|
Suspicious IP sent at Startup
I get a unknown IP message sent each time I start my computer.
Is there an application or some way that will allow me to associate the program on my computer with the momentary IP message sent from my computer at startup? Background/configuration: XP, Linksys Router Wallwatcher: I use Wallwatcher to monitor all IP activity at my Linksys router. Kerio Firewall: I also use Kerio firewall to block this IP each time, but at every startup a new IP message is sent from my computer. Each time I add the new IP address to the Firewall block, a new one is sent at the next startup. I have used Spybot to cleanse and also Norton scan every day. TCP View/Process Explore: I have used TCP View and Process Explore but I dont see how those help me track this momentary message. Is there an application or some way that will allow me to associate the program on my computer with the momentary IP message sent from my computer at startup? Any thoughts appreciated. |
Re: Suspicious IP sent at Startup
Now this is getting strange....
I figured out how to put a address range block in the firewall and I blocked the range of addressess assigned to the Amsterdam server. 80.0.0.0 - 80.255.255.255. The firewall is set to flag-announce attempts in this address range. Now here is the interesting part.......... When I open a received email in Outlook, I get IP sends (that are now blocked) to addresses in that range. Not all the emails...just some. I just have the email open. Im not even composing. the IP data is: Outlook, 80.67.66.70. port 80, TCP, local port 1970. What do you make of that? Sounds very weird to me. thanks for any inputs "dontb" <dontb@yahoo.com> wrote in message news:CtVHc.65064$rh.2384@okepread02... > I get a unknown IP message sent each time I start my computer. > Is there an application or some way that will allow me to associate the > program on my computer with the momentary IP message sent from my computer > at startup? > > Background/configuration: > XP, Linksys Router > Wallwatcher: I use Wallwatcher to monitor all IP activity at my Linksys > router. > Kerio Firewall: I also use Kerio firewall to block this IP each time, but > at every startup a new IP message is sent from my computer. > Each time I add the new IP address to the Firewall block, a new one is sent > at the next startup. > I have used Spybot to cleanse and also Norton scan every day. > > TCP View/Process Explore: I have used TCP View and Process Explore but I > dont see how those help me track this momentary message. > > Is there an application or some way that will allow me to associate the > program on my computer with the momentary IP message sent from my computer > at startup? > > Any thoughts appreciated. > > |
Re: Suspicious IP sent at Startup
I'd run some good antivirus software and some antispyware software...maybe
your PC has been compromised and is being used for spamming... "dontb" <dontb@yahoo.com> wrote in message news:rz%Hc.66202$rh.51553@okepread02... > Now this is getting strange.... > > I figured out how to put a address range block in the firewall and I blocked > the range of addressess assigned to the Amsterdam server. 80.0.0.0 - > 80.255.255.255. > > The firewall is set to flag-announce attempts in this address range. Now > here is the interesting part.......... > > When I open a received email in Outlook, I get IP sends (that are now > blocked) to addresses in that range. Not all the emails...just some. > > I just have the email open. Im not even composing. the IP data is: > Outlook, 80.67.66.70. port 80, TCP, local port 1970. > > What do you make of that? Sounds very weird to me. > > thanks for any inputs > "dontb" <dontb@yahoo.com> wrote in message > news:CtVHc.65064$rh.2384@okepread02... > > I get a unknown IP message sent each time I start my computer. > > Is there an application or some way that will allow me to associate the > > program on my computer with the momentary IP message sent from my computer > > at startup? > > > > Background/configuration: > > XP, Linksys Router > > Wallwatcher: I use Wallwatcher to monitor all IP activity at my Linksys > > router. > > Kerio Firewall: I also use Kerio firewall to block this IP each time, but > > at every startup a new IP message is sent from my computer. > > Each time I add the new IP address to the Firewall block, a new one is > sent > > at the next startup. > > I have used Spybot to cleanse and also Norton scan every day. > > > > TCP View/Process Explore: I have used TCP View and Process Explore but I > > dont see how those help me track this momentary message. > > > > Is there an application or some way that will allow me to associate the > > program on my computer with the momentary IP message sent from my computer > > at startup? > > > > Any thoughts appreciated. > > > > > > |
Re: Suspicious IP sent at Startup
Easy to explain,
Within an email is a call to a picture that sits on a web site. Common spammer trick as well, when spam is opened the email address is sent back to home to say that it has been verified. Derek On Sat, 10 Jul 2004 17:15:02 -0700, "dontb" <dontb@yahoo.com> wrote: >Now this is getting strange.... > >I figured out how to put a address range block in the firewall and I blocked >the range of addressess assigned to the Amsterdam server. 80.0.0.0 - >80.255.255.255. > >The firewall is set to flag-announce attempts in this address range. Now >here is the interesting part.......... > >When I open a received email in Outlook, I get IP sends (that are now >blocked) to addresses in that range. Not all the emails...just some. > >I just have the email open. Im not even composing. the IP data is: >Outlook, 80.67.66.70. port 80, TCP, local port 1970. > >What do you make of that? Sounds very weird to me. > >thanks for any inputs |
Re: Suspicious IP sent at Startup
dontb wrote:
> I get a unknown IP message sent each time I start my computer. > Is there an application or some way that will allow me to associate the > program on my computer with the momentary IP message sent from my computer > at startup? > > Background/configuration: > XP, Linksys Router > Wallwatcher: I use Wallwatcher to monitor all IP activity at my Linksys > router. > Kerio Firewall: I also use Kerio firewall to block this IP each time, but > at every startup a new IP message is sent from my computer. > Each time I add the new IP address to the Firewall block, a new one is sent > at the next startup. > I have used Spybot to cleanse and also Norton scan every day. > > TCP View/Process Explore: I have used TCP View and Process Explore but I > dont see how those help me track this momentary message. > > Is there an application or some way that will allow me to associate the > program on my computer with the momentary IP message sent from my computer > at startup? > > Any thoughts appreciated. Are you sure it's not just communication with the router. If you know what the IP address is then use WHOIS to find out where it is from. Check your startup files for anything unusual running, at what point in the startup procedure is the IP message being sent and do you know what the message contains. Use administrative tools in the control panel to view services that the system starts up while loading, anything unusual there? Try using spyware blaster and also bazooka as well, spyware blaster is a blocker program while bazooka found things that spybot didn't. Stuart |
| All times are GMT. The time now is 06:26 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.