• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 11770
  • Last Modified:

icslap connection to my computer

I was doing some some tests on my computer (vista) and found something peculiar when using the netstat command in command prompt.  A foreign address labeled "000-computername:icslap"  was discovered.  This is a computer within my office...

When looking for information regarding this I have found very little. All i know that it is possibly tied with Windows internet connection sharing. There is no need for ICS from my computer and I don't have it on.

I've googled the issue and come up with some rumors to it being tied to snooping software. Being the Network admin, I would think I'd be privy to that kind of thing. But understanding I am not the boss does make snooping a possibility.

Anyone know something I dont? What are some good utilities I can use to spot this as it comes up again?
0
L3370
Asked:
L3370
  • 3
  • 2
1 Solution
 
bbaoIT ConsultantCommented:
can you simply copy and paste the NETSTAT result here? you may replace any sensitive information such as public IPs or domain names with other strings like xxx.yyy.zzz.

thanks,
bbao
0
 
L3370Author Commented:
The netstat result will not show that connection every time.  So far I've only been able to catch it twice.

Anyways, I have found snooping software. The connection was to my boss's computer. One of the programs was a keylogger, which is strictly prohibited by my corporation's IT security policy. The company understands that email will sometimes be used for personal use and allows us conduct personal affairs with it, so any monitoring technology that can't discriminate between email and other traffic is not allowed.

Looks like a talk with HR and the some legal council will be in order!
0
 
bbaoIT ConsultantCommented:
you may consider using TCPVIEW to monitor the active TCP/IP connections. save the status into a text file if you see something strange.

TCPView for Windows v2.53
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

hope it helps,
bbao
0
 
L3370Author Commented:
That is EXACTLY what I've been searching for.. Thank you!
0
 
L3370Author Commented:
Thanks again,  this will help me pinpoint some details.  The program isn't constantly sending out data, so I needed something that will detect it when it happens.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now