[85911] in North American Network Operators' Group
Re: Really odd pings going out
daemon@ATHENA.MIT.EDU (Tony Rall)
Wed Oct 19 01:25:43 2005
In-Reply-To: <18f601940510182118v4940b662kb3d4a6daa43b2e41@mail.gmail.com>
To: nanog@nanog.org
From: Tony Rall <trall@almaden.ibm.com>
Date: Wed, 19 Oct 2005 01:25:08 -0400
Errors-To: owner-nanog@merit.edu
On Tuesday, 2005-10-18 at 21:18 MST, Aaron Glenn <aaron.glenn@gmail.com>
wrote:
> I've found this tool to be very handy in finding out just what process
> is doing what.
>
> http://www.sysinternals.com/Utilities/TcpView.html
But Tcpview doesn't show anything for icmp - which is what was happening
in this case. However, if the "guilty" process is also using tcp, Tcpview
will likely identify it.
On the other hand, a firewall that limits outbound traffic to only
"permitted" programs would probably nail the program involved (Zonealarm
is one example of such a firewall).
> btw, I don't think nanog is the most appropriate list for these types
> of questions, fyi.
Probably so. The newsgroup news:comp.security.misc might be a better
place.
Tony Rall
