Link to home
Start Free TrialLog in
Avatar of freshair
freshair

asked on

how can I kill a network connection on Windows?

is there a way to kill a network connection on Windows? I saw some IP kept connecting to my computer and starts FTP every 5 minutes. I do not know what it does because I don't have a firewall or network monitor. all I want to do is to kill the connection. I tried the Task Manager but I don't know which process I shall kill. could anyone help on this?
Avatar of freshair
freshair

ASKER

I found out this anomaly when I used netstat to see the list of connections on my computer. is there a way to kill the connection on CMD or MS-DOS?
Wouldn't you think it'd be better for you in install a firewall application? Instead of killing and reconnecting and killing and reconnecting and killing and .... you get my point. I use ZoneAlarm Pro, but you can get ZoneAlarm Personal for free.

http://download.com.com/3000-2092-10217783.html?tag=lst-0-1

Check your system for viruses as well. Maybe some sort of trojan is using the FTP port (21) to transfer some other traffic to a remote listener. Or the other program is connecting to your system, with the trojan listening as an FTP server. Either way, scan for viruses.

http://www.antivirus.com
http://security.symantec.com/ssc/vc_about.asp?j=1&langid=us&venid=sym&plfid=22&pkj=SOODDTKJBTVISBYWWYP
What version of windows are you using?
Why don't you want to install a firewall?

An application that you have running may be making an FTP connection.  You can check this out by using a consumer friendly firewall client like ZoneAlarm.  There are many others out there, but I prefer this product due to it's friendly interface and lack of scare tactics employed by larger vedors.

You might try using the free version of ZoneAlarm.

http://www.zonealarm.com

Or Download it from here.
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=zadb_zadown

William
so is there a way to kill the connection manually?
For my windows xp box (and I think this would work for 2k also)
 I would add a static route that goes nowhere.

Like so:

route -p add <BADADDRESS> mask 255.255.255.255 <NOT_YOUR_ROUTERS_IP>

So if your IP was 192.168.1.5, and your router was 192.168.1.1 then you could do something like this:

route -p add 10.41.4.7 mask 255.255.255.255 192.168.1.7

Now what happens, is you just told your computer to send all the traffic that is supposed to goto badaddress to that other IP instead of your router.  Basically, you become invisible to that IP.

For more information on the route command see this link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/route.asp

Hope that helps,

~Matt
Um...

In actual practice, I am havening trouble getting this to work the way that I want it to.

Can any of you other guys help me out here and tell me what I am doing wrong?

Thanks,

Matt
If you're using 2K - you can open Cntl Panl - Admin Tools - Services & stop FTP & IIS, then change their Startup Type prop to Disabled.
You might want to check for spyware also. Don't forget to get the updates

Free Anti virus
http://www.grisoft.com/html/us_downl.html

Spyware

adaware
http://www.lavasoftusa.com/support/download/     

here is the link for spybot
http://spybot.safer-networking.de/

more spyware links
http://security.kolla.de/
http://www.tomcoyote.org/hjt/#introduction
Try this:

net stop msftpsvc

msftpsvc is the name of the ftp program

To start ftp again

net start msftpsvc
Again Freshair I ask you what version of Windows you are using.  If you want help you've got to give us more information.

Why don't you want to run a firewall?  You could easily block any IP address with one of several free products already mentioned.  Even your OS may have firewall services built into it.

Your question is how do I manually stop the FTP connection between my computer and this unknown ip address?  Until we get some more information we can't accurately advise you with out making a lot of assumptions.

The short answer for now and only sure way to interupt this FTP connection is to disconnect your computer from the Internet by physically unplugging it.  I don't mean to be flippant, but until we can find out where your unwanted FTP connection is originating from this is the only sure way.

What do I mean?
If the FTP connection is originating from your PC then you need to find the service it is comming from and decide if you want to allow it to go out to the Internet.  Do you have FTP Services running on your computer?  

If the FTP connection is originating from the Internet and you want to block it, you can do that.  If however you are intentionally or unintentionally running a service that employs access on port 21 then you may be chasing these connection down all day as new IP addresses spring up connecting from the Internet.

William...
open task manager and the select proceses tab the from the view menu select columns and check PID.
Then you can find the PID of the process and use kill "PID".
WAudette: I'm using WinXP Pro (Workstation), version 2002, SP1 (without IIS).
here's what I got from netstat:
  Proto  Local Address          Foreign Address                                                    State
  TCP    P42K3:microsoft-ds  pcp01074306pcs.andrsn01.tn.comcast.net:2186 ESTABLISHED
  TCP    P42K3:2210             g026.adsl.netlink.com.au:3128                             TIME_WAIT
  TCP    P42K3:2210             209.31.0.17:FTP                                                    ESTABLISHED

I think all those three should get killed but not sure how to do so.

spazz45: `kill` is undefined on my CMD. you know of a way to kill a process under MS-DOS/CMD?
Freshair,

That's good information.  Now we are getting somewhere.

The kill command comes from one of the Microsoft's many Resource Kits, but it is not going to help you here unless you can find the process it is connecting too.  You will have to find an application that relates connection to processID.  I assume you wan to do this too from a command prompt.

Can you install applications on this machine?

William...

Fresh did you try disabling the FTP service like I stated above (nt,2k,xp)?
Xp also has a "tasklist" and "taskkill" command.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/taskkill.asp

or

tasklist /?
taskkill /?

for more info.
my account is admin type, I think I can install software on this machine.
I already disabled FTP service, but the situation doesn't change.

hmmmm...it seems to me tasklist and taskkill are the command-line version of task manager.
I used tasklist and it gave me a list of processes and their attributes, almost exactly the same as the task manager.
problem is that I don't know which process I shall kill since it doesn't show up on netstat.

anyone know what I could do except for disconnect or reboot (but those can't cure any infection already done on the PC)?
Do you have any remote access software (VNC/PCAnyw) or FTP pgms (WSFTP) running?
You could have a backdoor trojan that keeps opening the port for a hacker.
If you install the free zonealarm, any pgm trying to access outside ports, will be prompted with a msg to allow or not.
found another IP that keeps connected to my microsoft-ds:

  Proto  Local Address          Foreign Address        State
  TCP    P42K3:microsoft-ds  218-170-19-37.HINET-IP.hinet.net:3475  ESTABLISHED

I have quitted all programs but the connection still keeps being alive.
Ok maybe this will do it for ya...
30 day trial version may be worth a try.

http://www.nwpsw.com/estopmain.html
You should also check around your harddisk for suspect files.
Maybe do file search for new or files or just around the days you noticed these connections.

XP comes with Internet Connection Firewall.
Check in help to configure it.
It can block incoming traffic and log it.
ASKER CERTIFIED SOLUTION
Avatar of spazz45
spazz45

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
netstat - o does not work under W2K .

Any workaround to map the port number with the PID? Freeware ?