PDA

View Full Version : Spying Connection?



HelpMe
09-07-2003, 01:16 PM
It's some months I notice a strange connection on my port 80 (I usually monitor my ports with Ip-Tools). It changes from 2**.*2.*2.*0* to 2**.*2.*2.*05 (passing quite randomly through *02, *0*, *04) and it is sometimes in SYN SENT or TIME WAIT phase, rarely in ESTABLISHED phase. I scanned it in various ways but I coludn't find anything useful for proper identification. Please help me with all the info you can provide, I'd be very grateful! (I already tried SuperScan and CentralOps).

fEš·.·šEr
09-08-2003, 09:17 AM
Originally posted by HelpMe
It's some months I notice a strange connection on my port 80 (I usually monitor my ports with Ip-Tools). It changes from 2**.*2.*2.*0* to 2**.*2.*2.*05 (passing quite randomly through *02, *0*, *04) and it is sometimes in SYN SENT or TIME WAIT phase, rarely in ESTABLISHED phase. I scanned it in various ways but I coludn't find anything useful for proper identification. Please help me with all the info you can provide, I'd be very grateful! (I already tried SuperScan and CentralOps).
=======================================


Hi

I have the impression that it's NOT a connection on your port 80, it is rather an outgoing to 2**.*2.*2.*0*:80
As a matter of fact, unless you are running your own http server, there will be NO possible connections on your port 80.
From the other hand, the IP range 2**.*2.*2.*0* till 2**.*2.*2.*05 belongs to a site in Milano/Italy.
I think that you have installed some kind of software that is trying to find an auto-update etc..

Anyways, this is the software that you need, nothing else
http://www.ntutility.com/freeware.html
works only for W2k, WinXP.
Download "active ports" and see which application is behind this traffic, then you will decide to keep the suspected application or delete it.


fEš·.·šEr
__________________________
http://fmk.virtualave.net/*6crypt

HelpMe
09-19-2003, 12:14 PM
I need some more help on the subject: "Spying connection?". Please.

DATA
09-20-2003, 06:45 AM
hi,

try google,if you can be a little more specific we may be able to help you.

Regards Data.

HelpMe
10-01-2003, 10:00 AM
Thanks Data. I'll be more specific. I've just discovered that the connection on port 80 begins when I use the Digiland chat (http://digipeople.iol.it/chat_new.php). It rarely establishes, usually it remains in TIME WAIT status. It changes from 2**.*2.*2.*0* to 2**.*2.*2.*05, passing trough *02, *0*, *04 quite randomly, in the same period of time. These may be the 5 Digiland servers, they change depending on availability. The strange thing is that the connection is present even when I don't open Digiland chat for weeks. Maybe a javascript is downloaded on my pc the first time I have access to Digiland and then causes this? I think this is an interesting topic! Replies?

DATA
10-01-2003, 10:48 AM
HI,

Ditto as Fever said. Install a firewall,set it to paranoid and keep watch of your outgoing connections.

Regards Data.

Unregistered
10-02-2003, 04:39 AM
Umm try opening your chat program and then going to options and unchecking load at start-up. If theres no option, look in the windows start-up folder and move or delete the item. If that don't work go into your windows reg and delete the item from the run or run services key.