Solved

Internet Gateway > Internet Connection'  LIVE CALL WHAT IS THIS  FOR ??

Posted on 2007-06-29
794 Views
Last Modified: 2012-05-05
I am running XP Home edition 2002 sp2

in my Network connections I found an
'Internet Gateway > Internet Connection'
which i am sure i have never seen before

when i viewed the properties of the  'Internet Connection'
icon it had a 'settings' button

clicking this opened a 'services' dialog which had 3 entries

livecall (192.168.1.100:8345) 21985 UDP
livecall (192.168.1.100:8345) 36069 TCP
MsnMsgr (192.168.1.100:10205) 4582 UDP

I unchecked these items and also 'disabled' this interent gateway and my internet still seems to be running fine

I do have SKYPE and MSN installed and i use SKYPE for VoiP
 Can anyone tell me whether these settings have allowed someone to access my PC ?
0
Question by:aphuk
    22 Comments
     
    LVL 57

    Expert Comment

    by:giltjr
    Livecall looks like http://www.liveperson.com/sb/livecall.asp
    MsnMsgr is most likely MSN Messenger from Microsoft, an online chat and instant messaging client.

    Do you use either one of these?
    0
     

    Author Comment

    by:aphuk
    i do not use Livecall
    i do use MSN & SKYPE and i noticed this time that i also now have a check box for SKYPE in the connection list

    is 'Internet Gateway > Internet Connection' always present when you are online ?  i am sure i have never seen it before
    0
     

    Author Comment

    by:aphuk
    for now  have set the 'Internet Gateway > Internet Connection'  to disabled, what impact will this have on SKYPE & MSN msgr?
    0
     
    LVL 57

    Expert Comment

    by:giltjr
    I am not really sure.  I have not seen "Internet Gatgeway > Internet Connection" before, but what I think this may is Internet Connection Sharing.  Have you ever configured your computer to allow Internet Connection Sharing before?
    0
     
    LVL 66

    Expert Comment

    by:johnb6767
    Internet Gateway is alos a result of UPnP, a service that allows for dynamic configuration of the router. If you go to start>run>services.msc, and disable Univeral Plug and Play, then reboot... Does it appear?
    0
     

    Author Comment

    by:aphuk
    this time round only the MSnMsgr was checked ?!*
    stopped the service
    it said dependency was from Windows Media Player
    that may be because MSN displays whatever music i am playing on the MSN title bar ...??
    0
     

    Author Comment

    by:aphuk
    service was stopped
    machine was rebooted
    conditions still exist and i now have 4 items back in the list
    livecall (192.168.1.100:8345) 21985 UDP
    livecall (192.168.1.100:8345) 36069 TCP
    MsnMsgr (192.168.1.100:10205) 4582 UDP
    SKYPE

    services show Upnp running as a manual service
    0
     
    LVL 66

    Expert Comment

    by:johnb6767
    Can you upload the dump files from c:\windows\minidump for us to look at?

    Http://www.ee-stuff.com is a free upload site for us....

    Might be able to pinpoint the fauting modules in there....
    0
     
    LVL 57

    Expert Comment

    by:giltjr
    Not sure if it is directly related, but there is a MSN Messenger plugin for Windows Media player.  one of the features is if you are using MSN Messenger as a IM client, it will display the music you have been listening to with Windows Media player.

    http://www.mess.be/msnmessengerfaq/article.php?id=117&action=print

    It is also possible that Windows Media player does use MSN Messenger to get the information about music you are listening to.

    As to the livecall stuff, did you look at the Web Page I referred you to earlier?  Did it look/sound familure?  Do you, or did you, ever have 3rd party support?
    0
     

    Author Comment

    by:aphuk
    giltjr:
    looked at this 'livecall' site and it is not familiar to me at all but you know how it is , in the past i have used direct contact dialog boxes to some websites (talk to a LIVE operator) but not for a LONG time!!
    Also no sure why there are two of them in the list. The only 3rd party support i can recall is PREVX. It would be nice if these references were signed as to who put it in my configuration!!

    I can delete the 'service' using the properties but as soon as i restart the machine the service is back

    i have screen shots available but cannot get them onto Http://www.ee-stuff.com as it appears to be in flux at the minute
    0
     

    Author Comment

    by:aphuk
    johnb6767:
    Http://www.ee-stuff.com appears to be unavailable at the moment

    I have one minidump on my machine from Aug 2006.
    0
     
    LVL 57

    Expert Comment

    by:giltjr
    You may want to get HijackThis (http://www.spywareinfo.com/~merijn/programs.php)  and run it to see what it says.

    I did a little more searching and it seems that livecall may also be related to MSN Messenger.

    0
     

    Author Comment

    by:aphuk
    Thanks Tolomir. Thought someone would have been able to shed light on this one.?!
    0
     
    LVL 57

    Expert Comment

    by:giltjr
    Do you think that somebody has accessed your computer?  

    If you do a:

         netstat -ano

    Do you show anything running with those ports open?  Those settings by themself would not have allowed somebody to access your computer.  If you have your firewall configured correctly then nobody should have been able to get into your computer.

    However if your firewall is not configured correctly, then almost anybody can.
    0
     

    Author Comment

    by:aphuk
    i am not sure if someone has accessed my computer

    netstat -ano reports the following, but I am not sure if this is GOOD or BAD ?

    Active Connections

      Proto  Local Address          Foreign Address        State           PID
      TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       3812
      TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1012
      TCP    0.0.0.0:443            0.0.0.0:0              LISTENING       3812
      TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:990            0.0.0.0:0              LISTENING       2428
      TCP    0.0.0.0:999            0.0.0.0:0              LISTENING       3784
      TCP    0.0.0.0:2869           0.0.0.0:0              LISTENING       1244
      TCP    0.0.0.0:10243          0.0.0.0:0              LISTENING       2036
      TCP    0.0.0.0:26675          0.0.0.0:0              LISTENING       3784
      TCP    0.0.0.0:57830          0.0.0.0:0              LISTENING       3812
      TCP    127.0.0.1:1029         0.0.0.0:0              LISTENING       708
      TCP    127.0.0.1:4664         0.0.0.0:0              LISTENING       3480
      TCP    127.0.0.1:5679         0.0.0.0:0              LISTENING       2280
      TCP    127.0.0.1:7438         0.0.0.0:0              LISTENING       2280
      TCP    169.254.2.2:139        0.0.0.0:0              LISTENING       4
      TCP    169.254.2.2:990        169.254.2.1:1139       ESTABLISHED     2428
      TCP    169.254.2.2:990        169.254.2.1:1141       ESTABLISHED     2428
      TCP    169.254.2.2:999        169.254.2.1:1142       ESTABLISHED     3784
      TCP    169.254.2.2:5678       169.254.2.1:1143       ESTABLISHED     3784
      TCP    169.254.2.2:5678       169.254.2.1:1144       ESTABLISHED     3784
      TCP    169.254.2.2:5721       0.0.0.0:0              LISTENING       2428
      TCP    169.254.2.2:26675      169.254.2.1:1158       ESTABLISHED     4
      TCP    192.168.1.101:139      0.0.0.0:0              LISTENING       4
      TCP    192.168.1.101:1138     207.46.109.42:1863     ESTABLISHED     1424
      TCP    192.168.1.101:1341     24.225.201.62:56841    ESTABLISHED     3812
      TCP    192.168.1.101:1933     62.189.194.207:80      TIME_WAIT       0
      TCP    192.168.1.101:1935     64.156.132.140:80      TIME_WAIT       0
      TCP    192.168.1.101:1964     62.189.194.207:80      TIME_WAIT       0
      TCP    192.168.1.101:2807     192.168.10.70:445      ESTABLISHED     4
      TCP    192.168.1.101:58898    192.168.1.1:2869       CLOSING         1424
      UDP    0.0.0.0:445            *:*                                    4
      UDP    0.0.0.0:500            *:*                                    752
      UDP    0.0.0.0:1028           *:*                                    1472
      UDP    0.0.0.0:1041           *:*                                    1164
      UDP    0.0.0.0:1099           *:*                                    1424
      UDP    0.0.0.0:1136           *:*                                    1164
      UDP    0.0.0.0:4500           *:*                                    752
      UDP    0.0.0.0:57830          *:*                                    3812
      UDP    127.0.0.1:123          *:*                                    1092
      UDP    127.0.0.1:1080         *:*                                    3812
      UDP    127.0.0.1:1131         *:*                                    1424
      UDP    127.0.0.1:1900         *:*                                    1244
      UDP    127.0.0.1:1931         *:*                                    1396
      UDP    127.0.0.1:1946         *:*                                    3356
      UDP    169.254.2.2:123        *:*                                    1092
      UDP    169.254.2.2:137        *:*                                    4
      UDP    169.254.2.2:138        *:*                                    4
      UDP    169.254.2.2:1900       *:*                                    1244
      UDP    169.254.2.2:15797      *:*                                    1424
      UDP    169.254.2.2:62567      *:*                                    1424
      UDP    192.168.1.101:123      *:*                                    1092
      UDP    192.168.1.101:137      *:*                                    4
      UDP    192.168.1.101:138      *:*                                    4
      UDP    192.168.1.101:1900     *:*                                    1244
      UDP    192.168.1.101:12215    *:*                                    1424
      UDP    192.168.1.101:60844    *:*                                    1424
    0
     
    LVL 57

    Expert Comment

    by:giltjr
    O.K, it looks like you have two network connections.  Are you using this as a Internet Connection Sharing devices?


    I would figure out what all of the following is.  You need to find out what  the PIDs are.  These are listening, which means they are waiting for somebody to connect to them.  If your firewall is not configured properly, then somebody could connect to your computer via the Internet.

    TCP    0.0.0.0:990            0.0.0.0:0              LISTENING       2428
    TCP    0.0.0.0:999            0.0.0.0:0              LISTENING       3784
    TCP    0.0.0.0:2869           0.0.0.0:0              LISTENING       1244
    TCP    0.0.0.0:10243          0.0.0.0:0              LISTENING       2036
    TCP    0.0.0.0:26675          0.0.0.0:0              LISTENING       3784
    TCP    0.0.0.0:57830          0.0.0.0:0              LISTENING       3812
    UDP    192.168.1.101:1900     *:*                                    1244
    UDP    192.168.1.101:12215    *:*                                    1424
    UDP    192.168.1.101:60844    *:*                                    1424
    UDP    169.254.2.2:1900       *:*                                    1244
    UDP    169.254.2.2:15797      *:*                                    1424
    UDP    169.254.2.2:62567      *:*                                    1424
    0
     
    LVL 66

    Accepted Solution

    by:
    TCPView for Windows v2.4
    http://www.microsoft.com/technet/sysinternals/Utilities/TcpView.mspx

    GUI alternative to the old netstat -abn command.......
    0
     

    Author Comment

    by:aphuk
    giltjr:

    sorry did not get back sooner but i have been in a location with no internet connection

    can you help me with finding out what the PID's are ?

    0
     
    LVL 57

    Assisted Solution

    by:giltjr
    You may want to use the program that johnb6767 suggested.  I beleive it will tell you what task/program is associated with the PIDs listed in the output of the netstat command.
    0
     

    Author Comment

    by:aphuk
    Sorry it took so long but I got there in the end. Only Grey area is
    'Internet Gateway > Internet Connection'
    from what i can work out it seems that if i have a wireless connection then it appears
    if i am using cable then it does'nt
    I have both network types on my laptop.

    Used Netstat and TCPView for Windows v2.4 and then good old Google to look up each item in the list and they all seemed to be Valid so 'all's well that ends well'
    0
     
    LVL 57

    Expert Comment

    by:giltjr
    My guess is that you have your computer configured for Internet Connection Sharing (ICS).  This is only active if you have two network connection.  You can't use ICS with a single connection.
    0
     

    Author Comment

    by:aphuk
    found how it can be installed here
    http://www.practicallynetworked.com/sharing/xp_ics/

    found out how to remove it here
    http://support.microsoft.com/kb/263276
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Product Review - Android Remix

    Come along for the ride with our Senior Product Manager, Brian Matis, as he reviews the Android Remix.

    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now