• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Unknown network connection!! Hack attempt?

Y

Yossarian

Lifer
I'm using a cable modem through Adelphia, running WinXP and Zone Alarm Pro, all fully updated.

I just saw a new, unknown connection appear in the systray. When I look at it in network connections, it appears in the internet gateway section.

I have no idea what this is or how to stop it. I'm pretty sure I have ZA setup right. Only the most essential programs have internet access. Any ideas? How can I get the IP address of this unauthorized connection?
 
Internet Gateway network connection icon comes courtesy of a UPnP/SSDP compliant router (for example the latest code on the Linksys BEFSR41 series routers is UPnP compliant). This is no big deal assuming that you have applied the patches for XP's SSDP vulnerabilities. If you right click the icon, select status, click properties button and then click the settings button, you should get a front end for configuring port forwarding in your router.

-Dave
 
Sounds like there's another computer on your Powerlink node that's running internet connection sharing. Got something like that which shows up in my network connections as well (running XP here, too). XP just automatically detected that another computer on the "network" created with Adelphia Powerlink is running ICS.

JW
 
Hmm interesting! I haven't seen it since the day before I posted so I haven't had a chance to try netstat. I wonder if Adelphia could do something about it if they know the IP address.
 
run a packet sniffer/netstat and find the IP. Then do a services/trace on the user to see who/what/where they are.

-=bmacd=-
 
Just a thought.... does it say "Disabled" under the name of the connection in the Network Connections window? If so, then it's only been a detected connection and not actually in use. Translation: it's really nothing to worry about.

Just my 2¢

JW

Edited.... meant to say that if it's disabled, there's nothing to worry about. If the connection is Enabled, then you need to start worrying.
 
It showed up as enabled, but I was able to disable it manually. I haven't seen it again since I posted last, hopefully it won't come back.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top