Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Firewall picking up regular, unknown activity from 1 machine on netwrk

Status
Not open for further replies.
bankboysb

bankboysb

Technical User
Jun 7, 2004
121
US
I have one machine on my LAN that continually attempts to reach another box in an unusual way. Both machines are running XP Pro, the target machine has Sygate firewall, the source machine is not firewalled. All machines are behind a security router (Netgear RO318) on a DSL connection.

The source machine is trying to contact the target at approx. 5 minute intervals. Every time the target refuses the contact (stopped at the firewall) the source machine moves the attempt to contact upwards by one port number. It tends to start at around port 3040 and climbs upward in increments of one port. It never leaves the range of 3040-39xx.

This is very suspicious to me, I am concerned there is a keylogger or variant on the source machine. All virus scans have been negative, spyware is removed weekly.

Anyone have any idea what this is?
 
Sort by date Sort by votes
Oh yeah, I am very familiar with it. That's probably a good idea. The thing that bothers me the most is that the port numbers being used keep changing. I have never seen this before.
 
Upvote 0 Downvote
Hi

Ports changing is a very common things with P2P apps.

For example skype, which allows to talk (like voip) using the net, starts at a port, if that one is firewalled, then in tries another one, till it succeds in stableshing a conecction.

Ports changing generally means 2 things:
A port Scan,
A P2P app, trying to bypass your firewall.
Spyware?

Something else you can try is to set a personal firewall in the "suspicious machine", one that provides application control, that way, the firewall will tell you which application is trying to connect. Then you can look the name of the app in the net.

Very good Luck!

Kio91

"Bitter winter, not a leaf left to fall"
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

H
  • Question
Call Pilot 100 - # of times the phone rings before answering machine picks up
Replies
0
Views
602
Huron Oaks
H
sara1995
  • Locked
  • Question
IDS vs Firewall vs WAF for protect website against dos attacks
Replies
1
Views
351
mattKnight
mattKnight
DrB0b
  • Locked
  • Question
Kepping up to date with Windows Update
Replies
0
Views
198
DrB0b
DrB0b
gale winds
  • Locked
  • Question
Disputing call volume on hack
Replies
0
Views
260
gale winds
gale winds
gale winds
  • Locked
  • Question
Call Volumes on PBX hack seem impossible
Replies
0
Views
235
gale winds
gale winds

Part and Inventory Search

Sponsor

Back
Top