Solved

Computers have outbound traffic to blocked IP

Posted on 2011-09-28
2
1,079 Views
Last Modified: 2013-11-22
I was watching the denied traffic on my Firebox x1250e Firewall.  And noticed some traffic that seems odd.  These two computers keep having denied traffic to this one blocked IP for unknown reason.  here are the denied messages from the traffic Monitor.

2011-09-28 15:03:12 Deny 10.3.11.8 172.16.1.30 snmp/udp 1040 161 1-Trusted 0-External blocked sites 106 125 (Internal Policy)  proc_id="firewall" rc="101"       Traffic

2011-09-28 15:03:29 Deny 10.3.11.78 172.16.1.30 snmp/udp 1042 161 1-Trusted 0-External blocked sites 105 125 (Internal Policy)  proc_id="firewall" rc="101"       Traffic

Have run virus and malware scans all coming back clean.  Have nothing on the network with a 172.16 IP either.  No idea why this traffic is happening.
0
Comment
Question by:remmett70
2 Comments
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 500 total points
ID: 36720332
You could use Process Hacker or TCP View on those two computers to check which application is actually making the connection to the blocked IP addresses.

Process Hacker:
http://processhacker.sourceforge.net/

TCPView:
http://technet.microsoft.com/en-us/sysinternals/bb897437

Sudeep
0
 
LVL 10

Author Comment

by:remmett70
ID: 36720672
Thanks, TCPView helped.  It never showed the 172 IP address, but I was able to match up what was happening TCP activity with the deny in the firewall.

Turns out, this was related to spoolsv.exe  These computers had a TCP printer port for the 172.16.1.30 address.  No idea why, since we don't use a 172 internal.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question