Main Page 
PC Review
Forums
Newsgroups
Windows XP
Windows XP Security
Computer contacting wildernesskarnataka.org by itself
Forums
Newsgroups
Windows XP
Windows XP Security
Computer contacting wildernesskarnataka.org by itself
 |
Computer contacting wildernesskarnataka.org by itself |
|
|
Thread Tools | Rate Thread |
11-10-2003, 06:09 PM
|
#1 |
|
Guest
Posts: n/a
|
Computer contacting wildernesskarnataka.org by itself
I recently installed a squid transparent proxy on a firewall / gateway on my
small home network (2 computers and the router). I was watching the traffic monitored by the proxy and noticed that one of my XP Professional computers contacted www.wildernesskarnataka.org by itself. I was also watching the computer in question and there was no browser open but I watched the traffic as it occurred. To my knowledge, nobody in this house has visited that website until after I saw the traffic go through. I continued to monitor the traffic and noticed that about 2 hours later, it contacted the same website again. I have not yet determined what kind of a schedule it is on. I monitored it all night and this morning and have not noticed it contacting it again. After it happened the first time, I ran msconfig and removed several items in question from the startup and rebooted. It still happened about an hour after reboot. I have also ran adaware and spybot (with current updates) and have found nothing of significance. My big question is how can I find out what program or process is contacting this website. Is there something I can set up in XP to monitor what programs are initiating contact to other sites without my consent? Here is the traffic that my proxy server logged: 484 OPTIONS http://www.wildernesskarnataka.org/ - DIRECT/202.71.129.55 - 1065836905.593 1169 voyager2 TCP_MISS/207 1104 PROPFIND http://www.wildernesskarnataka.org/WL-DOWNLOADS - DIRECT/202.71.129.55 text/xml 1065836907.257 1663 voyager2 TCP_MISS/207 1104 PROPFIND http://www.wildernesskarnataka.org/WL-DOWNLOADS - DIRECT/202.71.129.55 text/xml 1065836937.659 2107 voyager2 TCP_MISS/207 1104 PROPFIND http://www.wildernesskarnataka.org/WL-DOWNLOADS - DIRECT/202.71.129.55 text/xml 1065836938.950 1675 voyager2 TCP_MISS/207 1104 PROPFIND http://www.wildernesskarnataka.org/WL-DOWNLOADS - DIRECT/202.71.129.55 text/xml 1065836939.534 1113 voyager2 TCP_MISS/207 1104 PROPFIND http://www.wildernesskarnataka.org/wl-downloads - DIRECT/202.71.129.55 text/xml 1065836940.642 1106 voyager2 TCP_MISS/207 1104 PROPFIND http://www.wildernesskarnataka.org/wl-downloads - DIRECT/202.71.129.55 text/xml 1065836941.274 592 voyager2 TCP_MISS/404 777 PROPFIND http://www.wildernesskarnataka.org/...ads/Desktop.ini - DIRECT/202 ..71.129.55 text/html If anyone has any ideas, I would appreciate it. Thanks, Rod Miller |
|
|
12-10-2003, 01:56 AM
|
#2 |
|
Guest
Posts: n/a
|
Re: Computer contacting wildernesskarnataka.org by itself
On Sat, 11 Oct 2003 16:09:36 GMT, "Rod Miller"
<thelan_NO_SPAM_man@NO_SPAM_cox.net> wrote: >I recently installed a squid transparent proxy on a firewall / gateway on my >small home network (2 computers and the router). I was watching the traffic >monitored by the proxy and noticed that one of my XP Professional computers >contacted www.wildernesskarnataka.org by itself. I was also watching the >computer in question and there was no browser open but I watched the traffic >as it occurred. To my knowledge, nobody in this house has visited that >website until after I saw the traffic go through. I continued to monitor the >traffic and noticed that about 2 hours later, it contacted the same website >again. I have not yet determined what kind of a schedule it is on. I >monitored it all night and this morning and have not noticed it contacting >it again. > >After it happened the first time, I ran msconfig and removed several items >in question from the startup and rebooted. It still happened about an hour >after reboot. > >I have also ran adaware and spybot (with current updates) and have found >nothing of significance. > >My big question is how can I find out what program or process is contacting >this website. Is there something I can set up in XP to monitor what programs >are initiating contact to other sites without my consent? > >Here is the traffic that my proxy server logged: > >484 OPTIONS http://www.wildernesskarnataka.org/ - DIRECT/202.71.129.55 - >1065836905.593 1169 voyager2 TCP_MISS/207 1104 PROPFIND >http://www.wildernesskarnataka.org/WL-DOWNLOADS - DIRECT/202.71.129.55 >text/xml >1065836907.257 1663 voyager2 TCP_MISS/207 1104 PROPFIND >http://www.wildernesskarnataka.org/WL-DOWNLOADS - DIRECT/202.71.129.55 >text/xml >1065836937.659 2107 voyager2 TCP_MISS/207 1104 PROPFIND >http://www.wildernesskarnataka.org/WL-DOWNLOADS - DIRECT/202.71.129.55 >text/xml >1065836938.950 1675 voyager2 TCP_MISS/207 1104 PROPFIND >http://www.wildernesskarnataka.org/WL-DOWNLOADS - DIRECT/202.71.129.55 >text/xml >1065836939.534 1113 voyager2 TCP_MISS/207 1104 PROPFIND >http://www.wildernesskarnataka.org/wl-downloads - DIRECT/202.71.129.55 >text/xml >1065836940.642 1106 voyager2 TCP_MISS/207 1104 PROPFIND >http://www.wildernesskarnataka.org/wl-downloads - DIRECT/202.71.129.55 >text/xml >1065836941.274 592 voyager2 TCP_MISS/404 777 PROPFIND >http://www.wildernesskarnataka.org/...ads/Desktop.ini - DIRECT/202 >.71.129.55 text/html > >If anyone has any ideas, I would appreciate it. > >Thanks, > >Rod Miller > Installing a software firewall such as kerio or zonealarm will tell which program is attempting to contact the internet. DAve |
|
|
|
12-10-2003, 05:44 AM
|
#3 |
|
Guest
Posts: n/a
|
Re: Computer contacting wildernesskarnataka.org by itself
Dave,
Thanks for the software firewall suggestion. I actually had a copy of Norton Personal Firewall 2003 that I had uninstalled because it was causing some other problems. I put it back on and I think I've solved the mystery so some extent. The connection to wildernesskarnataka was shown as a Microsoft webdav connection and I think Norton showed the access as coming from the "local subsystem". I opened up "My network places" and found a connection under "The Internet" labeled as "WL-Downloads on www.wildernesskarnataka.org". I think what happened was that my son had a report due at school on the purpose of zoos. He does not remember going to that site, but the properties of that connection showed that it was created two days before the file creation date of his report. I am still puzzled at what he would have done to create a connection, but I don't think it was anything as sinister as I was originally thinking it might be. I deleted the connection so the unauthorized web connections should now quit. I also found and deleted some old connections to some old sharepoint portal and team services sites that I had purposely connected to some time back. Rod Miller "davetest" <davetest_nospam@yahoo.com> wrote in message news:746hovs391a6cp2619q5ip37gjh3gbh2i1@4ax.com... > On Sat, 11 Oct 2003 16:09:36 GMT, "Rod Miller" > <thelan_NO_SPAM_man@NO_SPAM_cox.net> wrote: > > >I recently installed a squid transparent proxy on a firewall / gateway on my > >small home network (2 computers and the router). I was watching the traffic > >monitored by the proxy and noticed that one of my XP Professional computers > >contacted www.wildernesskarnataka.org by itself. I was also watching the > >computer in question and there was no browser open but I watched the traffic > >as it occurred. To my knowledge, nobody in this house has visited that > >website until after I saw the traffic go through. I continued to monitor the > >traffic and noticed that about 2 hours later, it contacted the same website > >again. I have not yet determined what kind of a schedule it is on. I > >monitored it all night and this morning and have not noticed it contacting > >it again. > > > >After it happened the first time, I ran msconfig and removed several items > >in question from the startup and rebooted. It still happened about an hour > >after reboot. > > > >I have also ran adaware and spybot (with current updates) and have found > >nothing of significance. > > > >My big question is how can I find out what program or process is contacting > >this website. Is there something I can set up in XP to monitor what programs > >are initiating contact to other sites without my consent? > > > >Here is the traffic that my proxy server logged: > > > >484 OPTIONS http://www.wildernesskarnataka.org/ - DIRECT/202.71.129.55 - > >1065836905.593 1169 voyager2 TCP_MISS/207 1104 PROPFIND > >http://www.wildernesskarnataka.org/WL-DOWNLOADS - DIRECT/202.71.129.55 > >text/xml > >1065836907.257 1663 voyager2 TCP_MISS/207 1104 PROPFIND > >http://www.wildernesskarnataka.org/WL-DOWNLOADS - DIRECT/202.71.129.55 > >text/xml > >1065836937.659 2107 voyager2 TCP_MISS/207 1104 PROPFIND > >http://www.wildernesskarnataka.org/WL-DOWNLOADS - DIRECT/202.71.129.55 > >text/xml > >1065836938.950 1675 voyager2 TCP_MISS/207 1104 PROPFIND > >http://www.wildernesskarnataka.org/WL-DOWNLOADS - DIRECT/202.71.129.55 > >text/xml > >1065836939.534 1113 voyager2 TCP_MISS/207 1104 PROPFIND > >http://www.wildernesskarnataka.org/wl-downloads - DIRECT/202.71.129.55 > >text/xml > >1065836940.642 1106 voyager2 TCP_MISS/207 1104 PROPFIND > >http://www.wildernesskarnataka.org/wl-downloads - DIRECT/202.71.129.55 > >text/xml > >1065836941.274 592 voyager2 TCP_MISS/404 777 PROPFIND > >http://www.wildernesskarnataka.org/...ads/Desktop.ini - DIRECT/202 > >.71.129.55 text/html > > > >If anyone has any ideas, I would appreciate it. > > > >Thanks, > > > >Rod Miller > > > Installing a software firewall such as kerio or zonealarm will tell > which program is attempting to contact the internet. > > DAve |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
