Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Computers have outbound traffic to blocked IP

Posted on 2011-09-28
2
Medium Priority
?
1,100 Views
Last Modified: 2013-11-22
I was watching the denied traffic on my Firebox x1250e Firewall.  And noticed some traffic that seems odd.  These two computers keep having denied traffic to this one blocked IP for unknown reason.  here are the denied messages from the traffic Monitor.

2011-09-28 15:03:12 Deny 10.3.11.8 172.16.1.30 snmp/udp 1040 161 1-Trusted 0-External blocked sites 106 125 (Internal Policy)  proc_id="firewall" rc="101"       Traffic

2011-09-28 15:03:29 Deny 10.3.11.78 172.16.1.30 snmp/udp 1042 161 1-Trusted 0-External blocked sites 105 125 (Internal Policy)  proc_id="firewall" rc="101"       Traffic

Have run virus and malware scans all coming back clean.  Have nothing on the network with a 172.16 IP either.  No idea why this traffic is happening.
0
Comment
Question by:remmett70
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Accepted Solution

by:
Sudeep Sharma earned 2000 total points
ID: 36720332
You could use Process Hacker or TCP View on those two computers to check which application is actually making the connection to the blocked IP addresses.

Process Hacker:
http://processhacker.sourceforge.net/

TCPView:
http://technet.microsoft.com/en-us/sysinternals/bb897437

Sudeep
0
 
LVL 10

Author Comment

by:remmett70
ID: 36720672
Thanks, TCPView helped.  It never showed the 172 IP address, but I was able to match up what was happening TCP activity with the deny in the firewall.

Turns out, this was related to spoolsv.exe  These computers had a TCP printer port for the 172.16.1.30 address.  No idea why, since we don't use a 172 internal.

0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question