Solved

Windows network security : how to know what data I am sending and Where ? + anti hacking intrusion services

Posted on 2003-11-03
7
233 Views
Last Modified: 2013-12-04
Hello all,

I am on windows XP home, and am using the XP firewall.

I'm using a peer to peer program (emule) and an internet traffic monitor (networx).
It looks like the outgoing traffic is much more important than the one I authorize (I've capped it at 7kbytes in emule, and it shows 15 in Nteworx). I'm not doing any other thing Internet related.

I have already conducted an extensive virus scan to look for possible troyans or other backdoors, with no result.

I wonder if there really is additional traffic, if yes, what is this overhead traffic and where it goes. I would like to know if there is a simple program to determine what files I am sending and to what IP address.

Thanks if you can point me to a good (and simple) program for doing that. If that program has anti hacking services included, even better.

best regards,

Fabrice
0
Comment
Question by:fabricedeparis
7 Comments
 
LVL 3

Expert Comment

by:nonsence
ID: 9672614
here's a nice simple to use program that does the job and is free for windows

http://download.com.com/3000-2085-10062969.html?part=65960%20&subj=dlpage&tag=button

it doesn't capture data or anything. just shows what's open, what file is accessing hte internet and what ip it's connected to on what port, etc etc. all in a one window graph. it's great
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9675825
I use a free program called Vision from Foundstone for this network analysis.
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/vision.htm

This also shows you what IPs are connecting to your system ,what ports and what programs - it also allows you to terminate any unwanted critters ;)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 9678255
> how to know what data I am sending and Where ? + anti hacking intrusion services

The first step is to install and run ZoneAlarm firewall (or Sygate). Block everything. Now:

simply watch what is attempted for being sent.  For free, you do get the destination and the process, port, but not the files.  Traffic is about more than files, but if you get the first few pieces, you can find more. Especially important if not permitted (which is purpose of ZA, to stop the unpermitted).
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 1

Author Comment

by:fabricedeparis
ID: 9754613
Hi there,

I've made several tests, and I'm a little nonplussed. I've tried the different portscanners suggested, very simple to use, not that easy to understand. So i didn't make much of that intel. Only that

So I came back to simple testing. If I stop my peer to peer service (emule) the upload rate nearly instantaneously falls down to under 2kb/s. So it seems that if there is haemorragy somewhere that's where it happens. This is confirmed by the port scanner.
However inside emule, as I mentioned, i never go above 7kb/s with an average around 5.

If I try an FTP upload without emule, on my provider FTP, I get around 8kb/s average, with a max at 10.

I'm starting to suspect that it could simply be a combination emule using a lot of upload traffic for "additional" tasks (whatever those can be, setting up connection, etc...) and reporting only on the main tasks (exchanging files), and a current poor performance of my ISP in terms of upload capacity.

For Sunbow : I already use XP firewall. I can install ZA, but I don't see what else it would teach me since stopping emule seems to stop outgoing traffic, and I am a little cautious with firewall installations since last time I tested another, (the firewall from Ontrack systemsuite) it simply rebooted my system each time it started (at boot).

Anyway, I just leave this topic open a little more in case someone can prove the following statement wrong :

it seems there is no simple way of knowing what is the source (file) of the data that is being sent, but only where you send it,through what port and via what application. Maybe through the use of packet sniffers or that sort of tool can you know what the data sent really is (especially if it comes from a specific file, and not from an application tunneling it), but those tools seem fairly difficult to use to me.

Anyone got a better view on this ?

Cheers,

Fabrice

PS : just for mentioning in case it interests someone dropping on this topic  in the future, I also tested DiamondCS Port explorer, which isn't freeware but gives more advanced possibilities than active ports (like integrated packet sniffer, socket spy, and the quantity of data sent by each process). also, for the paranoid with a lot of time to learn a new tool, i could advise to look at Snort (www.snort.org). Open Source Network Intrusion Detection System. Very interesting features, but far too complicated (command line option type) for me though :p
0
 

Accepted Solution

by:
isamu_2000 earned 100 total points
ID: 10456813
I think the simple answer to this is that emule is using the bandwidth to maintain connection to the servers and also to fulfill search request reponses (since there is no way to disable the upload function in emule/edonkey).
0
 
LVL 1

Author Comment

by:fabricedeparis
ID: 11423582
Sorry for forgetting that question. Yes, in the end it was just emule overhead bandwidth consumption. It went down drastically with a new version of emule. Well, I lernet how to use a port scanner at leat :)

Thanks Isamu, and cheers everyone,

Fabrice
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question