Spies in my modem

Factual Questions
1

I’m sitting there reading an endless post in great debates, while composing one of my own.

Ten minutes goes by and I haven’t clicked anything. All of a sudden my modem lights start flashing.

I put the cursor on the modem icon, and the little bugger is sending and receiving like mad.

I thought maybe it was a new ad loading, but nothing at all is going on, it’s just sending and receiving, what I don’t know, and it didn’t ask my permission.

I’ve noticed this going on at other times too!

If I disconnect, I automatically get the reconnect window as if I had started netscape while logged off. I click cancel and it comes up again.

I’m getting real paranoid about this. Does anybody have any idea what’s going on here?

2

All I can say is that I’m having a lot of fun poking around your C:\picturesofmenaked\ directory.

3

If you’re running ICQ, your computer may be periodically updating the central server. There are a few other programs which might look on the internet every once in a while (like a mail-checker).

Or you could have been hacked. :slight_smile:

4

Probably just confirmation datagrams…nothing to worry about.

Your ISP is just seeing if you’re really still there.

Or, as was mentioned earlier, some other program may be updating itself (AltaVista, ICQ, and some MS products do this routinely.)

-David

5

To see who’s connected to your computer :

Go to a DOS prompt.

Type ‘netstat’ {without the apostrophe’s)

While nerd & Soulfrost are probably correct, it could very well be that you have a Trojan, like NetBus or BackOrifice. Have you been running programs you got from IRC, Usenet, email, or suspicious web sites?

“Honey we’re recovering Christians.”
–Tori Amos - In the Springtime of his Voodoo

6

A correction to neutron star’s post…

Type ‘netstat -a’ then hit the enter(return) key.

You should see something similar to the following listing:

Active Connections

Proto Local Address Foreign Address State
TCP local host:1028 H1:0 LISTENING
TCP local host:5190 H1:0 LISTENING
TCP local host:1028 tfep-fb8.dial.aol.com:16303 ESTABLISHED
TCP local host:137 H1:0 LISTENING
TCP local host:138 H1:0 LISTENING
TCP local host:nbsession H1:0 LISTENING
TCP local host:2670 H1:0 LISTENING
TCP local host:137 H1:0 LISTENING
TCP local host:138 H1:0 LISTENING
TCP local host:nbsession H1:0 LISTENING
TCP local host:22701 H1:0 LISTENING
TCP local host:22702 H1:0 LISTENING
TCP local host:22703 H1:0 LISTENING
TCP local host:22704 H1:0 LISTENING
TCP local host:22705 H1:0 LISTENING
TCP local host:22706 H1:0 LISTENING
TCP local host:1029 H1:0 LISTENING
TCP local host:1298 vip-wa.proxy.aol.com:80 TIME_WAIT
TCP local host:137 H1:0 LISTENING
TCP local host:138 H1:0 LISTENING
TCP local host:nbsession H1:0 LISTENING
UDP local host:5190 :
UDP local host:nbname :
UDP local host:nbdatagram :
UDP local host:2670 :
UDP local host:nbname :
UDP local host:nbdatagram :
UDP local host:22701 :
UDP local host:22702 :
UDP local host:22703 :
UDP local host:22704 :
UDP local host:22705 :
UDP local host:22706 :
UDP local host:1029 :
UDP local host:nbname :
UDP local host:nbdatagram :

I’ll wager the formatting gets botched up in the html rendering, but you get the idea.

Sorry, I know some of you hate AOL, but it’s not a hassle if you control it rather than letting it control you.

If you poke around your computer a bit, you’ll find lots of other networking utilities that will give you good information: arp, nbtstat, ping and so on.

Kalél
Common ¢ for all ages…
“Well, there was that thing with the Cheese-Wiz…but I’m feeling much better now!” – John Astin, Night Court

7

You might try the free online virus scanner from mcafee.com

Also, hit crtl alt del & see what programs are running.