Results 1 to 3 of 3
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    New York
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have a PC on my local network that is generating pages of log file entries in my firewall (Smoothwall Express).
    Whenever either browser is running (IE8 or Firefox 3.6) the firewall log starts logging the following:

    08:53:07 eth0 eth1 TCP 192.168.1.6 port 1054 to 199.7.59.74 port 43(NICNAME)
    08:53:07 eth0 eth1 TCP 192.168.1.6 port 1055 to 199.212.0.47 port 43(NICNAME)
    08:53:10 eth0 eth1 TCP 192.168.1.6 port 1054 to 199.7.59.74 port 43(NICNAME)
    08:53:10 eth0 eth1 TCP 192.168.1.6 port 1055 to 199.212.0.47 port 43(NICNAME)
    08:53:16 eth0 eth1 TCP 192.168.1.6 port 1054 to 199.7.59.74 port 43(NICNAME)
    08:53:16 eth0 eth1 TCP 192.168.1.6 port 1055 to 199.212.0.47 port 43(NICNAME)
    08:53:17 eth0 eth1 TCP 192.168.1.6 port 1088 to 199.7.59.74 port 43(NICNAME)
    etc. The source port just keeps incrementing.

    These attempts are being blocked but it looks like something is trying to phone home.
    AVG9 and Spybot S&D turn up nothing.
    Any ideas on tracking down the culprit / cleaning the system?

    Thanks

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Those addresses are associated with Verisign and ARIN, and use the port for whois queries. I have no idea what process might be generating that traffic.

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    New York
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yes, I did a Whois on those addresses.
    Any suggestions on tools I can use to track down the process?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •