PCbanter

PCbanter (http://www.pcbanter.net/index.php)
-   Security and Administration with Windows XP (http://www.pcbanter.net/forumdisplay.php?f=16)
-   -   Thousands of internet sessions from an XP Pro machine (http://www.pcbanter.net/showthread.php?t=1067869)

zaz April 12th 10 03:26 PM
Thousands of internet sessions from an XP Pro machine
 
A client of ours has one XP workstation that is attempting to open thousands
of internet sessions. This has the affect of flooding the network with
unnessary traffic. This was causing the old Netgear router to crash and we
have replaced it with a more sophisticated Draytek which has identified this
XP machine as the source of the network traffic. We have put a restriction
on their router to prevent this machine from opening up too many connections,
which helps the other users on their network, but this machine needs to be
stopped from doing this.

I have used the usual suspects (Process Explorer, Auto Runs, AVG,
MalwareBytes), but am unable to find the culprit on the machine that is
causing the problem. Can anyone suggest other utilities, procedures to go
through that might help. Other than rebuilding the machine?

Leonard Grey[_3_] April 12th 10 04:25 PM
Thousands of internet sessions from an XP Pro machine
 
If you're not able to discover and remove the malware - and it ain't
easy, these days - you'll have to re-build the workstation.

If it was my shop, and a client was opening thousands of connections, I
would take the machine offline (from the internet and the network)
immediately.
---
Leonard Grey
Errare humanum est

zaz wrote:
A client of ours has one XP workstation that is attempting to open thousands
of internet sessions. This has the affect of flooding the network with
unnessary traffic. This was causing the old Netgear router to crash and we
have replaced it with a more sophisticated Draytek which has identified this
XP machine as the source of the network traffic. We have put a restriction
on their router to prevent this machine from opening up too many connections,
which helps the other users on their network, but this machine needs to be
stopped from doing this.

I have used the usual suspects (Process Explorer, Auto Runs, AVG,
MalwareBytes), but am unable to find the culprit on the machine that is
causing the problem. Can anyone suggest other utilities, procedures to go
through that might help. Other than rebuilding the machine?

FromTheRafters[_3_] April 12th 10 05:17 PM
Thousands of internet sessions from an XP Pro machine
 
"zaz" wrote in message
...

A client of ours has one XP workstation that is attempting to open
thousands
of internet sessions. This has the affect of flooding the network
with
unnessary traffic. This was causing the old Netgear router to crash
and we
have replaced it with a more sophisticated Draytek which has
identified this
XP machine as the source of the network traffic. We have put a
restriction
on their router to prevent this machine from opening up too many
connections,
which helps the other users on their network, but this machine needs
to be
stopped from doing this.

I have used the usual suspects (Process Explorer, Auto Runs, AVG,
MalwareBytes), but am unable to find the culprit on the machine that
is
causing the problem. Can anyone suggest other utilities, procedures
to go
through that might help.

Physically unplug it from the network!

Other than rebuilding the machine?

Rebuilding *shouldn't* be that difficult.

Twayne[_3_] April 13th 10 08:57 PM
Thousands of internet sessions from an XP Pro machine
 
In ,
zaz typed:
A client of ours has one XP workstation that is attempting
to open thousands of internet sessions. This has the
affect of flooding the network with unnessary traffic.
This was causing the old Netgear router to crash and we
have replaced it with a more sophisticated Draytek which
has identified this XP machine as the source of the network
traffic. We have put a restriction on their router to
prevent this machine from opening up too many connections,
which helps the other users on their network, but this
machine needs to be stopped from doing this.

I have used the usual suspects (Process Explorer, Auto
Runs, AVG, MalwareBytes), but am unable to find the culprit
on the machine that is causing the problem. Can anyone
suggest other utilities, procedures to go through that
might help. Other than rebuilding the machine?

Once you have that machine rebuilt, which is probably your
only option, you should make backup startegies a priority
issue. If that client had a backup in place he could spend
probably a half hour instead of 2+ days to get it all back in
place. And there WILL BE a next time a backup will be needed,
regardless of attitudes and opinions.

HTH,

Twayne`


All times are GMT +1. The time now is 10:30 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters