Paranoia

Forgive me for the double posting, but I am not sure to whom should I
addressee this problem. Perhaps is only paranoia. Hoping that someone might
read my long winded story and perhaps assist me with this situation.
I have noticed at some idle times, that the network, local area and/or
wireless connections icons lights are on, and there is traffic of packets.
This is at times when I am not using neither the browser nor the mail agent.
With the only exception of the antivirus (Trend Micro) update set automatic
every 12 hours, I do not have knowingly any automatic downloads or updating
set, only the antivirus. I abhor the idea. I have no viruses or malware,
having scan several times, even with 3 different anti-adware programs. Task
manager does not show me any significant activity in processes, but in
networking I can see about a 0.15 % to 0.17% utilization with no users but
myself. A Web Activity log from the router shows me several URL connecting
to IP addresses of any machine I have on (7), some denoting programs from
vendors or software I do not or not aware I have.
I realize some software use other peoples software and usually they ask for
permission to automatically update. Obviously some do not or I have spies
that are not being detected.
The only thing that stop the activity, is by turning off the internet
connection at the security software.
My questions are: 1] what is going on? (other than my own crazy
imagination), 2] How we find the source? 3] How do we stop this? (other than
disconnecting)
Much grateful for your interest, thanks.


--
R. E. CREAGH, MD FACS
Heartburn Center DM
Heartburn! WHY!

Hi
A computer connected to the Internet is like a ""living animal"" and there
is always some kind of Network activity generates by various processes.
Using more than One Firewall, One Antivirus, and One Anti-Adware programs is
a mistake. It does not add security and eventually it would destabilize the
TCP/IP Stack (it also part of the idle network activity).
Read this page it might clarify some of the issue involved,
http://www.ezlan.net/firewall.html
Jack (MVP-Networking).

"Rolando E Creagh, MD FACS" <recreaghmd@hotmail.com> wrote in message
news:uHpj9GFbIHA.4180@TK2MSFTNGP06.phx.gbl...
> Forgive me for the double posting, but I am not sure to whom should I
> addressee this problem. Perhaps is only paranoia. Hoping that someone
> might read my long winded story and perhaps assist me with this situation.
> I have noticed at some idle times, that the network, local area and/or
> wireless connections icons lights are on, and there is traffic of
> packets. This is at times when I am not using neither the browser nor the
> mail agent. With the only exception of the antivirus (Trend Micro) update
> set automatic every 12 hours, I do not have knowingly any automatic
> downloads or updating set, only the antivirus. I abhor the idea. I have no
> viruses or malware, having scan several times, even with 3 different
> anti-adware programs. Task manager does not show me any significant
> activity in processes, but in networking I can see about a 0.15 % to 0.17%
> utilization with no users but myself. A Web Activity log from the router
> shows me several URL connecting to IP addresses of any machine I have on
> (7), some denoting programs from vendors or software I do not or not aware
> I have.
> I realize some software use other peoples software and usually they ask
> for permission to automatically update. Obviously some do not or I have
> spies that are not being detected.
> The only thing that stop the activity, is by turning off the internet
> connection at the security software.
> My questions are: 1] what is going on? (other than my own crazy
> imagination), 2] How we find the source? 3] How do we stop this? (other
> than disconnecting)
> Much grateful for your interest, thanks.
>
>
> --
> R. E. CREAGH, MD FACS
> Heartburn Center DM
> Heartburn! WHY!
>

Living animal is right!
Thanks for the return and could no agree with you more.
I do have multiple anti-spy software, but none are running resident. None
are full proof as they miss spyware, so if there are suspicions, one is not
enough.
I Use only one firewall per machine, even as there the one in the router. It
will certainly be nice if they were to fully work at the level of the
router, instead of at every single computer in a network. Sure, it is
possible to have a server and router and have all the network work through
that server, but unpractical in the wild.
A remote switch (even by software) that could disconnect from the internet
at the level of the router could be helpful, instead of those present at the
computer firewall, essentially interrupting the network. But impractical as
can be imagine, if one on each net computer.
Never mind dreaming

What I would like to find is a software or procedure which could detect and
identify those intruders in order to deactivate them. The router log tells
you were they are connecting, but not who originate the connection.

Is there such a thing?
Cheers

"Jack (MVP-Networking)." <jack@discussiongroup.com> wrote in message
news:%23ykmSMObIHA.5348@TK2MSFTNGP03.phx.gbl...
> Hi
> A computer connected to the Internet is like a ""living animal"" and there
> is always some kind of Network activity generates by various processes.
> Using more than One Firewall, One Antivirus, and One Anti-Adware programs
> is a mistake. It does not add security and eventually it would destabilize
> the TCP/IP Stack (it also part of the idle network activity).
> Read this page it might clarify some of the issue involved,
> http://www.ezlan.net/firewall.html
> Jack (MVP-Networking).
>
> "Rolando E Creagh, MD FACS" <recreaghmd@hotmail.com> wrote in message
> news:uHpj9GFbIHA.4180@TK2MSFTNGP06.phx.gbl...
>> Forgive me for the double posting, but I am not sure to whom should I
>> addressee this problem. Perhaps is only paranoia. Hoping that someone
>> might read my long winded story and perhaps assist me with this
>> situation.
>> I have noticed at some idle times, that the network, local area and/or
>> wireless connections icons lights are on, and there is traffic of
>> packets. This is at times when I am not using neither the browser nor the
>> mail agent. With the only exception of the antivirus (Trend Micro) update
>> set automatic every 12 hours, I do not have knowingly any automatic
>> downloads or updating set, only the antivirus. I abhor the idea. I have
>> no viruses or malware, having scan several times, even with 3 different
>> anti-adware programs. Task manager does not show me any significant
>> activity in processes, but in networking I can see about a 0.15 % to
>> 0.17% utilization with no users but myself. A Web Activity log from the
>> router shows me several URL connecting to IP addresses of any machine I
>> have on (7), some denoting programs from vendors or software I do not or
>> not aware I have.
>> I realize some software use other peoples software and usually they ask
>> for permission to automatically update. Obviously some do not or I have
>> spies that are not being detected.
>> The only thing that stop the activity, is by turning off the internet
>> connection at the security software.
>> My questions are: 1] what is going on? (other than my own crazy
>> imagination), 2] How we find the source? 3] How do we stop this? (other
>> than disconnecting)
>> Much grateful for your interest, thanks.
>>
>>
>> --
>> R. E. CREAGH, MD FACS
>> Heartburn Center DM
>> Heartburn! WHY!
>>
>

On Mon, 11 Feb 2008 19:39:17 -0600, "Rolando E Creagh, MD FACS"
<recreaghmd@hotmail.com> wrote:

>"Jack (MVP-Networking)." <jack@discussiongroup.com> wrote in message
>news:%23ykmSMObIHA.5348@TK2MSFTNGP03.phx.gbl...
>> Hi
>> A computer connected to the Internet is like a ""living animal"" and there
>> is always some kind of Network activity generates by various processes.
>> Using more than One Firewall, One Antivirus, and One Anti-Adware programs
>> is a mistake. It does not add security and eventually it would destabilize
>> the TCP/IP Stack (it also part of the idle network activity).
>> Read this page it might clarify some of the issue involved,
>> http://www.ezlan.net/firewall.html
>> Jack (MVP-Networking).
>>
>> "Rolando E Creagh, MD FACS" <recreaghmd@hotmail.com> wrote in message
>> news:uHpj9GFbIHA.4180@TK2MSFTNGP06.phx.gbl...
>>> Forgive me for the double posting, but I am not sure to whom should I
>>> addressee this problem. Perhaps is only paranoia. Hoping that someone
>>> might read my long winded story and perhaps assist me with this
>>> situation.
>>> I have noticed at some idle times, that the network, local area and/or
>>> wireless connections icons lights are on, and there is traffic of
>>> packets. This is at times when I am not using neither the browser nor the
>>> mail agent. With the only exception of the antivirus (Trend Micro) update
>>> set automatic every 12 hours, I do not have knowingly any automatic
>>> downloads or updating set, only the antivirus. I abhor the idea. I have
>>> no viruses or malware, having scan several times, even with 3 different
>>> anti-adware programs. Task manager does not show me any significant
>>> activity in processes, but in networking I can see about a 0.15 % to
>>> 0.17% utilization with no users but myself. A Web Activity log from the
>>> router shows me several URL connecting to IP addresses of any machine I
>>> have on (7), some denoting programs from vendors or software I do not or
>>> not aware I have.
>>> I realize some software use other peoples software and usually they ask
>>> for permission to automatically update. Obviously some do not or I have
>>> spies that are not being detected.
>>> The only thing that stop the activity, is by turning off the internet
>>> connection at the security software.
>>> My questions are: 1] what is going on? (other than my own crazy
>>> imagination), 2] How we find the source? 3] How do we stop this? (other
>>> than disconnecting)
>>> Much grateful for your interest, thanks.

>Living animal is right!
>Thanks for the return and could no agree with you more.
>I do have multiple anti-spy software, but none are running resident. None
>are full proof as they miss spyware, so if there are suspicions, one is not
>enough.
>I Use only one firewall per machine, even as there the one in the router. It
>will certainly be nice if they were to fully work at the level of the
>router, instead of at every single computer in a network. Sure, it is
>possible to have a server and router and have all the network work through
>that server, but unpractical in the wild.
>A remote switch (even by software) that could disconnect from the internet
>at the level of the router could be helpful, instead of those present at the
>computer firewall, essentially interrupting the network. But impractical as
>can be imagine, if one on each net computer.
>Never mind dreaming
>
>What I would like to find is a software or procedure which could detect and
>identify those intruders in order to deactivate them. The router log tells
>you were they are connecting, but not who originate the connection.
>
>Is there such a thing?

Roland,

The best way to protect yourself is with robust, well maintained layered
security. A personal firewall on each computer, and the NAT process in the
router (which may or may not include a firewall) are good layers. Anti-trojan
and anti-virus protection is essential too. And the most essential layer is
you.
<http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
http://nitecruzr.blogspot.com/2005/0...ayer-your.html

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

Agree
I already do what you recommend, but my question is about something going
OUT of my computers. All our protection is for outside treats.
Paranoia is helpful taking care of patients and problems.
Cheers


"Chuck [MVP]" <none@example.net> wrote in message
news:0ue2r3li3kdi685a25uib9tdkf0lsv82ku@4ax.com...
> On Mon, 11 Feb 2008 19:39:17 -0600, "Rolando E Creagh, MD FACS"
> <recreaghmd@hotmail.com> wrote:
>
>>"Jack (MVP-Networking)." <jack@discussiongroup.com> wrote in message
>>news:%23ykmSMObIHA.5348@TK2MSFTNGP03.phx.gbl.. .
>>> Hi
>>> A computer connected to the Internet is like a ""living animal"" and
>>> there
>>> is always some kind of Network activity generates by various processes.
>>> Using more than One Firewall, One Antivirus, and One Anti-Adware
>>> programs
>>> is a mistake. It does not add security and eventually it would
>>> destabilize
>>> the TCP/IP Stack (it also part of the idle network activity).
>>> Read this page it might clarify some of the issue involved,
>>> http://www.ezlan.net/firewall.html
>>> Jack (MVP-Networking).
>>>
>>> "Rolando E Creagh, MD FACS" <recreaghmd@hotmail.com> wrote in message
>>> news:uHpj9GFbIHA.4180@TK2MSFTNGP06.phx.gbl...
>>>> Forgive me for the double posting, but I am not sure to whom should I
>>>> addressee this problem. Perhaps is only paranoia. Hoping that someone
>>>> might read my long winded story and perhaps assist me with this
>>>> situation.
>>>> I have noticed at some idle times, that the network, local area and/or
>>>> wireless connections icons lights are on, and there is traffic of
>>>> packets. This is at times when I am not using neither the browser nor
>>>> the
>>>> mail agent. With the only exception of the antivirus (Trend Micro)
>>>> update
>>>> set automatic every 12 hours, I do not have knowingly any automatic
>>>> downloads or updating set, only the antivirus. I abhor the idea. I have
>>>> no viruses or malware, having scan several times, even with 3 different
>>>> anti-adware programs. Task manager does not show me any significant
>>>> activity in processes, but in networking I can see about a 0.15 % to
>>>> 0.17% utilization with no users but myself. A Web Activity log from the
>>>> router shows me several URL connecting to IP addresses of any machine I
>>>> have on (7), some denoting programs from vendors or software I do not
>>>> or
>>>> not aware I have.
>>>> I realize some software use other peoples software and usually they ask
>>>> for permission to automatically update. Obviously some do not or I have
>>>> spies that are not being detected.
>>>> The only thing that stop the activity, is by turning off the internet
>>>> connection at the security software.
>>>> My questions are: 1] what is going on? (other than my own crazy
>>>> imagination), 2] How we find the source? 3] How do we stop this? (other
>>>> than disconnecting)
>>>> Much grateful for your interest, thanks.
>
>>Living animal is right!
>>Thanks for the return and could no agree with you more.
>>I do have multiple anti-spy software, but none are running resident. None
>>are full proof as they miss spyware, so if there are suspicions, one is
>>not
>>enough.
>>I Use only one firewall per machine, even as there the one in the router.
>>It
>>will certainly be nice if they were to fully work at the level of the
>>router, instead of at every single computer in a network. Sure, it is
>>possible to have a server and router and have all the network work through
>>that server, but unpractical in the wild.
>>A remote switch (even by software) that could disconnect from the internet
>>at the level of the router could be helpful, instead of those present at
>>the
>>computer firewall, essentially interrupting the network. But impractical
>>as
>>can be imagine, if one on each net computer.
>>Never mind dreaming
>>
>>What I would like to find is a software or procedure which could detect
>>and
>>identify those intruders in order to deactivate them. The router log tells
>>you were they are connecting, but not who originate the connection.
>>
>>Is there such a thing?
>
> Roland,
>
> The best way to protect yourself is with robust, well maintained layered
> security. A personal firewall on each computer, and the NAT process in
> the
> router (which may or may not include a firewall) are good layers.
> Anti-trojan
> and anti-virus protection is essential too. And the most essential layer
> is
> you.
> <http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
> http://nitecruzr.blogspot.com/2005/0...ayer-your.html
>
> --
> Cheers,
> Chuck, MS-MVP 2005-2007 [Windows - Networking]
> http://nitecruzr.blogspot.com/
> Paranoia is not a problem, when it's a normal response from experience.
> My email is AT DOT
> actual address pchuck mvps org.

Rolando E Creagh, MD FACS wrote:
> Agree
> I already do what you recommend, but my question is about something going
> OUT of my computers. All our protection is for outside treats.
> Paranoia is helpful taking care of patients and problems.
> Cheers
>
>
> "Chuck [MVP]" <none@example.net> wrote in message
> news:0ue2r3li3kdi685a25uib9tdkf0lsv82ku@4ax.com...
>> On Mon, 11 Feb 2008 19:39:17 -0600, "Rolando E Creagh, MD FACS"
>> <recreaghmd@hotmail.com> wrote:
>>
>>> "Jack (MVP-Networking)." <jack@discussiongroup.com> wrote in message
>>> news:%23ykmSMObIHA.5348@TK2MSFTNGP03.phx.gbl...
>>>> Hi
>>>> A computer connected to the Internet is like a ""living animal"" and
>>>> there
>>>> is always some kind of Network activity generates by various processes.
>>>> Using more than One Firewall, One Antivirus, and One Anti-Adware
>>>> programs
>>>> is a mistake. It does not add security and eventually it would
>>>> destabilize
>>>> the TCP/IP Stack (it also part of the idle network activity).
>>>> Read this page it might clarify some of the issue involved,
>>>> http://www.ezlan.net/firewall.html
>>>> Jack (MVP-Networking).
>>>>
>>>> "Rolando E Creagh, MD FACS" <recreaghmd@hotmail.com> wrote in message
>>>> news:uHpj9GFbIHA.4180@TK2MSFTNGP06.phx.gbl...
>>>>> Forgive me for the double posting, but I am not sure to whom should I
>>>>> addressee this problem. Perhaps is only paranoia. Hoping that someone
>>>>> might read my long winded story and perhaps assist me with this
>>>>> situation.
>>>>> I have noticed at some idle times, that the network, local area and/or
>>>>> wireless connections icons lights are on, and there is traffic of
>>>>> packets. This is at times when I am not using neither the browser nor
>>>>> the
>>>>> mail agent. With the only exception of the antivirus (Trend Micro)
>>>>> update
>>>>> set automatic every 12 hours, I do not have knowingly any automatic
>>>>> downloads or updating set, only the antivirus. I abhor the idea. I have
>>>>> no viruses or malware, having scan several times, even with 3 different
>>>>> anti-adware programs. Task manager does not show me any significant
>>>>> activity in processes, but in networking I can see about a 0.15 % to
>>>>> 0.17% utilization with no users but myself. A Web Activity log from the
>>>>> router shows me several URL connecting to IP addresses of any machine I
>>>>> have on (7), some denoting programs from vendors or software I do not
>>>>> or
>>>>> not aware I have.
>>>>> I realize some software use other peoples software and usually they ask
>>>>> for permission to automatically update. Obviously some do not or I have
>>>>> spies that are not being detected.
>>>>> The only thing that stop the activity, is by turning off the internet
>>>>> connection at the security software.
>>>>> My questions are: 1] what is going on? (other than my own crazy
>>>>> imagination), 2] How we find the source? 3] How do we stop this? (other
>>>>> than disconnecting)
>>>>> Much grateful for your interest, thanks.
>>> Living animal is right!
>>> Thanks for the return and could no agree with you more.
>>> I do have multiple anti-spy software, but none are running resident. None
>>> are full proof as they miss spyware, so if there are suspicions, one is
>>> not
>>> enough.
>>> I Use only one firewall per machine, even as there the one in the router.
>>> It
>>> will certainly be nice if they were to fully work at the level of the
>>> router, instead of at every single computer in a network. Sure, it is
>>> possible to have a server and router and have all the network work through
>>> that server, but unpractical in the wild.
>>> A remote switch (even by software) that could disconnect from the internet
>>> at the level of the router could be helpful, instead of those present at
>>> the
>>> computer firewall, essentially interrupting the network. But impractical
>>> as
>>> can be imagine, if one on each net computer.
>>> Never mind dreaming
>>>
>>> What I would like to find is a software or procedure which could detect
>>> and
>>> identify those intruders in order to deactivate them. The router log tells
>>> you were they are connecting, but not who originate the connection.
>>>
>>> Is there such a thing?
>> Roland,
>>
>> The best way to protect yourself is with robust, well maintained layered
>> security. A personal firewall on each computer, and the NAT process in
>> the
>> router (which may or may not include a firewall) are good layers.
>> Anti-trojan
>> and anti-virus protection is essential too. And the most essential layer
>> is
>> you.
>> <http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
>> http://nitecruzr.blogspot.com/2005/0...ayer-your.html
>>
>> --
>> Cheers,
>> Chuck, MS-MVP 2005-2007 [Windows - Networking]
>> http://nitecruzr.blogspot.com/
>> Paranoia is not a problem, when it's a normal response from experience.
>> My email is AT DOT
>> actual address pchuck mvps org.
>
>

Here's a solution, but it's a bit of a pain to set up and use. Assuming
your set up is something like this:

router <--> Switch <--> individual computers

You can set up a network sniffer (I'd recommend Wireshark) in the
network to monitor all of the traffic like this:

router <--> hub <--> switch <--> individual computers

The hard part is going to be getting a true hub. Hubs echo all of the
traffic received from any host to ALL hosts. This would allow you to
monitor all of the traffic going to the router. If you can get a hub
with sufficient speed and available ports to meet needs you could
replace the switch with the hub until you are finished with your
examination of the traffic.

If you can't get a true hub, you could use instead a tap that will act
like a 2 port hub.

If you have a higher end switch, you can set up port mirroring so that
the switch sends all of the traffic to your sniffer.

Reading sniffer traffic can be painful because of the detail, but I
suspect you're up to it.

Dennis

Thanks, I will try that.
Cheers

"Dennis Dow" <dennis@mybesteducation.com> wrote in message
news:47B2EA57.2020904@mybesteducation.com...
> Rolando E Creagh, MD FACS wrote:
>> Agree
>> I already do what you recommend, but my question is about something going
>> OUT of my computers. All our protection is for outside treats.
>> Paranoia is helpful taking care of patients and problems.
>> Cheers
>>
>>
>> "Chuck [MVP]" <none@example.net> wrote in message
>> news:0ue2r3li3kdi685a25uib9tdkf0lsv82ku@4ax.com...
>>> On Mon, 11 Feb 2008 19:39:17 -0600, "Rolando E Creagh, MD FACS"
>>> <recreaghmd@hotmail.com> wrote:
>>>
>>>> "Jack (MVP-Networking)." <jack@discussiongroup.com> wrote in message
>>>> news:%23ykmSMObIHA.5348@TK2MSFTNGP03.phx.gbl...
>>>>> Hi
>>>>> A computer connected to the Internet is like a ""living animal"" and
>>>>> there
>>>>> is always some kind of Network activity generates by various
>>>>> processes.
>>>>> Using more than One Firewall, One Antivirus, and One Anti-Adware
>>>>> programs
>>>>> is a mistake. It does not add security and eventually it would
>>>>> destabilize
>>>>> the TCP/IP Stack (it also part of the idle network activity).
>>>>> Read this page it might clarify some of the issue involved,
>>>>> http://www.ezlan.net/firewall.html
>>>>> Jack (MVP-Networking).
>>>>>
>>>>> "Rolando E Creagh, MD FACS" <recreaghmd@hotmail.com> wrote in message
>>>>> news:uHpj9GFbIHA.4180@TK2MSFTNGP06.phx.gbl...
>>>>>> Forgive me for the double posting, but I am not sure to whom should I
>>>>>> addressee this problem. Perhaps is only paranoia. Hoping that someone
>>>>>> might read my long winded story and perhaps assist me with this
>>>>>> situation.
>>>>>> I have noticed at some idle times, that the network, local area
>>>>>> and/or
>>>>>> wireless connections icons lights are on, and there is traffic of
>>>>>> packets. This is at times when I am not using neither the browser nor
>>>>>> the
>>>>>> mail agent. With the only exception of the antivirus (Trend Micro)
>>>>>> update
>>>>>> set automatic every 12 hours, I do not have knowingly any automatic
>>>>>> downloads or updating set, only the antivirus. I abhor the idea. I
>>>>>> have
>>>>>> no viruses or malware, having scan several times, even with 3
>>>>>> different
>>>>>> anti-adware programs. Task manager does not show me any significant
>>>>>> activity in processes, but in networking I can see about a 0.15 % to
>>>>>> 0.17% utilization with no users but myself. A Web Activity log from
>>>>>> the
>>>>>> router shows me several URL connecting to IP addresses of any machine
>>>>>> I
>>>>>> have on (7), some denoting programs from vendors or software I do not
>>>>>> or
>>>>>> not aware I have.
>>>>>> I realize some software use other peoples software and usually they
>>>>>> ask
>>>>>> for permission to automatically update. Obviously some do not or I
>>>>>> have
>>>>>> spies that are not being detected.
>>>>>> The only thing that stop the activity, is by turning off the internet
>>>>>> connection at the security software.
>>>>>> My questions are: 1] what is going on? (other than my own crazy
>>>>>> imagination), 2] How we find the source? 3] How do we stop this?
>>>>>> (other
>>>>>> than disconnecting)
>>>>>> Much grateful for your interest, thanks.
>>>> Living animal is right!
>>>> Thanks for the return and could no agree with you more.
>>>> I do have multiple anti-spy software, but none are running resident.
>>>> None
>>>> are full proof as they miss spyware, so if there are suspicions, one is
>>>> not
>>>> enough.
>>>> I Use only one firewall per machine, even as there the one in the
>>>> router.
>>>> It
>>>> will certainly be nice if they were to fully work at the level of the
>>>> router, instead of at every single computer in a network. Sure, it is
>>>> possible to have a server and router and have all the network work
>>>> through
>>>> that server, but unpractical in the wild.
>>>> A remote switch (even by software) that could disconnect from the
>>>> internet
>>>> at the level of the router could be helpful, instead of those present
>>>> at
>>>> the
>>>> computer firewall, essentially interrupting the network. But
>>>> impractical
>>>> as
>>>> can be imagine, if one on each net computer.
>>>> Never mind dreaming
>>>>
>>>> What I would like to find is a software or procedure which could detect
>>>> and
>>>> identify those intruders in order to deactivate them. The router log
>>>> tells
>>>> you were they are connecting, but not who originate the connection.
>>>>
>>>> Is there such a thing?
>>> Roland,
>>>
>>> The best way to protect yourself is with robust, well maintained layered
>>> security. A personal firewall on each computer, and the NAT process in
>>> the
>>> router (which may or may not include a firewall) are good layers.
>>> Anti-trojan
>>> and anti-virus protection is essential too. And the most essential
>>> layer
>>> is
>>> you.
>>> <http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
>>> http://nitecruzr.blogspot.com/2005/0...ayer-your.html
>>>
>>> --
>>> Cheers,
>>> Chuck, MS-MVP 2005-2007 [Windows - Networking]
>>> http://nitecruzr.blogspot.com/
>>> Paranoia is not a problem, when it's a normal response from experience.
>>> My email is AT DOT
>>> actual address pchuck mvps org.
>>
>>
>
> Here's a solution, but it's a bit of a pain to set up and use. Assuming
> your set up is something like this:
>
> router <--> Switch <--> individual computers
>
> You can set up a network sniffer (I'd recommend Wireshark) in the
> network to monitor all of the traffic like this:
>
> router <--> hub <--> switch <--> individual computers
>
> The hard part is going to be getting a true hub. Hubs echo all of the
> traffic received from any host to ALL hosts. This would allow you to
> monitor all of the traffic going to the router. If you can get a hub
> with sufficient speed and available ports to meet needs you could
> replace the switch with the hub until you are finished with your
> examination of the traffic.
>
> If you can't get a true hub, you could use instead a tap that will act
> like a 2 port hub.
>
> If you have a higher end switch, you can set up port mirroring so that
> the switch sends all of the traffic to your sniffer.
>
> Reading sniffer traffic can be painful because of the detail, but I
> suspect you're up to it.
>
> Dennis

On Thu, 14 Feb 2008 00:21:03 -0600, "Rolando E Creagh, MD FACS"
<recreaghmd@hotmail.com> wrote:

>Thanks, I will try that.
>Cheers

I don't think you need to try that. What hasn't really been addressed
here, beyond the first response, is the fact that the blinking LEDs
you see on routers, switches, and your cable modem DO NOT MEAN THAT
YOU'RE INFECTED WITH MALWARE OR THAT YOU'RE UNDER ATTACK FROM HACKERS.
Rather, as Jack said in the first response, "A computer connected to
the Internet is like a "living animal" and there is always some kind
of Network activity generated by various processes." You've taken
every precaution that we all are advised to take, and you are properly
protected. It's >99.9% certain that nothing is going wrong.
I don't agree with you that paranoia is good for treating patients or
tending computers (I'm a physician, too). Constant attention,
vigilance, and caution are called for in both cases, but paranoia is
IRRATIONAL fear and can get you, your patient, and your computer in
trouble. You were vigilant in noticing the lights and cautious in
asking for advice. UNLESS you have SOME evidence that something's
wrong with your computer or LAN, to employ sniffers at this point
would be indulging paranoia -- a waste of your precious time.

Ron

>
>"Dennis Dow" <dennis@mybesteducation.com> wrote in message
>news:47B2EA57.2020904@mybesteducation.com...
>> Rolando E Creagh, MD FACS wrote:
>>> Agree
>>> I already do what you recommend, but my question is about something going
>>> OUT of my computers. All our protection is for outside treats.
>>> Paranoia is helpful taking care of patients and problems.
>>> Cheers
>>>
>>>
>>> "Chuck [MVP]" <none@example.net> wrote in message
>>> news:0ue2r3li3kdi685a25uib9tdkf0lsv82ku@4ax.com...
>>>> On Mon, 11 Feb 2008 19:39:17 -0600, "Rolando E Creagh, MD FACS"
>>>> <recreaghmd@hotmail.com> wrote:
>>>>
>>>>> "Jack (MVP-Networking)." <jack@discussiongroup.com> wrote in message
>>>>> news:%23ykmSMObIHA.5348@TK2MSFTNGP03.phx.gbl...
>>>>>> Hi
>>>>>> A computer connected to the Internet is like a ""living animal"" and
>>>>>> there
>>>>>> is always some kind of Network activity generates by various
>>>>>> processes.
>>>>>> Using more than One Firewall, One Antivirus, and One Anti-Adware
>>>>>> programs
>>>>>> is a mistake. It does not add security and eventually it would
>>>>>> destabilize
>>>>>> the TCP/IP Stack (it also part of the idle network activity).
>>>>>> Read this page it might clarify some of the issue involved,
>>>>>> http://www.ezlan.net/firewall.html
>>>>>> Jack (MVP-Networking).
>>>>>>
>>>>>> "Rolando E Creagh, MD FACS" <recreaghmd@hotmail.com> wrote in message
>>>>>> news:uHpj9GFbIHA.4180@TK2MSFTNGP06.phx.gbl...
>>>>>>> Forgive me for the double posting, but I am not sure to whom should I
>>>>>>> addressee this problem. Perhaps is only paranoia. Hoping that someone
>>>>>>> might read my long winded story and perhaps assist me with this
>>>>>>> situation.
>>>>>>> I have noticed at some idle times, that the network, local area
>>>>>>> and/or
>>>>>>> wireless connections icons lights are on, and there is traffic of
>>>>>>> packets. This is at times when I am not using neither the browser nor
>>>>>>> the
>>>>>>> mail agent. With the only exception of the antivirus (Trend Micro)
>>>>>>> update
>>>>>>> set automatic every 12 hours, I do not have knowingly any automatic
>>>>>>> downloads or updating set, only the antivirus. I abhor the idea. I
>>>>>>> have
>>>>>>> no viruses or malware, having scan several times, even with 3
>>>>>>> different
>>>>>>> anti-adware programs. Task manager does not show me any significant
>>>>>>> activity in processes, but in networking I can see about a 0.15 % to
>>>>>>> 0.17% utilization with no users but myself. A Web Activity log from
>>>>>>> the
>>>>>>> router shows me several URL connecting to IP addresses of any machine
>>>>>>> I
>>>>>>> have on (7), some denoting programs from vendors or software I do not
>>>>>>> or
>>>>>>> not aware I have.
>>>>>>> I realize some software use other peoples software and usually they
>>>>>>> ask
>>>>>>> for permission to automatically update. Obviously some do not or I
>>>>>>> have
>>>>>>> spies that are not being detected.
>>>>>>> The only thing that stop the activity, is by turning off the internet
>>>>>>> connection at the security software.
>>>>>>> My questions are: 1] what is going on? (other than my own crazy
>>>>>>> imagination), 2] How we find the source? 3] How do we stop this?
>>>>>>> (other
>>>>>>> than disconnecting)
>>>>>>> Much grateful for your interest, thanks.
>>>>> Living animal is right!
>>>>> Thanks for the return and could no agree with you more.
>>>>> I do have multiple anti-spy software, but none are running resident.
>>>>> None
>>>>> are full proof as they miss spyware, so if there are suspicions, one is
>>>>> not
>>>>> enough.
>>>>> I Use only one firewall per machine, even as there the one in the
>>>>> router.
>>>>> It
>>>>> will certainly be nice if they were to fully work at the level of the
>>>>> router, instead of at every single computer in a network. Sure, it is
>>>>> possible to have a server and router and have all the network work
>>>>> through
>>>>> that server, but unpractical in the wild.
>>>>> A remote switch (even by software) that could disconnect from the
>>>>> internet
>>>>> at the level of the router could be helpful, instead of those present
>>>>> at
>>>>> the
>>>>> computer firewall, essentially interrupting the network. But
>>>>> impractical
>>>>> as
>>>>> can be imagine, if one on each net computer.
>>>>> Never mind dreaming
>>>>>
>>>>> What I would like to find is a software or procedure which could detect
>>>>> and
>>>>> identify those intruders in order to deactivate them. The router log
>>>>> tells
>>>>> you were they are connecting, but not who originate the connection.
>>>>>
>>>>> Is there such a thing?
>>>> Roland,
>>>>
>>>> The best way to protect yourself is with robust, well maintained layered
>>>> security. A personal firewall on each computer, and the NAT process in
>>>> the
>>>> router (which may or may not include a firewall) are good layers.
>>>> Anti-trojan
>>>> and anti-virus protection is essential too. And the most essential
>>>> layer
>>>> is
>>>> you.
>>>> <http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
>>>> http://nitecruzr.blogspot.com/2005/0...ayer-your.html
>>>>
>>>> --
>>>> Cheers,
>>>> Chuck, MS-MVP 2005-2007 [Windows - Networking]
>>>> http://nitecruzr.blogspot.com/
>>>> Paranoia is not a problem, when it's a normal response from experience.
>>>> My email is AT DOT
>>>> actual address pchuck mvps org.
>>>
>>>
>>
>> Here's a solution, but it's a bit of a pain to set up and use. Assuming
>> your set up is something like this:
>>
>> router <--> Switch <--> individual computers
>>
>> You can set up a network sniffer (I'd recommend Wireshark) in the
>> network to monitor all of the traffic like this:
>>
>> router <--> hub <--> switch <--> individual computers
>>
>> The hard part is going to be getting a true hub. Hubs echo all of the
>> traffic received from any host to ALL hosts. This would allow you to
>> monitor all of the traffic going to the router. If you can get a hub
>> with sufficient speed and available ports to meet needs you could
>> replace the switch with the hub until you are finished with your
>> examination of the traffic.
>>
>> If you can't get a true hub, you could use instead a tap that will act
>> like a 2 port hub.
>>
>> If you have a higher end switch, you can set up port mirroring so that
>> the switch sends all of the traffic to your sniffer.
>>
>> Reading sniffer traffic can be painful because of the detail, but I
>> suspect you're up to it.
>>
>> Dennis
>