General discussion

  • Creator
    Topic
  • #2344593

    Network Traffic

    Locked

    by milesrrs

    Hi
    im running w2k server on a small home network, and using a dial up connection for the net….recently, i have noticed that everytime i dial up to the net there seems to be constantly data being sent out on the modem. I have currently been connected to the net for 10 minuts and have sent nearly 5Mb out, even though i havent sent virtually anything. i have run Norton Anti virus and it has not picked anything up, but there is something sending data….any ideas on how to track it down

    thanks

    Adrian

All Comments

  • Author
    Replies
    • #3722365

      Network Traffic

      by raffi_

      In reply to Network Traffic

      It could be a lot of things. 馃槓

      I suggest that you install a firewall and port monitor suh as this one:

      http://www.sygate.com/products/shield_ov.htm

      Please do make sure that your server has ALL of the latest seurity patches from MS. Havingthe Code Red worm for instance would cause your network to exhibit this behaviour.

      Regards
      Raffi_

      • #3554848

        Network Traffic

        by milesrrs

        In reply to Network Traffic

        The question was auto-closed by TechRepublic

    • #3722363

      Network Traffic

      by gmscne

      In reply to Network Traffic

      ZoneAlarm will tell you what programs are attempting to communicate with the Internet. You can let a program have this access or you can say no access for the program. It will prompt you for permission on each program trying to communicate. You needto find out what is sending out all this data. It could be spyware. Windows media player 8 and realplayer 8 are such programs.

      • #3554888

        Network Traffic

        by milesrrs

        In reply to Network Traffic

        The question was auto-closed by TechRepublic

    • #3722339

      Network Traffic

      by Anonymous

      In reply to Network Traffic

      You might want to go to symantec.com and get the most current upgrade or run some of their worm detection programs. Denial of Service viruses work by running a program on your machine that will send out data to a target computer, when you have a fewthousand machines sending data to the same PC the bandwidth goes away fast.

      Hope this helps

      • #3722336

        Network Traffic

        by Anonymous

        In reply to Network Traffic

        By the way, I agree with Raffi, since you are running the server version you should check your system for Code Red and symentec’s site has a program that will check for Code Red. Also, unless you have a brand new update (within the last couple of weeks) for your virus checker it probably will not detect Code Red.

      • #3554849

        Network Traffic

        by milesrrs

        In reply to Network Traffic

        The question was auto-closed by TechRepublic

    • #3722305

      Network Traffic

      by agustin.rodriguez

      In reply to Network Traffic

      Adrian: since you are running win2k server you should probably make sure that you file and print services anre not utilized trought the modem by disabling the on the bindings also In addition to that I would go to grc.com to do a scan of open portsand see what services you are running that are exposed to the internet. Using the software firewall is also a great idea but it is more likely the Active direcotory bradcasts that are been send out to the internet if you do not check the binding forthe modem. If you really want to make sure no bradcasts go out I would only bind the TCP protocol to the internet connection and nothing more.

      Agustin M. Rodriguez, MCSE

      • #3554889

        Network Traffic

        by milesrrs

        In reply to Network Traffic

        The question was auto-closed by TechRepublic

    • #3722247

      Network Traffic

      by mcmunt

      In reply to Network Traffic

      If all the above don’t find much, then you might want to install a traffic analyser like Network Monitor. At least then you’ll be able to see where all that data is going to in the form of an IP address. 5MB does seem a lot though and is reason for concern

      • #3554890

        Network Traffic

        by milesrrs

        In reply to Network Traffic

        The question was auto-closed by TechRepublic

    • #3720657

      Network Traffic

      by it tech

      In reply to Network Traffic

      As mentioned in other posts you more that likely have a worm or trojan on your system. Instll zonealarm or another firewall product. Zonealarm will ask you if you will allow an application to access the internet. Even Internet Explorer the first time you use it. So when either the worm or trojan goes to access the internet you will get a popup asking if you want to allow. At least this way you will know what apps are accessing the I-net. I was hit with sub7 at one time a easy to use hack program that will install a trojan on target machine allowing the hacker access to the machine. Hope this helps ya some. Have a good day.

      • #3554891

        Network Traffic

        by milesrrs

        In reply to Network Traffic

        The question was auto-closed by TechRepublic

    • #3554847

      Network Traffic

      by milesrrs

      In reply to Network Traffic

      This question was auto closed due to inactivity

Viewing 6 reply threads