Help with cleaning my home computer (after running Network Probe)

Help with cleaning my home computer (after running Network Probe)
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Help with cleaning my home computer (after running Network Probe) mCassidy 09-12-2007
Posted by mCassidy on September 12, 2007, 12:24 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I am looking for some help on identifying what type of activity is
possibly happening on my home computer and what I can do about it.

I suspected that there was SOME type of activity as my HDD always
seems to be running..just a teeny little bit at a time but when there
is nothing going on in the room I notice it. I went through the
updates of Spybot, Ad-aware, Spywareblaster.. cleaned up some usual
junk but nothing serious. I did a little bit of reading and ended up
downloading Network Probe. I figured out how to view the activity
from my computer and right away it looked like I had a lot of activity
from a Protocol named ether.ARP. Looking at the conversations using
this protocol I see a growing list transferring anywhere from ~1KB up
to about 30KB over a varied amount of packets.

For example, the largest size (32.7KB) was first seen at 23:01:26
(when I first started the program) and by the latest sighting at
23:49:56 had transferred (now) 33.3KB over 533 packets. Neither the
Source Host or Destination Host matches my IP address/Default Gateway.

ether.ARP is the top protocol for activity in the past hour with 3.7MB
over 60,000+ packets!! That just doesn't seem like normal activity!

Looking closer at the list of conversations for this protocol I see a
few key Source Hosts:
1) cpe-xx-xxx-xx-x.cinci.res.rr.com
2) VOIP-xx-xxx-xx-x.cinci.rr.com
3) user-xxxxxxx.cable.mindspring.com
4) rrcs-xx-xxx-xx-xxx.central.biz.rr.com
5) dhcp-xx-xx-xxx-xxx.cinci.twc.wcoilexpress.com

(There are a couple variations of the xx's through the list but these
are the major hosts)

Anyhow, I am a little stumped from here. Some of the Source Hosts
share the same IP as my Default Gateway. I am wondering what I can do
with this information and how I can stop this information from being
transferred through my computer? I thought that I could possibly
block each of these addresses.. but I am not sure that is the best
solution.

Hopefully someone can help me towards the right direction.

Thanks :)


Similar ThreadsPosted
Strange network probe activity November 15, 2006, 2:41 pm
How useful is a vulnerable home computer ? April 8, 2007, 12:37 am
will these instructions damage my home computer??? March 27, 2005, 8:13 pm
Probe launched after CIBC loses data on clients January 18, 2007, 6:03 pm
REVIEW: "Corporate Computer and Network Security", Raymond R. Panko August 25, 2005, 8:25 pm
HPSBMA02242 SSRT061260 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Shared Trace Service, Remote Arbitrary Code Execution August 13, 2007, 4:40 pm
HPSBMA02242 SSRT061260 rev.2 - HP OpenView Network Node Manager (OV NNM) Running Shared Trace Service, Remote Arbitrary Code Execution August 17, 2007, 1:48 pm
HPSBMA02242 SSRT061260 rev.3 - HP OpenView Network Node Manager (OV NNM) Running Shared Trace Service, Remote Arbitrary Code Execution April 8, 2008, 2:05 pm
HPSBMA02328 SSRT071293 rev.2 - HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code April 17, 2008, 10:46 am
Network Restructuring (Network Design and Equipment) May 16, 2006, 9:38 am

The site map in XML format XML site map

Contact Us | Privacy Policy