IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New How to determine what app is dialling out

Have just moved house & while waiting for adsl line to be set up am using
dial-in to get to my isp.

One PC has WinXP Home installed. I have SpyBot & also AdAware installed & also have Zone Alarm Pro on it. Since setting up the dial-in, the machine regularly dials the ISP and I am trying to identify what app is doing it.

My guess is that it is a function of WindowsXP but I am aware that both Norton & Logitech apps have features that casue their apps to 'dial home'. In the past I have used Zone Alarm to block suspicious traffic but at this time it doesn't seem interested in *stopping* the dialling.

Does anyone know an easy way to identify what app is doing dialling at any point in time ?.

Doug M



New Somewhat simple way.
Go into Zone Alarm.
Cut off access for everything to the 'net.
Reallow items one at a time, until dialer starts up again.

There you go.

My bet is it is either Windows Update or Norton.
Nobody wins in a butter eating contest
New Re: Somewhat simple way.
Two interesting aspects to this

1st is that the dialing is being requested by Generic Host Process for Windows & if I block it I can't access the Internet.

Anyway according to Zone Alarm shortly after I logged in, the above component was the one trying to dial the Internet. It is a catch-22 - say no & you don't get access - say yes & the durned think keeps dialling in after a log off.

The frustration here is that Zone Alarm is touted as the best form of personal security but if I apply it I can't get *normal* access to the net. Turn Zone Alarm off & all seems ok.

Doug
Expand Edited by dmarker April 17, 2004, 05:21:57 AM EDT
New Re: Somewhat simple way.
Lock down the GHP long enough for windows to try to dial home, then later check the log to see where (IP and port) it was trying to connect to. You may be able to block access just to that port or IP and still be able to use GHP for normal connections.
~~~)-Steven----

"I want you to remember that no bastard ever won a war by dying for his country.
He won it by making the other poor dumb bastard die for his country..."

General George S. Patton
New Location of the log ?

Is this in the control panel/management area or somwhere in Windows dir ?

Tks

Doug
New Common enough that MS has a knowledgebase article on it.
[link|http://support.microsoft.com/?kbid=316530|Here].


OT. I wonder why I never noticed till just now that MS also means Multiple Sclerosis? Makes sense though. A pc with MS does seem to have a progressive degenerative condition.
-----------------------------------------
It is much harder to be a liberal than a conservative. Why?
Because it is easier to give someone the finger than it is to give them a helping hand.
Mike Royko
New That KB Article, (and other referenced KB articles in it)
Tells me more than i want to know. Microsoft (in those KB articles) has just admitted that the OS they produce *IS* *NON*-secure (No, proper wording).

non-secure to me means they have all the "appearance" of being secure and having everythinig in place to be secure... But it is all mock-up.

Similar to the Shuttle Scenes in movies. The have all the OLD style displays and other various equipment from the 80s. Because that is what the public "expects".

Today, the shuttle really has "glass" consoles. All displays are full color, information is displayed graphically, rendered real-time, it'd look too "futuristic" for the Movies ... would give the public the feeling "A Space Odyssey:2001" and HAL was all there. *SHRUG*

I guess, M$, being a degenerative system seems about right.

"I'm sorry Dave. I can't take you where you want to go today." is what it is all about.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey

Give a man a match, he'll be warm for a minute.
Set him on fire, he'll be warm for the rest of his life!
New Many thanks - seems we each need a personal MS database :-)

to help us deal with the myriad and plethora of fscked-up garbage they foist on us.

Can now go back to hiding behind Zone Alarm. Also I really miss not having my Wi-Fi firewall (it is on a side lan until I get my new adsl link activated).

What really pisses me off about such MS foibles is that as much as I try to investigate & keep on top of their security peculiarities, I am not able to do so. The help you have provided helps explain why orgs such as Iwethey are so valuable - we can all try to help each other. Part of my job as an architect is to advise on security matters (mostly the overall architecture) but as with most medium sized companies, am expected to be able to advise our network guys on trends etc:.

Last Friday I attended a seminar by Enterasys on networks of the future. Very interesting stuff. Mainly to do with the marriage of IDS discovery with automatic network management & adjustmnt.

Anyway - thanks

Doug Marker



New dialling out again - but this time due to

mail server trying to contact home.
Stopped that & the new dialling stopped.

Doug M
Expand Edited by dmarker April 21, 2004, 05:48:29 PM EDT
New unplug phone line when not logged in
"You're just like me streak. You never left the free-fire zone.You think aspirins and meetings and cold showers are going to clean out your head. What you want is God's permission to paint the trees with the bad guys. That wont happen big mon." Clete
questions, help? [link|mailto:pappas@catholic.org|email pappas at catholic.org]
New I think I found a description
[link|http://www.theeldergeek.com/remote_access_auto_connection_manager.htm|here]
-----------------------------------------
It is much harder to be a liberal than a conservative. Why?
Because it is easier to give someone the finger than it is to give them a helping hand.
Mike Royko
     How to determine what app is dialling out - (dmarker) - (10)
         Somewhat simple way. - (inthane-chan) - (3)
             Re: Somewhat simple way. - (dmarker) - (2)
                 Re: Somewhat simple way. - (Steven A S) - (1)
                     Location of the log ? - (dmarker)
         Common enough that MS has a knowledgebase article on it. - (Silverlock) - (3)
             That KB Article, (and other referenced KB articles in it) - (folkert)
             Many thanks - seems we each need a personal MS database :-) - (dmarker)
             dialling out again - but this time due to - (dmarker)
         unplug phone line when not logged in -NT - (boxley)
         I think I found a description - (Silverlock)

Let the spreading of TV dinners on the roads begin!
57 ms