Unknown traffic on my broadband? 1

[Ersbygubben]

I run Win2000Pro and have my computer online all the time. One day when surfing the net, I noticed that there was constant traffick on my line. Thought it was some automatic updating of my virusprotection or the like, but it kept on for quite a time and then I checked my communication and it said something like 25 Mb going coming in and almost the same going out. Nothing anywhere in my computer said what or who or where this traffick went. Nothing left in my machine after I broke the connection just to see if I could find out what it was. Anyone know what it could have been.

 

[jrbarnett]

Hi,

If traffic is going out as well as in, I would check your machine with a spyware/adware scanner in case it is being used for relaying data, or as an unwilling p2p network host.
25Mb is a lot for email, so I don't think it is being used as a mail relay (besides, you would need a mail server running on it).

I can recommend Kerio personal firewall for Win2K use - it works great if you don't already have a firewall. It will let you see exactly what comes in and only allow applications to connect that you want. Visit

http://www.kerio.com

for details.

John

 

[ntwrkadmn]

Any reason your not behind a router. Provides excellent protection. I just bought a Linksys for $50 with a $10 rebate. Would eliminate what jrbarnett mentioned above - offcourse that's if there is spyware and you remove it first.

 

[bcastner]

I have noticed a lot of odd ICMP traffic in the last month, and asked in the TCP-IP Forum. Many others have seen the same result.

There was a piece this week (I forget where) where a test last month showed:

. In the second week of August, a machine without a firwall would become infected by the MSBLAST or "Blaster" infection within 36 seconds at large sites;

. On average, it would take an unprotected machine with just internet access to become infected with MSBLAST, Welchavia, Klez, Goodluv, or W32 variants in 2.5 minutes with a connection to a large ISP.

 

[mattjurado]

Yes, just get a linksys, block that traffic out, then scrub your machine of viruses and spyware.

Matt J.

 

[bcastner]

At least NAT somehow. I was quite impressed that blaster and other things did not do NAT traversal.

Now if someone opens an email attachment.... But even with the spate of recent email worms even the worse seem relatively benign on traffic for your LAN NAT private IPs.

 

[Ersbygubben]

Thanks everyone for good suggestions. I am behind Symantechs firewall that should take care of unwanted traffic. And I don't think I have any viruses lurking in my machine and I frequently use the Spybot to get rid of any spywares (very seldom any of those get into my PC). So it's still a mystery. So far I have not noticed any harm done to my PC, so I think I will sleep well for the time beeing.

 

[ntwrkadmn]

Go to the cmd prompt and type netstat. This will display a list of computers connected to your computer, the protocol being used, what port their using and your using, and the status of the connection. This will help pin point if someone is using your computer as a relay.

 

[ntwrkadmn]

You could also use the net use commands to disable connections your unfamiluar with and see if the bandwidth drops off. I would imagine you'll learn allot with the name of the computers listed after running the netstat command.