Spyware and other unwanted net access
-
Anybody know of any cheap or free apps that will tell me exactly what ips and sites may internet connection is accessing. I'm looking for something to log exactly what my server is talking to. Partly to determine if I've got any spyware installed and what it might be sending. Any suggestions for books or articles which would help me in learning more about tcp/ip communications. I'd quiet like to have a go at writing an app similar to what I described. cheers, Michael :-)
Try AD_Aware. It won't tell the IP and the sites..But it will tell you what apps installed in your system which are Spyware. http://www.lavasoftUSA.com :cool: Kant
-
Try AD_Aware. It won't tell the IP and the sites..But it will tell you what apps installed in your system which are Spyware. http://www.lavasoftUSA.com :cool: Kant
Thanks. I'll have a look at that. I'm also curious to know what else is using me internet connection because according to my dial up connection properties, I seem to be uploading a lot of data. My server is running Exchange 2000 and I'm wondering if it is that which is making too many requests to my smtp server. cheers, Michael :-)
-
Anybody know of any cheap or free apps that will tell me exactly what ips and sites may internet connection is accessing. I'm looking for something to log exactly what my server is talking to. Partly to determine if I've got any spyware installed and what it might be sending. Any suggestions for books or articles which would help me in learning more about tcp/ip communications. I'd quiet like to have a go at writing an app similar to what I described. cheers, Michael :-)
-
Thanks for the links. They both look like they'll be useful, cheers, Michael :-)
-
Anybody know of any cheap or free apps that will tell me exactly what ips and sites may internet connection is accessing. I'm looking for something to log exactly what my server is talking to. Partly to determine if I've got any spyware installed and what it might be sending. Any suggestions for books or articles which would help me in learning more about tcp/ip communications. I'd quiet like to have a go at writing an app similar to what I described. cheers, Michael :-)
Your situation sounds familiar to me! you see you are uploading tons of data while you can't figure why!? even if you disable all your LAN connections you will notice that it won't stop!! Try it. If you got this situation, then one of the spamers is using your server for emails relying, hence the continuous sending of data won't stop. Relaying can be disabled by 2 methods.. 1- disable the SMTP service (if you don’t have exchange) 2- Configure your exchange server to stop relaying Check this: http://www.microsoft.com/technet/security/bulletin/ms01-037.asp Hope that helps // RM
-
Anybody know of any cheap or free apps that will tell me exactly what ips and sites may internet connection is accessing. I'm looking for something to log exactly what my server is talking to. Partly to determine if I've got any spyware installed and what it might be sending. Any suggestions for books or articles which would help me in learning more about tcp/ip communications. I'd quiet like to have a go at writing an app similar to what I described. cheers, Michael :-)
If you don't require a GUI app, you can always use the netstat.exe. Try netstat /? for help. netstat -n to get ips. If you need a log file, you could try a batch file like this: @echo off :loop netstat -n|find ":" >>log.txt sleep 30000 goto loop Of course, you'll have to create a utility named 'sleep', that takes one command line parameter (milliseconds) and calls the WINAPI Sleep(theparam). Not the best solution but it works ;)
-
If you don't require a GUI app, you can always use the netstat.exe. Try netstat /? for help. netstat -n to get ips. If you need a log file, you could try a batch file like this: @echo off :loop netstat -n|find ":" >>log.txt sleep 30000 goto loop Of course, you'll have to create a utility named 'sleep', that takes one command line parameter (milliseconds) and calls the WINAPI Sleep(theparam). Not the best solution but it works ;)
-
Anybody know of any cheap or free apps that will tell me exactly what ips and sites may internet connection is accessing. I'm looking for something to log exactly what my server is talking to. Partly to determine if I've got any spyware installed and what it might be sending. Any suggestions for books or articles which would help me in learning more about tcp/ip communications. I'd quiet like to have a go at writing an app similar to what I described. cheers, Michael :-)
at the command prompt: netstat -an 5 will update a list of active IP connections every 5 seconds. You will find the worst offenders to be: a) real audio b) all IM apps --- cdr@encapsule.com http://www.encapsule.com novus ordo seclorum
-
Anybody know of any cheap or free apps that will tell me exactly what ips and sites may internet connection is accessing. I'm looking for something to log exactly what my server is talking to. Partly to determine if I've got any spyware installed and what it might be sending. Any suggestions for books or articles which would help me in learning more about tcp/ip communications. I'd quiet like to have a go at writing an app similar to what I described. cheers, Michael :-)
Get ZoneAlarm from ZoneLabs (www.zonelabs.com). They have a superb free firewall, so you can know exactly what is accessing your connection and when. ________________________ http://www.webreaper.net
-
Get ZoneAlarm from ZoneLabs (www.zonelabs.com). They have a superb free firewall, so you can know exactly what is accessing your connection and when. ________________________ http://www.webreaper.net
Learning about such things is critical to surviving the internet experience. Your best starting point is at grc.com. He has a LOT of stuff on spyware, trojans, firewalls, and the like along with a number of utilities to make preliminary tests on your machine. A real eye opener! And I heartily second the endorsement for ZoneAlarm!
-
Learning about such things is critical to surviving the internet experience. Your best starting point is at grc.com. He has a LOT of stuff on spyware, trojans, firewalls, and the like along with a number of utilities to make preliminary tests on your machine. A real eye opener! And I heartily second the endorsement for ZoneAlarm!
I use ZoneAlarm at home, and recently I've seen my cable modem flashing the activity light while I'm doing nothing -- even when ZoneAlarm has all internet activity locked down. ZoneAlaram doesn't know what's going on there, and turning off my computer (modem stays on) stops the activity. Does anyone know of a way to figure this out (and prevent it)?
-
at the command prompt: netstat -an 5 will update a list of active IP connections every 5 seconds. You will find the worst offenders to be: a) real audio b) all IM apps --- cdr@encapsule.com http://www.encapsule.com novus ordo seclorum
b) all IM apps he he he,, i got into the habit of leaving icq on at work (where most ppl don't have unrestricted net access), in one month i built up 39mb of log files,, more than a quarter of the organizations log data was mine!! in an organization of 3000 users, ;P needless to say, the network security guys were annoyed with me... icq was like 90% of the traffic... -John
-
I use ZoneAlarm at home, and recently I've seen my cable modem flashing the activity light while I'm doing nothing -- even when ZoneAlarm has all internet activity locked down. ZoneAlaram doesn't know what's going on there, and turning off my computer (modem stays on) stops the activity. Does anyone know of a way to figure this out (and prevent it)?
Could it be that you have ZoneAlarm's auto-check-for-updates enabled? Don't think so but who knows... :)
-
Could it be that you have ZoneAlarm's auto-check-for-updates enabled? Don't think so but who knows... :)
I finally looked at things really hard last night. As far as the computer was concerned, nothing was going on, but the cable modem's activity light was still blinking rather consistently. So, I did another test. I rebooted the computer, and during the whole process, I watched the activity light. It kept on going just as strong as it was before -- even during the system wake-up before the boot even begins. Not knowing for sure how cable modem systems work, I'm of the impression that they are similar to etherlink networks where the card flashes the activity light even when the message is for some other computer. Apparently I had been the only one on our cable segment for a while, and when some other people started using it, the behaviour of our activity light changed. :confused: John