Solved

Locate machine connecting to ip address in Windows network

Posted on 2014-01-15
1
348 Views
Last Modified: 2014-01-16
Looking through the (very) basic reports available on my Sonicwall TZ170, I can see that there has been 2500 'hits" to a website called xtracker.info.

As best as I can tell, this site is the connection port for a virus/backdoor/trojan.

How can I try to find out what machines in my Windows network are connecting to this site?

I will of course block connections to this IP address using the Sonicwall, but I'd like to locate and remove the malware first.

Thanks
0
Comment
Question by:encoad
1 Comment
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 500 total points
ID: 39784577
Hi,

There was a similar question a few days back, it might help you get to the infected machines:

http://www.experts-exchange.com/Security/Misc/Q_28334188.html

Basically, placing a sniffer near a concentration point (e.g: switch before firewall capable of setting a monitor port) and filtering the traffic.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
windows 7 login times take 30 minutes with AD 8 48
Connect two buildings 6 31
Setting up static routes to  sonicwll 4 33
see android hidden files 10 24
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question