freshair
asked on
how can I kill a network connection on Windows?
is there a way to kill a network connection on Windows? I saw some IP kept connecting to my computer and starts FTP every 5 minutes. I do not know what it does because I don't have a firewall or network monitor. all I want to do is to kill the connection. I tried the Task Manager but I don't know which process I shall kill. could anyone help on this?
Wouldn't you think it'd be better for you in install a firewall application? Instead of killing and reconnecting and killing and reconnecting and killing and .... you get my point. I use ZoneAlarm Pro, but you can get ZoneAlarm Personal for free.
http://download.com.com/3000-2092-10217783.html?tag=lst-0-1
Check your system for viruses as well. Maybe some sort of trojan is using the FTP port (21) to transfer some other traffic to a remote listener. Or the other program is connecting to your system, with the trojan listening as an FTP server. Either way, scan for viruses.
http://www.antivirus.com
http://security.symantec.com/ssc/vc_about.asp?j=1&langid=us&venid=sym&plfid=22&pkj=SOODDTKJBTVISBYWWYP
http://download.com.com/3000-2092-10217783.html?tag=lst-0-1
Check your system for viruses as well. Maybe some sort of trojan is using the FTP port (21) to transfer some other traffic to a remote listener. Or the other program is connecting to your system, with the trojan listening as an FTP server. Either way, scan for viruses.
http://www.antivirus.com
http://security.symantec.com/ssc/vc_about.asp?j=1&langid=us&venid=sym&plfid=22&pkj=SOODDTKJBTVISBYWWYP
What version of windows are you using?
Why don't you want to install a firewall?
An application that you have running may be making an FTP connection. You can check this out by using a consumer friendly firewall client like ZoneAlarm. There are many others out there, but I prefer this product due to it's friendly interface and lack of scare tactics employed by larger vedors.
You might try using the free version of ZoneAlarm.
http://www.zonealarm.com
Or Download it from here.
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=zadb_zadown
William
Why don't you want to install a firewall?
An application that you have running may be making an FTP connection. You can check this out by using a consumer friendly firewall client like ZoneAlarm. There are many others out there, but I prefer this product due to it's friendly interface and lack of scare tactics employed by larger vedors.
You might try using the free version of ZoneAlarm.
http://www.zonealarm.com
Or Download it from here.
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=zadb_zadown
William
ASKER
so is there a way to kill the connection manually?
For my windows xp box (and I think this would work for 2k also)
I would add a static route that goes nowhere.
Like so:
route -p add <BADADDRESS> mask 255.255.255.255 <NOT_YOUR_ROUTERS_IP>
So if your IP was 192.168.1.5, and your router was 192.168.1.1 then you could do something like this:
route -p add 10.41.4.7 mask 255.255.255.255 192.168.1.7
Now what happens, is you just told your computer to send all the traffic that is supposed to goto badaddress to that other IP instead of your router. Basically, you become invisible to that IP.
For more information on the route command see this link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/route.asp
Hope that helps,
~Matt
I would add a static route that goes nowhere.
Like so:
route -p add <BADADDRESS> mask 255.255.255.255 <NOT_YOUR_ROUTERS_IP>
So if your IP was 192.168.1.5, and your router was 192.168.1.1 then you could do something like this:
route -p add 10.41.4.7 mask 255.255.255.255 192.168.1.7
Now what happens, is you just told your computer to send all the traffic that is supposed to goto badaddress to that other IP instead of your router. Basically, you become invisible to that IP.
For more information on the route command see this link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/route.asp
Hope that helps,
~Matt
Um...
In actual practice, I am havening trouble getting this to work the way that I want it to.
Can any of you other guys help me out here and tell me what I am doing wrong?
Thanks,
Matt
In actual practice, I am havening trouble getting this to work the way that I want it to.
Can any of you other guys help me out here and tell me what I am doing wrong?
Thanks,
Matt
If you're using 2K - you can open Cntl Panl - Admin Tools - Services & stop FTP & IIS, then change their Startup Type prop to Disabled.
You might want to check for spyware also. Don't forget to get the updates
Free Anti virus
http://www.grisoft.com/html/us_downl.html
Spyware
adaware
http://www.lavasoftusa.com/support/download/
here is the link for spybot
http://spybot.safer-networking.de/
more spyware links
http://security.kolla.de/
http://www.tomcoyote.org/hjt/#introduction
Free Anti virus
http://www.grisoft.com/html/us_downl.html
Spyware
adaware
http://www.lavasoftusa.com/support/download/
here is the link for spybot
http://spybot.safer-networking.de/
more spyware links
http://security.kolla.de/
http://www.tomcoyote.org/hjt/#introduction
Try this:
net stop msftpsvc
msftpsvc is the name of the ftp program
To start ftp again
net start msftpsvc
net stop msftpsvc
msftpsvc is the name of the ftp program
To start ftp again
net start msftpsvc
Again Freshair I ask you what version of Windows you are using. If you want help you've got to give us more information.
Why don't you want to run a firewall? You could easily block any IP address with one of several free products already mentioned. Even your OS may have firewall services built into it.
Your question is how do I manually stop the FTP connection between my computer and this unknown ip address? Until we get some more information we can't accurately advise you with out making a lot of assumptions.
The short answer for now and only sure way to interupt this FTP connection is to disconnect your computer from the Internet by physically unplugging it. I don't mean to be flippant, but until we can find out where your unwanted FTP connection is originating from this is the only sure way.
What do I mean?
If the FTP connection is originating from your PC then you need to find the service it is comming from and decide if you want to allow it to go out to the Internet. Do you have FTP Services running on your computer?
If the FTP connection is originating from the Internet and you want to block it, you can do that. If however you are intentionally or unintentionally running a service that employs access on port 21 then you may be chasing these connection down all day as new IP addresses spring up connecting from the Internet.
William...
Why don't you want to run a firewall? You could easily block any IP address with one of several free products already mentioned. Even your OS may have firewall services built into it.
Your question is how do I manually stop the FTP connection between my computer and this unknown ip address? Until we get some more information we can't accurately advise you with out making a lot of assumptions.
The short answer for now and only sure way to interupt this FTP connection is to disconnect your computer from the Internet by physically unplugging it. I don't mean to be flippant, but until we can find out where your unwanted FTP connection is originating from this is the only sure way.
What do I mean?
If the FTP connection is originating from your PC then you need to find the service it is comming from and decide if you want to allow it to go out to the Internet. Do you have FTP Services running on your computer?
If the FTP connection is originating from the Internet and you want to block it, you can do that. If however you are intentionally or unintentionally running a service that employs access on port 21 then you may be chasing these connection down all day as new IP addresses spring up connecting from the Internet.
William...
open task manager and the select proceses tab the from the view menu select columns and check PID.
Then you can find the PID of the process and use kill "PID".
Then you can find the PID of the process and use kill "PID".
ASKER
WAudette: I'm using WinXP Pro (Workstation), version 2002, SP1 (without IIS).
here's what I got from netstat:
Proto Local Address Foreign Address State
TCP P42K3:microsoft-ds pcp01074306pcs.andrsn01.tn .comcast.n et:2186 ESTABLISHED
TCP P42K3:2210 g026.adsl.netlink.com.au:3 128 TIME_WAIT
TCP P42K3:2210 209.31.0.17:FTP ESTABLISHED
I think all those three should get killed but not sure how to do so.
spazz45: `kill` is undefined on my CMD. you know of a way to kill a process under MS-DOS/CMD?
here's what I got from netstat:
Proto Local Address Foreign Address State
TCP P42K3:microsoft-ds pcp01074306pcs.andrsn01.tn
TCP P42K3:2210 g026.adsl.netlink.com.au:3
TCP P42K3:2210 209.31.0.17:FTP ESTABLISHED
I think all those three should get killed but not sure how to do so.
spazz45: `kill` is undefined on my CMD. you know of a way to kill a process under MS-DOS/CMD?
Freshair,
That's good information. Now we are getting somewhere.
The kill command comes from one of the Microsoft's many Resource Kits, but it is not going to help you here unless you can find the process it is connecting too. You will have to find an application that relates connection to processID. I assume you wan to do this too from a command prompt.
Can you install applications on this machine?
William...
That's good information. Now we are getting somewhere.
The kill command comes from one of the Microsoft's many Resource Kits, but it is not going to help you here unless you can find the process it is connecting too. You will have to find an application that relates connection to processID. I assume you wan to do this too from a command prompt.
Can you install applications on this machine?
William...
Fresh did you try disabling the FTP service like I stated above (nt,2k,xp)?
Xp also has a "tasklist" and "taskkill" command.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/taskkill.asp
or
tasklist /?
taskkill /?
for more info.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/taskkill.asp
or
tasklist /?
taskkill /?
for more info.
ASKER
my account is admin type, I think I can install software on this machine.
I already disabled FTP service, but the situation doesn't change.
hmmmm...it seems to me tasklist and taskkill are the command-line version of task manager.
I used tasklist and it gave me a list of processes and their attributes, almost exactly the same as the task manager.
problem is that I don't know which process I shall kill since it doesn't show up on netstat.
anyone know what I could do except for disconnect or reboot (but those can't cure any infection already done on the PC)?
I already disabled FTP service, but the situation doesn't change.
hmmmm...it seems to me tasklist and taskkill are the command-line version of task manager.
I used tasklist and it gave me a list of processes and their attributes, almost exactly the same as the task manager.
problem is that I don't know which process I shall kill since it doesn't show up on netstat.
anyone know what I could do except for disconnect or reboot (but those can't cure any infection already done on the PC)?
Do you have any remote access software (VNC/PCAnyw) or FTP pgms (WSFTP) running?
You could have a backdoor trojan that keeps opening the port for a hacker.
If you install the free zonealarm, any pgm trying to access outside ports, will be prompted with a msg to allow or not.
You could have a backdoor trojan that keeps opening the port for a hacker.
If you install the free zonealarm, any pgm trying to access outside ports, will be prompted with a msg to allow or not.
ASKER
found another IP that keeps connected to my microsoft-ds:
Proto Local Address Foreign Address State
TCP P42K3:microsoft-ds 218-170-19-37.HINET-IP.hin et.net:347 5 ESTABLISHED
I have quitted all programs but the connection still keeps being alive.
Proto Local Address Foreign Address State
TCP P42K3:microsoft-ds 218-170-19-37.HINET-IP.hin
I have quitted all programs but the connection still keeps being alive.
Ok maybe this will do it for ya...
30 day trial version may be worth a try.
http://www.nwpsw.com/estopmain.html
30 day trial version may be worth a try.
http://www.nwpsw.com/estopmain.html
You should also check around your harddisk for suspect files.
Maybe do file search for new or files or just around the days you noticed these connections.
XP comes with Internet Connection Firewall.
Check in help to configure it.
It can block incoming traffic and log it.
Maybe do file search for new or files or just around the days you noticed these connections.
XP comes with Internet Connection Firewall.
Check in help to configure it.
It can block incoming traffic and log it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
netstat - o does not work under W2K .
Any workaround to map the port number with the PID? Freeware ?
Any workaround to map the port number with the PID? Freeware ?
ASKER