Solved

Windows network security : how to know what data I am sending and Where ? + anti hacking intrusion services

Posted on 2003-11-03
7
234 Views
Last Modified: 2013-12-04
Hello all,

I am on windows XP home, and am using the XP firewall.

I'm using a peer to peer program (emule) and an internet traffic monitor (networx).
It looks like the outgoing traffic is much more important than the one I authorize (I've capped it at 7kbytes in emule, and it shows 15 in Nteworx). I'm not doing any other thing Internet related.

I have already conducted an extensive virus scan to look for possible troyans or other backdoors, with no result.

I wonder if there really is additional traffic, if yes, what is this overhead traffic and where it goes. I would like to know if there is a simple program to determine what files I am sending and to what IP address.

Thanks if you can point me to a good (and simple) program for doing that. If that program has anti hacking services included, even better.

best regards,

Fabrice
0
Comment
Question by:fabricedeparis
7 Comments
 
LVL 3

Expert Comment

by:nonsence
ID: 9672614
here's a nice simple to use program that does the job and is free for windows

http://download.com.com/3000-2085-10062969.html?part=65960%20&subj=dlpage&tag=button

it doesn't capture data or anything. just shows what's open, what file is accessing hte internet and what ip it's connected to on what port, etc etc. all in a one window graph. it's great
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9675825
I use a free program called Vision from Foundstone for this network analysis.
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/vision.htm

This also shows you what IPs are connecting to your system ,what ports and what programs - it also allows you to terminate any unwanted critters ;)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 9678255
> how to know what data I am sending and Where ? + anti hacking intrusion services

The first step is to install and run ZoneAlarm firewall (or Sygate). Block everything. Now:

simply watch what is attempted for being sent.  For free, you do get the destination and the process, port, but not the files.  Traffic is about more than files, but if you get the first few pieces, you can find more. Especially important if not permitted (which is purpose of ZA, to stop the unpermitted).
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 1

Author Comment

by:fabricedeparis
ID: 9754613
Hi there,

I've made several tests, and I'm a little nonplussed. I've tried the different portscanners suggested, very simple to use, not that easy to understand. So i didn't make much of that intel. Only that

So I came back to simple testing. If I stop my peer to peer service (emule) the upload rate nearly instantaneously falls down to under 2kb/s. So it seems that if there is haemorragy somewhere that's where it happens. This is confirmed by the port scanner.
However inside emule, as I mentioned, i never go above 7kb/s with an average around 5.

If I try an FTP upload without emule, on my provider FTP, I get around 8kb/s average, with a max at 10.

I'm starting to suspect that it could simply be a combination emule using a lot of upload traffic for "additional" tasks (whatever those can be, setting up connection, etc...) and reporting only on the main tasks (exchanging files), and a current poor performance of my ISP in terms of upload capacity.

For Sunbow : I already use XP firewall. I can install ZA, but I don't see what else it would teach me since stopping emule seems to stop outgoing traffic, and I am a little cautious with firewall installations since last time I tested another, (the firewall from Ontrack systemsuite) it simply rebooted my system each time it started (at boot).

Anyway, I just leave this topic open a little more in case someone can prove the following statement wrong :

it seems there is no simple way of knowing what is the source (file) of the data that is being sent, but only where you send it,through what port and via what application. Maybe through the use of packet sniffers or that sort of tool can you know what the data sent really is (especially if it comes from a specific file, and not from an application tunneling it), but those tools seem fairly difficult to use to me.

Anyone got a better view on this ?

Cheers,

Fabrice

PS : just for mentioning in case it interests someone dropping on this topic  in the future, I also tested DiamondCS Port explorer, which isn't freeware but gives more advanced possibilities than active ports (like integrated packet sniffer, socket spy, and the quantity of data sent by each process). also, for the paranoid with a lot of time to learn a new tool, i could advise to look at Snort (www.snort.org). Open Source Network Intrusion Detection System. Very interesting features, but far too complicated (command line option type) for me though :p
0
 

Accepted Solution

by:
isamu_2000 earned 100 total points
ID: 10456813
I think the simple answer to this is that emule is using the bandwidth to maintain connection to the servers and also to fulfill search request reponses (since there is no way to disable the upload function in emule/edonkey).
0
 
LVL 1

Author Comment

by:fabricedeparis
ID: 11423582
Sorry for forgetting that question. Yes, in the end it was just emule overhead bandwidth consumption. It went down drastically with a new version of emule. Well, I lernet how to use a port scanner at leat :)

Thanks Isamu, and cheers everyone,

Fabrice
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question