Monitoring Internet Access

[Richard Speiss]

Recently my ISP shut down my email for a short time because they said I sent
out 1,000 emails. I scanned my computers for viruses, spyware, etc. and
found nothing. I am behind a router so I do have incoming firewall
protection.

I installed Zonealarm to try and catch any unknown programs from accessing
the internet. The problem I found with this program is that when it updates
itself I have to train it all over again to allow specific programs access.

I was wondering if anyone knows of a free internet monitoring program that
would just create a log of the outbound internet activity (e.g. Date/Time,
Program Path, Name, Port, destination IP addresses, etc). That way it would
be a more passive system butI could review the logs whenever I choose and
not worry about it preventing accesses I wanted to allow.

I did a search on the net but either found pay for solutions or they didn't
look like they would do exactly what I wanted. Any ideas?


Many thanks

Richard Speiss

 

[Leythos]

Recently my ISP shut down my email for a short time because they said I
sent out 1,000 emails. I scanned my computers for viruses, spyware,
etc. and found nothing. I am behind a router so I do have incoming
firewall protection.

No, you do not have firewall protection at all, it's simple router that
blocks inbound unsolicited traffic by means of doing NAT. This does not
make the device any type of Firewall.

As for your problem, we had a small sorority get pegged for the same thing
and that's how we got them as a customer (the old IT company didn't want
to clean up the mess).

The virus infection you got has it's own SMTP engine, you can get a virus
like that from many paths - An infected email, a malicious website, a peer
to peer (file/music) sharing program, etc...

I installed Zonealarm to try and catch any unknown programs from
accessing the internet. The problem I found with this program is that
when it updates itself I have to train it all over again to allow
specific programs access.

While ZA is a great tool, if your machine is already compromised the virus
could also configure ZA to allow itself out without your knowledge.
Personal firewalls are sometimes useless.

I was wondering if anyone knows of a free internet monitoring program
that would just create a log of the outbound internet activity (e.g.
Date/Time, Program Path, Name, Port, destination IP addresses, etc).
That way it would be a more passive system butI could review the logs
whenever I choose and not worry about it preventing accesses I wanted to
allow.

You didn't tell us what Router you are using - if it's a Linksys Router
then you need to download and install the free program called WallWatcher
and then enable LOGGING in the router. This will show you, in real time,
all the traffic in/out bound to your network.

I did a search on the net but either found pay for solutions or they
didn't look like they would do exactly what I wanted. Any ideas?

You didn't mention that you got your computer cleaned - it's best to
reboot in safe mode and then run a new/updated version of Norton AV or AVG
Personal and then follow that with AdAware SE to ensure that spyware has
also been removed.

If you are running any FileSharing programs you should remove them now,
not later, as you don't need them.