Re: weird network activity

Discussion in 'Computer Security' started by Tony, Aug 23, 2003.

  1. Tony

    Tony Guest

    On Sun, 17 Aug 2003 14:18:57 -0400, Colonel Flagg
    <> wrote:

    >In article <>,
    >says...
    >>
    >>
    >> I'm using Win XP Pro and have Service Pack 2 and the latest critical
    >> updates installed.
    >>
    >> I'm using Zone Alarm Pro and AVG antivirus with the latest sig file
    >> and a
    >> hardware router to a cable modem to the internet
    >>
    >> After rebooting, explorer.exe (Version 6.00.2800.1221 (xpsp2)
    >> wants to connect to the local ip 127.0.0.1 Port 1060
    >>
    >> It also wants to connect to ip 230.255.255.250 Port 1900
    >>
    >> And sometimes also to ip 192.168.1.1 Port 5678
    >>
    >> Any ideas why it wants to do that?
    >>
    >>
    >> Tony
    >>
    >>
    >>

    >
    >
    >
    >What's the IP of the local machine? 192.168.1.1?
    >
    >127.0.0.1 is localhost, meaning, it's fine for it to connect to this
    >address for whatever reason. I would however seek to find out why it's
    >doing this and if this service is really needed. As for 230.255.255.250,
    >I have no idea right off the bat, looks like a subnet mask, not an IP.
    >
    >You can get a port monitor for XP to find out what services/applications
    >are connecting to particular ports. It's probably not a security
    >concern, but you may regain some system resources if the services aren't
    >needed and you can shut them down.


    Zone Alarm has the following info for 230.255.255.250

    239.255.255.250 is a multicast address

    The remote IP address associated with this alert is a multicast
    address. This is a special type of IP address used to identify a group
    of computers to which information is being sent.

    The standards for assigning multicast addresses are still being
    developed. The basic idea is that one multicast IP address, in the
    range 224.x.x.x - 239.x.x.x, can be used to designate a set of
    computers. The computers in the multicast could be on the same or
    different networks or subnets.

    A multicast address can only be used as a destination address. If a
    multicast address appears in an alert as a source address, it was
    probably forged in order to hide the identity of the sender.

    ----------------

    This started at the same time the 127.0.0.1 attempts started.
    I just went through all the services and disabled all not needed and
    previously checked the date of my explorer.exe file and it was not
    changed any time recently...

    I can block the attempts, but I don't like things happening on my PC
    that I don't know the reason for..

    I also ran the Microsoft Baseline Security Analyzer, and all appears
    well..

    I'm befuddled.

    Tony!
     
    Tony, Aug 23, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. WCH

    weird disk activity at startup

    WCH, Jul 8, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    667
    ┬░Mike┬░
    Jul 8, 2004
  2. Tony

    Re: weird network activity

    Tony, Aug 16, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    452
  3. Bit Twister

    Re: weird network activity

    Bit Twister, Aug 16, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    443
    Bit Twister
    Aug 16, 2003
  4. Jim Watt

    Re: weird network activity

    Jim Watt, Aug 16, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    463
    Jim Watt
    Aug 16, 2003
  5. Rubio

    Network activity monitor

    Rubio, Sep 15, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    518
    Rubio
    Sep 15, 2003
Loading...

Share This Page