Paranoia

  • Thread starter Thread starter Rolando E Creagh, MD FACS
  • Start date Start date
R

Rolando E Creagh, MD FACS

Forgive me for the double posting, but I am not sure to whom should I
addressee this problem. Perhaps is only paranoia. Hoping that someone might
read my long winded story and perhaps assist me with this situation.
I have noticed at some idle times, that the network, local area and/or
wireless connections icons lights are on, and there is traffic of packets.
This is at times when I am not using neither the browser nor the mail agent.
With the only exception of the antivirus (Trend Micro) update set automatic
every 12 hours, I do not have knowingly any automatic downloads or updating
set, only the antivirus. I abhor the idea. I have no viruses or malware,
having scan several times, even with 3 different anti-adware programs. Task
manager does not show me any significant activity in processes, but in
networking I can see about a 0.15 % to 0.17% utilization with no users but
myself. A Web Activity log from the router shows me several URL connecting
to IP addresses of any machine I have on (7), some denoting programs from
vendors or software I do not or not aware I have.
I realize some software use other peoples software and usually they ask for
permission to automatically update. Obviously some do not or I have spies
that are not being detected.
The only thing that stop the activity, is by turning off the internet
connection at the security software.
My questions are: 1] what is going on? (other than my own crazy
imagination), 2] How we find the source? 3] How do we stop this? (other than
disconnecting)
Much grateful for your interest, thanks.
 
Hi
A computer connected to the Internet is like a ""living animal"" and there
is always some kind of Network activity generates by various processes.
Using more than One Firewall, One Antivirus, and One Anti-Adware programs is
a mistake. It does not add security and eventually it would destabilize the
TCP/IP Stack (it also part of the idle network activity).
Read this page it might clarify some of the issue involved,
http://www.ezlan.net/firewall.html
Jack (MVP-Networking).
 
Living animal is right!
Thanks for the return and could no agree with you more.
I do have multiple anti-spy software, but none are running resident. None
are full proof as they miss spyware, so if there are suspicions, one is not
enough.
I Use only one firewall per machine, even as there the one in the router. It
will certainly be nice if they were to fully work at the level of the
router, instead of at every single computer in a network. Sure, it is
possible to have a server and router and have all the network work through
that server, but unpractical in the wild.
A remote switch (even by software) that could disconnect from the internet
at the level of the router could be helpful, instead of those present at the
computer firewall, essentially interrupting the network. But impractical as
can be imagine, if one on each net computer.
Never mind dreaming

What I would like to find is a software or procedure which could detect and
identify those intruders in order to deactivate them. The router log tells
you were they are connecting, but not who originate the connection.

Is there such a thing?
Cheers

Jack (MVP-Networking). said:
Hi
A computer connected to the Internet is like a ""living animal"" and there
is always some kind of Network activity generates by various processes.
Using more than One Firewall, One Antivirus, and One Anti-Adware programs
is a mistake. It does not add security and eventually it would destabilize
the TCP/IP Stack (it also part of the idle network activity).
Read this page it might clarify some of the issue involved,
http://www.ezlan.net/firewall.html
Jack (MVP-Networking).

Rolando E Creagh said:
Forgive me for the double posting, but I am not sure to whom should I
addressee this problem. Perhaps is only paranoia. Hoping that someone
might read my long winded story and perhaps assist me with this
situation.
I have noticed at some idle times, that the network, local area and/or
wireless connections icons lights are on, and there is traffic of
packets. This is at times when I am not using neither the browser nor the
mail agent. With the only exception of the antivirus (Trend Micro) update
set automatic every 12 hours, I do not have knowingly any automatic
downloads or updating set, only the antivirus. I abhor the idea. I have
no viruses or malware, having scan several times, even with 3 different
anti-adware programs. Task manager does not show me any significant
activity in processes, but in networking I can see about a 0.15 % to
0.17% utilization with no users but myself. A Web Activity log from the
router shows me several URL connecting to IP addresses of any machine I
have on (7), some denoting programs from vendors or software I do not or
not aware I have.
I realize some software use other peoples software and usually they ask
for permission to automatically update. Obviously some do not or I have
spies that are not being detected.
The only thing that stop the activity, is by turning off the internet
connection at the security software.
My questions are: 1] what is going on? (other than my own crazy
imagination), 2] How we find the source? 3] How do we stop this? (other
than disconnecting)
Much grateful for your interest, thanks.
Click to expand...
Click to expand...
 
Jack (MVP-Networking). said:
Hi
A computer connected to the Internet is like a ""living animal"" and there
is always some kind of Network activity generates by various processes.
Using more than One Firewall, One Antivirus, and One Anti-Adware programs
is a mistake. It does not add security and eventually it would destabilize
the TCP/IP Stack (it also part of the idle network activity).
Read this page it might clarify some of the issue involved,
http://www.ezlan.net/firewall.html
Jack (MVP-Networking).

Rolando E Creagh said:
Forgive me for the double posting, but I am not sure to whom should I
addressee this problem. Perhaps is only paranoia. Hoping that someone
might read my long winded story and perhaps assist me with this
situation.
I have noticed at some idle times, that the network, local area and/or
wireless connections icons lights are on, and there is traffic of
packets. This is at times when I am not using neither the browser nor the
mail agent. With the only exception of the antivirus (Trend Micro) update
set automatic every 12 hours, I do not have knowingly any automatic
downloads or updating set, only the antivirus. I abhor the idea. I have
no viruses or malware, having scan several times, even with 3 different
anti-adware programs. Task manager does not show me any significant
activity in processes, but in networking I can see about a 0.15 % to
0.17% utilization with no users but myself. A Web Activity log from the
router shows me several URL connecting to IP addresses of any machine I
have on (7), some denoting programs from vendors or software I do not or
not aware I have.
I realize some software use other peoples software and usually they ask
for permission to automatically update. Obviously some do not or I have
spies that are not being detected.
The only thing that stop the activity, is by turning off the internet
connection at the security software.
My questions are: 1] what is going on? (other than my own crazy
imagination), 2] How we find the source? 3] How do we stop this? (other
than disconnecting)
Much grateful for your interest, thanks.
Click to expand...
Click to expand...
Click to expand...
Living animal is right!
Thanks for the return and could no agree with you more.
I do have multiple anti-spy software, but none are running resident. None
are full proof as they miss spyware, so if there are suspicions, one is not
enough.
I Use only one firewall per machine, even as there the one in the router. It
will certainly be nice if they were to fully work at the level of the
router, instead of at every single computer in a network. Sure, it is
possible to have a server and router and have all the network work through
that server, but unpractical in the wild.
A remote switch (even by software) that could disconnect from the internet
at the level of the router could be helpful, instead of those present at the
computer firewall, essentially interrupting the network. But impractical as
can be imagine, if one on each net computer.
Never mind dreaming

What I would like to find is a software or procedure which could detect and
identify those intruders in order to deactivate them. The router log tells
you were they are connecting, but not who originate the connection.

Is there such a thing?
Click to expand...

Roland,

The best way to protect yourself is with robust, well maintained layered
security. A personal firewall on each computer, and the NAT process in the
router (which may or may not include a firewall) are good layers. Anti-trojan
and anti-virus protection is essential too. And the most essential layer is
you.
<http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
 
Agree
I already do what you recommend, but my question is about something going
OUT of my computers. All our protection is for outside treats.
Paranoia is helpful taking care of patients and problems.
Cheers


Chuck said:
Jack (MVP-Networking). said:
Hi
A computer connected to the Internet is like a ""living animal"" and
there
is always some kind of Network activity generates by various processes.
Using more than One Firewall, One Antivirus, and One Anti-Adware
programs
is a mistake. It does not add security and eventually it would
destabilize
the TCP/IP Stack (it also part of the idle network activity).
Read this page it might clarify some of the issue involved,
http://www.ezlan.net/firewall.html
Jack (MVP-Networking).

Forgive me for the double posting, but I am not sure to whom should I
addressee this problem. Perhaps is only paranoia. Hoping that someone
might read my long winded story and perhaps assist me with this
situation.
I have noticed at some idle times, that the network, local area and/or
wireless connections icons lights are on, and there is traffic of
packets. This is at times when I am not using neither the browser nor
the
mail agent. With the only exception of the antivirus (Trend Micro)
update
set automatic every 12 hours, I do not have knowingly any automatic
downloads or updating set, only the antivirus. I abhor the idea. I have
no viruses or malware, having scan several times, even with 3 different
anti-adware programs. Task manager does not show me any significant
activity in processes, but in networking I can see about a 0.15 % to
0.17% utilization with no users but myself. A Web Activity log from the
router shows me several URL connecting to IP addresses of any machine I
have on (7), some denoting programs from vendors or software I do not
or
not aware I have.
I realize some software use other peoples software and usually they ask
for permission to automatically update. Obviously some do not or I have
spies that are not being detected.
The only thing that stop the activity, is by turning off the internet
connection at the security software.
My questions are: 1] what is going on? (other than my own crazy
imagination), 2] How we find the source? 3] How do we stop this? (other
than disconnecting)
Much grateful for your interest, thanks.
Click to expand...
Click to expand...
Living animal is right!
Thanks for the return and could no agree with you more.
I do have multiple anti-spy software, but none are running resident. None
are full proof as they miss spyware, so if there are suspicions, one is
not
enough.
I Use only one firewall per machine, even as there the one in the router.
It
will certainly be nice if they were to fully work at the level of the
router, instead of at every single computer in a network. Sure, it is
possible to have a server and router and have all the network work through
that server, but unpractical in the wild.
A remote switch (even by software) that could disconnect from the internet
at the level of the router could be helpful, instead of those present at
the
computer firewall, essentially interrupting the network. But impractical
as
can be imagine, if one on each net computer.
Never mind dreaming

What I would like to find is a software or procedure which could detect
and
identify those intruders in order to deactivate them. The router log tells
you were they are connecting, but not who originate the connection.

Is there such a thing?
Click to expand...

Roland,

The best way to protect yourself is with robust, well maintained layered
security. A personal firewall on each computer, and the NAT process in
the
router (which may or may not include a firewall) are good layers.
Anti-trojan
and anti-virus protection is essential too. And the most essential layer
is
you.
<http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
Click to expand...
 
Agree
I already do what you recommend, but my question is about something going
OUT of my computers. All our protection is for outside treats.
Paranoia is helpful taking care of patients and problems.
Cheers


Chuck said:
Hi
A computer connected to the Internet is like a ""living animal"" and
there
is always some kind of Network activity generates by various processes.
Using more than One Firewall, One Antivirus, and One Anti-Adware
programs
is a mistake. It does not add security and eventually it would
destabilize
the TCP/IP Stack (it also part of the idle network activity).
Read this page it might clarify some of the issue involved,
http://www.ezlan.net/firewall.html
Jack (MVP-Networking).

Forgive me for the double posting, but I am not sure to whom should I
addressee this problem. Perhaps is only paranoia. Hoping that someone
might read my long winded story and perhaps assist me with this
situation.
I have noticed at some idle times, that the network, local area and/or
wireless connections icons lights are on, and there is traffic of
packets. This is at times when I am not using neither the browser nor
the
mail agent. With the only exception of the antivirus (Trend Micro)
update
set automatic every 12 hours, I do not have knowingly any automatic
downloads or updating set, only the antivirus. I abhor the idea. I have
no viruses or malware, having scan several times, even with 3 different
anti-adware programs. Task manager does not show me any significant
activity in processes, but in networking I can see about a 0.15 % to
0.17% utilization with no users but myself. A Web Activity log from the
router shows me several URL connecting to IP addresses of any machine I
have on (7), some denoting programs from vendors or software I do not
or
not aware I have.
I realize some software use other peoples software and usually they ask
for permission to automatically update. Obviously some do not or I have
spies that are not being detected.
The only thing that stop the activity, is by turning off the internet
connection at the security software.
My questions are: 1] what is going on? (other than my own crazy
imagination), 2] How we find the source? 3] How do we stop this? (other
than disconnecting)
Much grateful for your interest, thanks.
Living animal is right!
Thanks for the return and could no agree with you more.
I do have multiple anti-spy software, but none are running resident. None
are full proof as they miss spyware, so if there are suspicions, one is
not
enough.
I Use only one firewall per machine, even as there the one in the router.
It
will certainly be nice if they were to fully work at the level of the
router, instead of at every single computer in a network. Sure, it is
possible to have a server and router and have all the network work through
that server, but unpractical in the wild.
A remote switch (even by software) that could disconnect from the internet
at the level of the router could be helpful, instead of those present at
the
computer firewall, essentially interrupting the network. But impractical
as
can be imagine, if one on each net computer.
Never mind dreaming

What I would like to find is a software or procedure which could detect
and
identify those intruders in order to deactivate them. The router log tells
you were they are connecting, but not who originate the connection.

Is there such a thing?
Click to expand...
Roland,

The best way to protect yourself is with robust, well maintained layered
security. A personal firewall on each computer, and the NAT process in
the
router (which may or may not include a firewall) are good layers.
Anti-trojan
and anti-virus protection is essential too. And the most essential layer
is
you.
<http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
Click to expand...
Click to expand...

Here's a solution, but it's a bit of a pain to set up and use. Assuming
your set up is something like this:

router <--> Switch <--> individual computers

You can set up a network sniffer (I'd recommend Wireshark) in the
network to monitor all of the traffic like this:

router <--> hub <--> switch <--> individual computers

The hard part is going to be getting a true hub. Hubs echo all of the
traffic received from any host to ALL hosts. This would allow you to
monitor all of the traffic going to the router. If you can get a hub
with sufficient speed and available ports to meet needs you could
replace the switch with the hub until you are finished with your
examination of the traffic.

If you can't get a true hub, you could use instead a tap that will act
like a 2 port hub.

If you have a higher end switch, you can set up port mirroring so that
the switch sends all of the traffic to your sniffer.

Reading sniffer traffic can be painful because of the detail, but I
suspect you're up to it.

Dennis
 
Thanks, I will try that.
Cheers

Dennis Dow said:
Agree
I already do what you recommend, but my question is about something going
OUT of my computers. All our protection is for outside treats.
Paranoia is helpful taking care of patients and problems.
Cheers


Chuck said:
On Mon, 11 Feb 2008 19:39:17 -0600, "Rolando E Creagh, MD FACS"

Hi
A computer connected to the Internet is like a ""living animal"" and
there
is always some kind of Network activity generates by various
processes.
Using more than One Firewall, One Antivirus, and One Anti-Adware
programs
is a mistake. It does not add security and eventually it would
destabilize
the TCP/IP Stack (it also part of the idle network activity).
Read this page it might clarify some of the issue involved,
http://www.ezlan.net/firewall.html
Jack (MVP-Networking).

Forgive me for the double posting, but I am not sure to whom should I
addressee this problem. Perhaps is only paranoia. Hoping that someone
might read my long winded story and perhaps assist me with this
situation.
I have noticed at some idle times, that the network, local area
and/or
wireless connections icons lights are on, and there is traffic of
packets. This is at times when I am not using neither the browser nor
the
mail agent. With the only exception of the antivirus (Trend Micro)
update
set automatic every 12 hours, I do not have knowingly any automatic
downloads or updating set, only the antivirus. I abhor the idea. I
have
no viruses or malware, having scan several times, even with 3
different
anti-adware programs. Task manager does not show me any significant
activity in processes, but in networking I can see about a 0.15 % to
0.17% utilization with no users but myself. A Web Activity log from
the
router shows me several URL connecting to IP addresses of any machine
I
have on (7), some denoting programs from vendors or software I do not
or
not aware I have.
I realize some software use other peoples software and usually they
ask
for permission to automatically update. Obviously some do not or I
have
spies that are not being detected.
The only thing that stop the activity, is by turning off the internet
connection at the security software.
My questions are: 1] what is going on? (other than my own crazy
imagination), 2] How we find the source? 3] How do we stop this?
(other
than disconnecting)
Much grateful for your interest, thanks.
Living animal is right!
Thanks for the return and could no agree with you more.
I do have multiple anti-spy software, but none are running resident.
None
are full proof as they miss spyware, so if there are suspicions, one is
not
enough.
I Use only one firewall per machine, even as there the one in the
router.
It
will certainly be nice if they were to fully work at the level of the
router, instead of at every single computer in a network. Sure, it is
possible to have a server and router and have all the network work
through
that server, but unpractical in the wild.
A remote switch (even by software) that could disconnect from the
internet
at the level of the router could be helpful, instead of those present
at
the
computer firewall, essentially interrupting the network. But
impractical
as
can be imagine, if one on each net computer.
Never mind dreaming

What I would like to find is a software or procedure which could detect
and
identify those intruders in order to deactivate them. The router log
tells
you were they are connecting, but not who originate the connection.

Is there such a thing?
Roland,

The best way to protect yourself is with robust, well maintained layered
security. A personal firewall on each computer, and the NAT process in
the
router (which may or may not include a firewall) are good layers.
Anti-trojan
and anti-virus protection is essential too. And the most essential
layer
is
you.
<http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
Click to expand...
Click to expand...

Here's a solution, but it's a bit of a pain to set up and use. Assuming
your set up is something like this:

router <--> Switch <--> individual computers

You can set up a network sniffer (I'd recommend Wireshark) in the
network to monitor all of the traffic like this:

router <--> hub <--> switch <--> individual computers

The hard part is going to be getting a true hub. Hubs echo all of the
traffic received from any host to ALL hosts. This would allow you to
monitor all of the traffic going to the router. If you can get a hub
with sufficient speed and available ports to meet needs you could
replace the switch with the hub until you are finished with your
examination of the traffic.

If you can't get a true hub, you could use instead a tap that will act
like a 2 port hub.

If you have a higher end switch, you can set up port mirroring so that
the switch sends all of the traffic to your sniffer.

Reading sniffer traffic can be painful because of the detail, but I
suspect you're up to it.

Dennis
Click to expand...
 
Thanks, I will try that.
Cheers
Click to expand...

I don't think you need to try that. What hasn't really been addressed
here, beyond the first response, is the fact that the blinking LEDs
you see on routers, switches, and your cable modem DO NOT MEAN THAT
YOU'RE INFECTED WITH MALWARE OR THAT YOU'RE UNDER ATTACK FROM HACKERS.
Rather, as Jack said in the first response, "A computer connected to
the Internet is like a "living animal" and there is always some kind
of Network activity generated by various processes." You've taken
every precaution that we all are advised to take, and you are properly
protected. It's >99.9% certain that nothing is going wrong.
I don't agree with you that paranoia is good for treating patients or
tending computers (I'm a physician, too). Constant attention,
vigilance, and caution are called for in both cases, but paranoia is
IRRATIONAL fear and can get you, your patient, and your computer in
trouble. You were vigilant in noticing the lights and cautious in
asking for advice. UNLESS you have SOME evidence that something's
wrong with your computer or LAN, to employ sniffers at this point
would be indulging paranoia -- a waste of your precious time.

Ron
Dennis Dow said:
Agree
I already do what you recommend, but my question is about something going
OUT of my computers. All our protection is for outside treats.
Paranoia is helpful taking care of patients and problems.
Cheers


On Mon, 11 Feb 2008 19:39:17 -0600, "Rolando E Creagh, MD FACS"

Hi
A computer connected to the Internet is like a ""living animal"" and
there
is always some kind of Network activity generates by various
processes.
Using more than One Firewall, One Antivirus, and One Anti-Adware
programs
is a mistake. It does not add security and eventually it would
destabilize
the TCP/IP Stack (it also part of the idle network activity).
Read this page it might clarify some of the issue involved,
http://www.ezlan.net/firewall.html
Jack (MVP-Networking).

Forgive me for the double posting, but I am not sure to whom should I
addressee this problem. Perhaps is only paranoia. Hoping that someone
might read my long winded story and perhaps assist me with this
situation.
I have noticed at some idle times, that the network, local area
and/or
wireless connections icons lights are on, and there is traffic of
packets. This is at times when I am not using neither the browser nor
the
mail agent. With the only exception of the antivirus (Trend Micro)
update
set automatic every 12 hours, I do not have knowingly any automatic
downloads or updating set, only the antivirus. I abhor the idea. I
have
no viruses or malware, having scan several times, even with 3
different
anti-adware programs. Task manager does not show me any significant
activity in processes, but in networking I can see about a 0.15 % to
0.17% utilization with no users but myself. A Web Activity log from
the
router shows me several URL connecting to IP addresses of any machine
I
have on (7), some denoting programs from vendors or software I do not
or
not aware I have.
I realize some software use other peoples software and usually they
ask
for permission to automatically update. Obviously some do not or I
have
spies that are not being detected.
The only thing that stop the activity, is by turning off the internet
connection at the security software.
My questions are: 1] what is going on? (other than my own crazy
imagination), 2] How we find the source? 3] How do we stop this?
(other
than disconnecting)
Much grateful for your interest, thanks.
Living animal is right!
Thanks for the return and could no agree with you more.
I do have multiple anti-spy software, but none are running resident.
None
are full proof as they miss spyware, so if there are suspicions, one is
not
enough.
I Use only one firewall per machine, even as there the one in the
router.
It
will certainly be nice if they were to fully work at the level of the
router, instead of at every single computer in a network. Sure, it is
possible to have a server and router and have all the network work
through
that server, but unpractical in the wild.
A remote switch (even by software) that could disconnect from the
internet
at the level of the router could be helpful, instead of those present
at
the
computer firewall, essentially interrupting the network. But
impractical
as
can be imagine, if one on each net computer.
Never mind dreaming

What I would like to find is a software or procedure which could detect
and
identify those intruders in order to deactivate them. The router log
tells
you were they are connecting, but not who originate the connection.

Is there such a thing?
Roland,

The best way to protect yourself is with robust, well maintained layered
security. A personal firewall on each computer, and the NAT process in
the
router (which may or may not include a firewall) are good layers.
Anti-trojan
and anti-virus protection is essential too. And the most essential
layer
is
you.
<http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
Click to expand...

Here's a solution, but it's a bit of a pain to set up and use. Assuming
your set up is something like this:

router <--> Switch <--> individual computers

You can set up a network sniffer (I'd recommend Wireshark) in the
network to monitor all of the traffic like this:

router <--> hub <--> switch <--> individual computers

The hard part is going to be getting a true hub. Hubs echo all of the
traffic received from any host to ALL hosts. This would allow you to
monitor all of the traffic going to the router. If you can get a hub
with sufficient speed and available ports to meet needs you could
replace the switch with the hub until you are finished with your
examination of the traffic.

If you can't get a true hub, you could use instead a tap that will act
like a 2 port hub.

If you have a higher end switch, you can set up port mirroring so that
the switch sends all of the traffic to your sniffer.

Reading sniffer traffic can be painful because of the detail, but I
suspect you're up to it.

Dennis
Click to expand...
Click to expand...
 
Back
Top