I’ve got a Direcway satellite system at home with 2 PCs hanging off a small LAN. Recently, I’ve been seeing a LOT of activity on the modems even when nothing should be happening.
So far, I’ve tried Symantec virus scan, Spy-Bot, Ad-Aware, and Trojan Hunter. None of the packages have found anything at all but I keep ssing that modem activity. The system works well enough but I have an uncomfortable feeling something is happening. Any ideas?
TIA
Testy
Get a cheap hub… make sure it is a hub and not a switch. And run Ethereal or another Packet Sniffer on one of the machines. You can examine the types of packets and any data in them and maybe figure out what is going on. I’m sure you can Google for specific instructions on how to do this.
Are you running Zone Alarm on those computers? It will inform you of outbound activity and you should be able to see what process is generating it. It will probably take some detective work, but you should be able to track down what is happening.
I hadn’t thought of that. I’ve got a small switch right now but maybe I can borrow a hub somewhere. I’m about at the point of scraping the drive down to bare metal and starting over and probably would have by now if it wasn’t such a pain in the butt to get the Direcway system running.
I’m still left with trying to figure out how whatever-it-is got through the Symantec firewall.
Thanks for the suggestion and I’ll give this a try. On a related question, I did a program scan with the Symantec and it found something called “Ticali dialer.” I’ve never heard of this and can’t find it using the regular search methods which makes me think it is some kind of mal-ware. Ever hear of it?
Thanks again
Testy
Thanks, I’ll give Zone-alarm a try. I’m running the Symantec internet security package at the moment. I’ve had it for about a year and it generally does OK. So far, Symantec hasn’t identified anything odd about the outbound traffic but maybe I can jack-up the reporting level and get something useful.
Thanks again
Testy
If you do have a switch, is this unknown data actually going to either computer? Does it happen with both PCs off? If not, then it’s likely just random traffic - people port scanning, worms trying to find another target, clients trying to connect to the Kazzaa session you closed an hour ago… things like that.
Go with the Ethereal idea if you’re really curious.
Do you have Automatic Updates enabled on either of your PCs? It’s possible that one of them is downloading Windows Updates in the background. You can test this by stopping and disabling Automatic Updates and Background Intelligent Transfer Service under Control Panel|Administrative Tools|Services.
Is it Tiscali Dialer? I haven’t found any references to it being malware. Could it be something the Direcway software installed?