Solved

Computers have outbound traffic to blocked IP

Posted on 2011-09-28
2
1,077 Views
Last Modified: 2013-11-22
I was watching the denied traffic on my Firebox x1250e Firewall.  And noticed some traffic that seems odd.  These two computers keep having denied traffic to this one blocked IP for unknown reason.  here are the denied messages from the traffic Monitor.

2011-09-28 15:03:12 Deny 10.3.11.8 172.16.1.30 snmp/udp 1040 161 1-Trusted 0-External blocked sites 106 125 (Internal Policy)  proc_id="firewall" rc="101"       Traffic

2011-09-28 15:03:29 Deny 10.3.11.78 172.16.1.30 snmp/udp 1042 161 1-Trusted 0-External blocked sites 105 125 (Internal Policy)  proc_id="firewall" rc="101"       Traffic

Have run virus and malware scans all coming back clean.  Have nothing on the network with a 172.16 IP either.  No idea why this traffic is happening.
0
Comment
Question by:remmett70
2 Comments
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 500 total points
ID: 36720332
You could use Process Hacker or TCP View on those two computers to check which application is actually making the connection to the blocked IP addresses.

Process Hacker:
http://processhacker.sourceforge.net/

TCPView:
http://technet.microsoft.com/en-us/sysinternals/bb897437

Sudeep
0
 
LVL 10

Author Comment

by:remmett70
ID: 36720672
Thanks, TCPView helped.  It never showed the 172 IP address, but I was able to match up what was happening TCP activity with the deny in the firewall.

Turns out, this was related to spoolsv.exe  These computers had a TCP printer port for the 172.16.1.30 address.  No idea why, since we don't use a 172 internal.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Printers have changed substantially in the last 30 or so years, not just in technical capabilities but in cost and usage as well.  Printers were originally used for interfacing with the operator, not necessarily for printing copy or pictures. In …
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now