?
Solved

Computers have outbound traffic to blocked IP

Posted on 2011-09-28
2
Medium Priority
?
1,096 Views
Last Modified: 2013-11-22
I was watching the denied traffic on my Firebox x1250e Firewall.  And noticed some traffic that seems odd.  These two computers keep having denied traffic to this one blocked IP for unknown reason.  here are the denied messages from the traffic Monitor.

2011-09-28 15:03:12 Deny 10.3.11.8 172.16.1.30 snmp/udp 1040 161 1-Trusted 0-External blocked sites 106 125 (Internal Policy)  proc_id="firewall" rc="101"       Traffic

2011-09-28 15:03:29 Deny 10.3.11.78 172.16.1.30 snmp/udp 1042 161 1-Trusted 0-External blocked sites 105 125 (Internal Policy)  proc_id="firewall" rc="101"       Traffic

Have run virus and malware scans all coming back clean.  Have nothing on the network with a 172.16 IP either.  No idea why this traffic is happening.
0
Comment
Question by:remmett70
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Accepted Solution

by:
Sudeep Sharma earned 2000 total points
ID: 36720332
You could use Process Hacker or TCP View on those two computers to check which application is actually making the connection to the blocked IP addresses.

Process Hacker:
http://processhacker.sourceforge.net/

TCPView:
http://technet.microsoft.com/en-us/sysinternals/bb897437

Sudeep
0
 
LVL 10

Author Comment

by:remmett70
ID: 36720672
Thanks, TCPView helped.  It never showed the 172 IP address, but I was able to match up what was happening TCP activity with the deny in the firewall.

Turns out, this was related to spoolsv.exe  These computers had a TCP printer port for the 172.16.1.30 address.  No idea why, since we don't use a 172 internal.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question