Security Basics mailing list archives
Re: Finding which programme started an outgoing connection
From: "Littlefield, Tyler" <tyler () tysdomain com>
Date: Tue, 08 Feb 2011 21:34:56 -0700
The only way to know if a program is configured to connect to that IP would be to attach a debugger and start poking through it. I would recommend starting at startup, but netstat or something similar is going to be your best bet.
On 2/8/2011 9:32 PM, Nikhil Manampady wrote:
Hi Tyler, Alternatively you can check in the registry whether any program is configured to load at startup and connect to that particular IP. In Windows XP, it was HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. On the right you will see programs which will be loaded at startup. You would probably need to check the same in Win 7. Alternatively check in services.msc whether there are any programs which are running which are not required. Maybe stopping some or one of them might solve the issue. Thanks& Regards, Nikhil Manampady, Security Consultant. On Mon, Feb 7, 2011 at 10:43 PM, Littlefield, Tyler<tyler () tysdomain com> wrote:Have you thought of running netstat? This may be a longshot, but you could create a script that starts on startup that checks netstat, or you can start it right as you boot up yourself to see what opens that program. On 2/5/2011 4:38 AM, Tom Causer wrote:Hello List, This is more of an end user question then anything else: I use zone alarm on my pc, and it is alerting that some during boot up is attempting to connect (UDP) to an IP address in the Netherlands 81.171.115.5 (it looks like some colocation service over there). Now I would like to know how I can track back to find out what service is making that connection during boot up, but I have no idea how I would go about doing that? (Other then setting up a hub with my desktop and capture in wireshark, which I can do fine, its just the analysis of the traffic to find out whats causing it, so I would rather not do that step) Using Windows 7 OS. Cheers, Tom ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 -------------------------------------------------------------------------- Thanks, Ty ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
-- Thanks, Ty ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Finding which programme started an outgoing connection Tom Causer (Feb 07)
- Re: Finding which programme started an outgoing connection Littlefield, Tyler (Feb 08)
- RE: Finding which programme started an outgoing connection Matthew Reed (Feb 10)
- Re: Finding which programme started an outgoing connection Nikhil Manampady (Feb 10)
- Re: Finding which programme started an outgoing connection Littlefield, Tyler (Feb 10)
- Re[2]: Finding which programme started an outgoing connection Adam Pal (Feb 11)
- Re: Re[2]: Finding which programme started an outgoing connection Nikhil Manampady (Feb 11)
- Re: Finding which programme started an outgoing connection Littlefield, Tyler (Feb 08)
- Re: Finding which programme started an outgoing connection anthony kasza (Feb 08)
- Re: Finding which programme started an outgoing connection Richard Thomas (Feb 11)
- AW: Finding which programme started an outgoing connection FH_Steini (Feb 11)
- <Possible follow-ups>
- Re: Finding which programme started an outgoing connection tomasello2000 (Feb 08)
- Re: Finding which programme started an outgoing connection scott_conklin (Feb 10)
- Re: Finding which programme started an outgoing connection mcsegold (Feb 10)