hello everyone... im not sure if this is the right place.. but spare with me. i have abroardband conncetion. and every time I turn on the pc. my netstat tool show a active connection. protocol tcp port 3660.. foreign address: 220.67.19.97.reverse.theplanet.com:http ESTABLISHED. now! i have windows XP pro tcp filteriung on and allow only few ports... 3660 is not among them... still the connection is there,,, futhermore i have made a security policy blocking this addresss and port.. still.. its there,,, i have also added the dns namepsace to the (restricted site) under internet security for iexplorer.. still connected. my question is : how do I block or stop this connection,, now I have made all this setting and blocking..
It's because your firewall (XP internal) does net block OUTGOING trafic. Also your policy prob. block incomming trafic form the external adress, but not outgoing trafic from your IP to the (blocked) external IP.
It looks like you have a trojan that automatically connects out to the internal adress. You need to do the following.
First install a personal firewall that handles outgoing trafic as well. Look at Sygate personal firewall, its free and works well.
Next you need to scan your PC. You can use HijackThis and past the log in this forum to get help cleaning out the trojan.
hi and thanks for heling me.. i do have firewall and security up.. and my security policies do go both incoming and outgoing,, as I did not know what traffic this connection made. yes true... XP only filter incoming,, i did mangage to add the adress in my local host file.. that way I could revers the ip address to the real ip.. thats is how I found that the media contoll protocol was in use.. and i only have realplayer in use.. so I found the cause of this connection,, no hacker attatc.. but me lack of control of realplaeyr internet settings.. :-) I learn I thank you anyhow for your helpfulness..
You are wellcome. Realplayer, and all other applications that are used for communication purposes or connect them selves poses a problem for the security manager. I allways try to documente what they do, what protocols they use and what theu connect to.
Synes godt om
Ny brugerNybegynder
Din løsning...
Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.
