Solved

Computers have outbound traffic to blocked IP

Posted on 2011-09-28
2
1,094 Views
Last Modified: 2013-11-22
I was watching the denied traffic on my Firebox x1250e Firewall.  And noticed some traffic that seems odd.  These two computers keep having denied traffic to this one blocked IP for unknown reason.  here are the denied messages from the traffic Monitor.

2011-09-28 15:03:12 Deny 10.3.11.8 172.16.1.30 snmp/udp 1040 161 1-Trusted 0-External blocked sites 106 125 (Internal Policy)  proc_id="firewall" rc="101"       Traffic

2011-09-28 15:03:29 Deny 10.3.11.78 172.16.1.30 snmp/udp 1042 161 1-Trusted 0-External blocked sites 105 125 (Internal Policy)  proc_id="firewall" rc="101"       Traffic

Have run virus and malware scans all coming back clean.  Have nothing on the network with a 172.16 IP either.  No idea why this traffic is happening.
0
Comment
Question by:remmett70
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Accepted Solution

by:
Sudeep Sharma earned 500 total points
ID: 36720332
You could use Process Hacker or TCP View on those two computers to check which application is actually making the connection to the blocked IP addresses.

Process Hacker:
http://processhacker.sourceforge.net/

TCPView:
http://technet.microsoft.com/en-us/sysinternals/bb897437

Sudeep
0
 
LVL 10

Author Comment

by:remmett70
ID: 36720672
Thanks, TCPView helped.  It never showed the 172 IP address, but I was able to match up what was happening TCP activity with the deny in the firewall.

Turns out, this was related to spoolsv.exe  These computers had a TCP printer port for the 172.16.1.30 address.  No idea why, since we don't use a 172 internal.

0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question