icslap connection to my computer

Posted on 2009-02-24
Last Modified: 2013-12-04
I was doing some some tests on my computer (vista) and found something peculiar when using the netstat command in command prompt.  A foreign address labeled "000-computername:icslap"  was discovered.  This is a computer within my office...

When looking for information regarding this I have found very little. All i know that it is possibly tied with Windows internet connection sharing. There is no need for ICS from my computer and I don't have it on.

I've googled the issue and come up with some rumors to it being tied to snooping software. Being the Network admin, I would think I'd be privy to that kind of thing. But understanding I am not the boss does make snooping a possibility.

Anyone know something I dont? What are some good utilities I can use to spot this as it comes up again?
Question by:L3370
    LVL 36

    Expert Comment

    by:Bing CISM / CISSP
    can you simply copy and paste the NETSTAT result here? you may replace any sensitive information such as public IPs or domain names with other strings like xxx.yyy.zzz.

    LVL 9

    Author Comment

    The netstat result will not show that connection every time.  So far I've only been able to catch it twice.

    Anyways, I have found snooping software. The connection was to my boss's computer. One of the programs was a keylogger, which is strictly prohibited by my corporation's IT security policy. The company understands that email will sometimes be used for personal use and allows us conduct personal affairs with it, so any monitoring technology that can't discriminate between email and other traffic is not allowed.

    Looks like a talk with HR and the some legal council will be in order!
    LVL 36

    Accepted Solution

    you may consider using TCPVIEW to monitor the active TCP/IP connections. save the status into a text file if you see something strange.

    TCPView for Windows v2.53

    hope it helps,
    LVL 9

    Author Comment

    That is EXACTLY what I've been searching for.. Thank you!
    LVL 9

    Author Closing Comment

    Thanks again,  this will help me pinpoint some details.  The program isn't constantly sending out data, so I needed something that will detect it when it happens.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
    The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now