Unexplained outbound UDP traffic in firewall log

Discussion in 'Computer Security' started by GreenMonkey, Jan 23, 2004.

  1. GreenMonkey

    GreenMonkey Guest

    I've recently noticed in my Kerio 4.0 Network log messages indicating
    MS File and Printer Sharing is attempting to send UDP traffic outbound
    every 20 seconds or so from my Win98 PC DSL connection to various IP
    addresses. A whois lookup on a sample of the various IP addresses in
    the log turns up telco's and communication companies (presumably ISPs)
    worldwide, e.g. US, Brazil, Turkey etc.

    I've run a virus scan (AVG) with an up to date deffinition file and
    Spybot and ad-aware as well. The virus scan turned up nothing. Spybot
    and ad-aware both had some hits on the usual type of spyware which I
    deleted and then restarted the PC. This had no effect. I have been
    running for some time now with MS file and print sharing NOT bound to
    the NIC or to PPPOE. I did download Kazaa some time ago but haven't
    used it in ages and it is not configured to start at bootup. When I
    check the task list for running programs, I don't see anything unusual
    in the task list that shouldn't be there.

    I have only one network connection which is the connection to my DSL
    modem.

    For the time being, I'm stopping the messages getting out with the
    firewall. However if anyone has any idea what might be causing this
    and suggestions for getting it to stop, I'd be very appreciative.

    Here's a sample line from the Firewall log og.

    1841 1 22/Jan2004 13:40:04 N/A Microsoft File and Printer Sharing ->
    Out E1H3E0:nbs 200.46.57.218:nbname UDP denied.

    Thanks
    GreenMonkey, Jan 23, 2004
    #1
    1. Advertising

  2. GreenMonkey

    kulm_nd Guest

    Some worms disable anti-virus and firewall software thus making them
    ineffective when you think they are working. Have you thought about
    reinstalling everything after a complete wipe?

    --

    ************************************************

    g-w


    "GreenMonkey" <> wrote in message
    news:...
    > I've recently noticed in my Kerio 4.0 Network log messages indicating
    > MS File and Printer Sharing is attempting to send UDP traffic outbound
    > every 20 seconds or so from my Win98 PC DSL connection to various IP
    > addresses. A whois lookup on a sample of the various IP addresses in
    > the log turns up telco's and communication companies (presumably ISPs)
    > worldwide, e.g. US, Brazil, Turkey etc.
    >
    > I've run a virus scan (AVG) with an up to date deffinition file and
    > Spybot and ad-aware as well. The virus scan turned up nothing. Spybot
    > and ad-aware both had some hits on the usual type of spyware which I
    > deleted and then restarted the PC. This had no effect. I have been
    > running for some time now with MS file and print sharing NOT bound to
    > the NIC or to PPPOE. I did download Kazaa some time ago but haven't
    > used it in ages and it is not configured to start at bootup. When I
    > check the task list for running programs, I don't see anything unusual
    > in the task list that shouldn't be there.
    >
    > I have only one network connection which is the connection to my DSL
    > modem.
    >
    > For the time being, I'm stopping the messages getting out with the
    > firewall. However if anyone has any idea what might be causing this
    > and suggestions for getting it to stop, I'd be very appreciative.
    >
    > Here's a sample line from the Firewall log og.
    >
    > 1841 1 22/Jan2004 13:40:04 N/A Microsoft File and Printer Sharing ->
    > Out E1H3E0:nbs 200.46.57.218:nbname UDP denied.
    >
    > Thanks
    kulm_nd, Jan 23, 2004
    #2
    1. Advertising

  3. GreenMonkey

    GreenMonkey Guest

    Re unexplained outbound UDP traffic in firewall log

    It looks like the problem has been resolved by rerunning Ad-aware 6.0.
    with the latest deffinition file. I ran it a few minutes ago and this
    time it picked up 5 tracking cookies. After they were removed the
    messages in the log stopped. Thanks for taking the time to offer your
    sugestions. Fortunately it looks like a reinstall won't be necessary
    this time.

    ***********************************************

    >Some worms disable anti-virus and firewall software thus making them
    >ineffective when you think they are working. Have you thought about
    >reinstalling everything after a complete wipe?


    --

    ************************************************

    g-w


    "GreenMonkey" <> wrote in message
    news:...
    > I've recently noticed in my Kerio 4.0 Network log messages indicating
    > MS File and Printer Sharing is attempting to send UDP traffic outbound
    > every 20 seconds or so from my Win98 PC DSL connection to various IP
    > addresses. A whois lookup on a sample of the various IP addresses in
    > the log turns up telco's and communication companies (presumably ISPs)
    > worldwide, e.g. US, Brazil, Turkey etc.
    >
    > I've run a virus scan (AVG) with an up to date deffinition file and
    > Spybot and ad-aware as well. The virus scan turned up nothing. Spybot
    > and ad-aware both had some hits on the usual type of spyware which I
    > deleted and then restarted the PC. This had no effect. I have been
    > running for some time now with MS file and print sharing NOT bound to
    > the NIC or to PPPOE. I did download Kazaa some time ago but haven't
    > used it in ages and it is not configured to start at bootup. When I
    > check the task list for running programs, I don't see anything unusual
    > in the task list that shouldn't be there.
    >
    > I have only one network connection which is the connection to my DSL
    > modem.
    >
    > For the time being, I'm stopping the messages getting out with the
    > firewall. However if anyone has any idea what might be causing this
    > and suggestions for getting it to stop, I'd be very appreciative.
    >
    > Here's a sample line from the Firewall log og.
    >
    > 1841 1 22/Jan2004 13:40:04 N/A Microsoft File and Printer Sharing ->
    > Out E1H3E0:nbs 200.46.57.218:nbname UDP denied.
    >
    > Thanks

    Post a follow-up to this message
    GreenMonkey, Jan 23, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Garry Glendown
    Replies:
    1
    Views:
    6,349
    Oliver Kaufmann
    Dec 26, 2003
  2. Tom
    Replies:
    2
    Views:
    5,085
  3. Greg Barber

    Unexplained System Crashes

    Greg Barber, Jul 25, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    717
    Greg M
    Jul 27, 2003
  4. seymour butts

    unexplained shutdowns in xp

    seymour butts, Dec 12, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    482
    seymour butts
    Dec 15, 2003
  5. Jeff
    Replies:
    11
    Views:
    2,993
Loading...

Share This Page