (Like my
university VPN program.) Does it have anything to do with my virus
scan not starting because of a scan engibe error?

Also, I plan to stop these programs (repeat program and program
access)...do they sound familiar?

IAMSERV.EXE
NetBios Information
Generic Host Process for Win32 Services
 
Ramesh said:
You will need to concentrate on the "Applications" part. Block unwanted
applications from accessing the internet (using the programs tab in ZA).
Click to expand...
============================
There is *NO* Program tab on the free ZoneAlarm - only Status, Product Info
and Preferences. Are you talking about the paid version?

FS......
 
Back
Top