Detecting bizarre network activity

[Laphan]

Hi All

I've got WinXP Pro with SP1 and all the latest web updates as of today.

When I connect my PC to my office's network and basically don't do anything,
the activity monitor (ie the one with the 2 blue tvs in the system tray) is
what I call quiet in that it only blips a few times every now and then.

If I go home and plug the exact same PC into my home network and don't do
anything, which is basically my PC plugging into the same adsl 4 port
hub/router/modem to get broadband, the activity is buzzing all the time. I
can see about a MBs of data bouncing back and forth in a couple of mins.

My Zone Alarm doesn't say any program is trying to do anything, but
obviously something is.

The funny thing is that if I set WinXP's firewall on then the activity
stops, but in order for me to connect to my office network I have to keep
unchecking this Firewall because it blocks the network and I can't gain
access (another problem I would also like to resolve).

Has anybody else experienced this?

Any ideas how to resolve it?

Rgds

Laphan

 

[Melissa]

Hi All

I've got WinXP Pro with SP1 and all the latest web updates as of today.

When I connect my PC to my office's network and basically don't do anything,
the activity monitor (ie the one with the 2 blue tvs in the system tray) is
what I call quiet in that it only blips a few times every now and then.

If I go home and plug the exact same PC into my home network and don't do
anything, which is basically my PC plugging into the same adsl 4 port
hub/router/modem to get broadband, the activity is buzzing all the time. I
can see about a MBs of data bouncing back and forth in a couple of mins.

My Zone Alarm doesn't say any program is trying to do anything, but
obviously something is.

The funny thing is that if I set WinXP's firewall on then the activity
stops, but in order for me to connect to my office network I have to keep
unchecking this Firewall because it blocks the network and I can't gain
access (another problem I would also like to resolve).

Has anybody else experienced this?

Any ideas how to resolve it?

Rgds

Laphan

You need to get Zone Alarm available free at:
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

It will allow you to control program access -- both inbound and outbound
traffic.

 

[Melissa]

Hi All

I've got WinXP Pro with SP1 and all the latest web updates as of today.

When I connect my PC to my office's network and basically don't do anything,
the activity monitor (ie the one with the 2 blue tvs in the system tray) is
what I call quiet in that it only blips a few times every now and then.

If I go home and plug the exact same PC into my home network and don't do
anything, which is basically my PC plugging into the same adsl 4 port
hub/router/modem to get broadband, the activity is buzzing all the time. I
can see about a MBs of data bouncing back and forth in a couple of mins.

My Zone Alarm doesn't say any program is trying to do anything, but
obviously something is.

The funny thing is that if I set WinXP's firewall on then the activity
stops, but in order for me to connect to my office network I have to keep
unchecking this Firewall because it blocks the network and I can't gain
access (another problem I would also like to resolve).

Has anybody else experienced this?

Any ideas how to resolve it?

Rgds

Laphan

Sorry, I didn't see that you're already running ZA. Try turning on the
Alerts and seeing what's trying to access you.

 

[Alex Nichol]

My Zone Alarm doesn't say any program is trying to do anything, but
obviously something is.

The funny thing is that if I set WinXP's firewall on then the activity
stops, but in order for me to connect to my office network I have to keep
unchecking this Firewall because it blocks the network and I can't gain
access (another problem I would also like to resolve).

This sounds as if you have Zone Alarm set to allow NETBIOS activity
(ports in 135 to 139) through on your Office LAN. If you connect
direct to the Internet it is *essential* that you turn that access off.
You may have patches that are adequate at the moment to block the
attacks on those ports - but that is where the Blast worm came in, and
there will be a large number of attacks going on. And even possibly
hitting something. If only the messenger service in the hope of
generating popup ads.