IEXPLOR.EXE localhost: 3

Discussion in 'malware problems & news' started by jump, Nov 19, 2002.

Thread Status:
Not open for further replies.
  1. jump

    jump Guest

    Can anybody tell me why IEXPLORE.EXE keeps localhost: 3
    open - it shows up in Norton Personal Firewall under

    statistics
    network connections
     
  2. jump

    jump Guest

    by the way it is

    UDP
     
  3. jump

    jump Guest

    just wondering why iexplore.exe stays resident at all!

    it is this stay resident after closing the program
    listening on connection
    localhost: 3
     
  4. jump

    jump Guest

    this iexplorer.exe TSR is keeping my localhost inbound constantly receiving data
    nothing is showing in the outbound localhost!
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi jump,

    Please go to our downloads-section: http://www.wilders.org/downloads.htm and download startuplist.zip
    Unzip and run the program and copy and paste the results in your next post. If there is anything in there you don´t want the world to know about, you´re welcome to mail or IM it to me.

    Regards,

    Pieter
     
  6. jump

    jump Guest

    I ran it with all windows of iexplore.exe closed - should IE normally remain running in the process list?
    Here is the output of the program follows.


    StartupList report, 19/11/2002, 22:31:13
    StartupList version: 1.35.0
    Started from : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\StartupList.EXE
    Detected: Windows 2000 SP1 (WinNT 5.00.2195)
    Detected: Internet Explorer v5.51 SP2 (5.51.4807.2300)
    * Using default options
    ==================================================

    Running processes:

    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\mgabg.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\navapsvc.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\PROGRA~1\NORTON~1\NORTON~3\npssvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\Tablet.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\Program Files\Norton Personal Firewall\NISSERV.EXE
    C:\PROGRA~1\NORTON~1\NORTON~3\alertsvc.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\devldr32.exe
    C:\WINNT\System32\PDesk.exe
    C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
    C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    C:\Program Files\Common Files\Symantec Shared\SymTray.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus NT\POPROXY.EXE
    C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    C:\WINNT\System32\qttask.exe
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\ahead\InCD\InCD.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    C:\WINNT\System32\internat.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus NT\navapw32.exe
    C:\Program Files\Big Pond Advance\BIGPOND.EXE
    C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\updtray.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\Norton Personal Firewall\iamstats.exe
    C:\Program Files\Netscape\Communicator\Program\netscape.exe
    C:\WINNT\System32\cmd.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    A4Proxy.lnk = C:\Program Files\A4Proxy\A4Proxy.exe
    Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    Norton AntiVirus AutoProtect.lnk = C:\Program Files\Norton SystemWorks\Norton Antivirus NT\navapw32.exe
    Shortcut to BIGPOND.EXE.lnk = C:\Program Files\Big Pond Advance\BIGPOND.EXE

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINNT\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Synchronization Manager = mobsync.exe /logon
    Matrox Powerdesk = C:\WINNT\System32\PDesk.exe /Autolaunch
    UpdReg = C:\WINNT\Updreg.exe
    Creative Launcher = C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
    AudioHQ = C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    ElbyCheckElbyCDFL = "C:\Program Files\Elaborate Bytes\NEWCloneCD\ElbyCheck.exe" /L ElbyCDFL
    comsocks = C:\PROGRA~1\LinkByte\ComSocks\ComSocks.exe
    NPS Event Checker = C:\PROGRA~1\NORTON~1\NORTON~3\npscheck.exe
    NAV DefAlert = C:\PROGRA~1\NORTON~1\NORTON~3\defalert.exe
    SymTray - Norton SystemWorks = C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    Norton eMail Protect = C:\Program Files\Norton SystemWorks\Norton Antivirus NT\POPROXY.EXE
    iamapp = "C:\Program Files\Norton Personal Firewall\IAMAPP.EXE"
    QuickTime Task = C:\WINNT\System32\qttask.exe
    HPDJ Taskbar Utility = C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    InCD = C:\Program Files\ahead\InCD\InCD.exe
    FinePrint Dispatcher v4 = C:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    NeroCheck = C:\WINNT\System32\NeroCheck.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    internat.exe = internat.exe
    Attune Download = C:\PROGRA~1\Aveo\Attune\Updater1\Attunel.exe

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINNT\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINNT\Explorer\Explorer.exe: not present
    C:\WINNT\System\Explorer.exe: not present
    C:\WINNT\System32\Explorer.exe: not present
    C:\WINNT\Command\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\WINNT\System32\amcis.dll - {EBBFE27C-BDF0-11D2-BBE5-00609419F467}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [TDServer Control]
    InProcServer32 = C:\WINNT\DOWNLO~1\tdserver.ocx
    CODEBASE = http://www.evermore.com/wfplayer/tdserver.cab

    [Pco3 Window (Commsec) Control]
    InProcServer32 = C:\WINNT\DOWNLO~1\PCO3X_~1.OCX
    CODEBASE = http://images.commsec.com.au/downloads/pco3/Pco3X_Commsec.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINNT\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [MIT Stand Alone Player]
    InProcServer32 = C:\WINNT\Downloaded Program Files\mitm0014.dll
    CODEBASE = file://F:\Webfiles\Simulations\standalone\common1.2\mitm0014.cab

    [YInstStarter Class]
    InProcServer32 = C:\WINNT\Downloaded Program Files\yinsthelper.dll
    CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

    [LRNPrint Class]
    InProcServer32 = C:\WINNT\Downloaded Program Files\lrniehlp.ocx
    CODEBASE = file://F:\Webfiles\LRN Viewer\HTML\lrniehlp.cab

    [GSDACtl Class]
    InProcServer32 = C:\WINNT\Downloaded Program Files\gsda.dll
    CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab

    [Update Class]
    InProcServer32 = C:\WINNT\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37578.5997106481

    [IntraLaunch.MainControl]
    InProcServer32 = C:\WINNT\Downloaded Program Files\INTRALAUNCH.OCX
    CODEBASE = file://F:\SuperCD\IntraLaunch.CAB

    [National Internet Banking Images]
    InProcServer32 = C:\WINNT\System32\MSJAVA.DLL
    CODEBASE = http://national.com.au/rib/afs/v3002/cabinet/images.cab

    [CV3 Class]
    InProcServer32 = C:\WINNT\System32\wuv3is.dll
    CODEBASE = http://windowsupdate.microsoft.com/R945/V31Controls/x86/nt5/en/actsetup.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [National Internet Banking Custom]
    InProcServer32 = C:\WINNT\System32\MSJAVA.DLL
    CODEBASE = http://national.com.au/rib/afs/v3002/cabinet/NABcustom.cab

    --------------------------------------------------
    End of report, 9,739 bytes
    Report generated in 0.200 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    You might want to disable Attunel.exe It is not required and considered Adware.
    In your BHO´s this entry C:\WINNT\System32\amcis.dll - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} is made by Aureate
    Now Go to Internet Options > Temp. Internet Files > Settings > Show Objects, and examine all ActiveX objects you see there.

    Right-click each one in turn, chose 'properties', and check the Version tab.

    If the company is anyone else but Macromedia, Apple, or Microsoft, right-click the file, and choose 'remove'.

    You might also want to go to our downloads-section: http://www.wilders.org/downloads.htm and download spybotsd11.zip
    Unzip and install Spybot S&D, make sure to update before running.
    It cleans your system of all known spy-ware. In case I missed anything :)
    If this does not stop IE from displaying the behavior you reported, there are some more possibilities:
    I´m not sure about this, but a logical explanation could be the A4 proxy, which has to stay in contact to see if you´re being "contacted"
    Other possible candidates that could keep IExplore alive are Bigpond and comsocks.
    You could test this by stopping these programs in Task-manager.

    Regards,

    Pieter
     
  8. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi,

    You should have a close look here : http://www.blkviper.com/WIN2K/servicecfg.htm
    adn disable useless services.

    Rgds,

    JacK
     
  9. jump

    jump Guest

    Thankyou so much - this site is great -lots of good info on the other threads in this forum - you all helped so much. The anti-spyware prog picked up and removed quite a few.

    Some background to why I found this site.

    This has all been because someone broke into my computer over the cable two nights ago and added a new user account which I had not put there! This has all been housecleaning since then. They also put an old log on my firewall dated back to 15th Nov. Also when I woke up in the morning the computer had switched itself off - nobody at home did that so I started checking my Event Logs - the event logs showed that my firewall reported it was in an invalid state - it still gave block/permission request alerts - ie. partly worked, but in the actual Firewall user interface it was not turned on!

    ---------
    It appears the localhost port 3 was receiving but there was no localhost sending - if anyone can explain this I would most appreciate it.

    please note: Before my original post here I had already uninstalled comsocks.

    And now that I reinstalled comsocks which is a program from www.linkbyte.com there is a new localhost port sending and new one receiving.

    NOW! only very little data appears to be received by localhost :3 . This port is opened by Internet Explorer - and was not considered unusual according to the programs you suggested were run.



    Something else... please help with this.
    It appears that because I blocked aim1.adsoftware.com through to aim5.adsoftware.com, it slows IExplorer 10 seconds pause immediately after starting where it does nothing for 10 secs or so.

    This pause does not occur with netscape.

    Why does it take so long for IE to get going and what is aim1.adsoftware.com and why do the browsers (both IE and Netscape) want to contact it the first time they are run?



    Once again - Thankyou for all your help!
     
  10. jump

    jump Guest

    Oh forgot to mention that this morning 3 entries at thie same time showed up
    in my firewall log as follows. Could this be someone trying to log on with the user account they set up called administrator?
    By the way my default administrator account had a different name.

    Date: 11/21/2002 Time: 9:30:51
    Unused port blocking has blocked communications. Details:
    Inbound TCP connection
    Remote address,local service is (66.157.164.74,microsoft-ds)
     
  11. jump

    jump Guest

    well not exactly the same time - these times
    9:30:48
    9:30:51
    9:30:57
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi jump,

    Glad we could be of service.

    A small part of my hosts file:
    127.0.0.1 aim.adsoftware.com #
    127.0.0.1 aim.aureate.com #
    127.0.0.1 aim1.adsoftware.com #
    127.0.0.1 aim1.aureate.com #
    127.0.0.1 aim2.adsoftware.com #
    127.0.0.1 aim2.aureate.com #
    127.0.0.1 aim3.adsoftware.com #
    127.0.0.1 aim3.aureate.com #
    127.0.0.1 aim4.adsoftware.com #
    127.0.0.1 aim4.aureate.com #
    127.0.0.1 aim5.adsoftware.com #
    127.0.0.1 aim5.aureate.com #
    127.0.0.1 aim6.adsoftware.com #

    I don´t know if you already have a hosts file, but it´s a very powerful and useful tool which I think is best explained here: http://accs-net.com/hosts/how_to_use_hosts.html

    Regards,

    Pieter
     
  13. jump

    jump Guest

    I also wish to advise that this all appears to have occured because I opened windows from an Outlook email and then left IE and Outlook open all night.
    Also clicked on yahoo web site HP advertisement from within IE and left that open all night too.

    Lesson learnt never uneccesary internet accessing software open - in particular IE browser or Outlook running unattended.

    I advise read topic New IE exploit (from NS Clean) thread posted by John2g - and follow protective advice.
     
  14. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    hi jump,

    Since you do have a firewall installed (which one?), I wonder how this could have been done - apart from the fact your system has been infected with some malware server. Do you have a good updated antivirus and antitrojan installed, and perform a full deep scan?

    Nevertheless, I would recommend changing all passwords. Chances are, these are well known by now and could be abused.

    Another reason to perform a full deep system scan with an updated antitrojan and antivirus.

    regards.

    paul
     
  15. jump

    jump Guest

    To Forum Admin

    All incorrect accounts were deleted and then all passwords were changed immediately I discovered the event log and altered firewall log which was 5 minutes after turning the computer on that morning.
    and the rest of scanning tools followed through from this forum.

    In answer to your first question - it is Norton Personal Firewall 2001.
    Strange how it has a third status on the button where it asks you to active it
    not just Enabled and Disabled.
    even stranger how it still seems to request for manual block/permission decisions, when if you open the Firewall GUI, it is asking you to activate it.
     
  16. jump

    jump Guest

    Forum Admin

    please note also the post just before yours
     
  17. jump

    jump Guest

    I'm going to become a member so I can have ability to edit my posts.
    ;)
     
  18. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    We strongly encourage you to register !!!

    LOL

    Pieter
     
  19. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    jump,

    "Paul" will do ;)

    Good call!

    Good. Question stays up: do you have a good and updated antitrojan and antivirus installed, and performed a full system scan?

    Thanks for the info. I'll leave further comments and questions up to our knowledgeable moderators ;).

    regards.

    paul
     
  20. jump

    jump Registered Member

    Joined:
    Nov 21, 2002
    Posts:
    5
    Thanks Paul

    I use Norton Antivirus and Personal Firewall 2001 updated daily; and -->

    Have now done:
    · full update and scan done with Trojan Hunter and Spybot Search and Destroy;
    · deleted suspicious activex controls in internet explorer;
    · changed security zone to 'restricted sites' for Outlook and Outlook Express;
    · reinstalled comsocks;
    · reconsidered services config - btw server service was not listed in services;
    · will also look at setting local security policy settings and alerts in win 2000; and,
    · currently looking at hosts file.


    Now am very interested in security.
     
  21. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi jump,

    Glad to hear we haven another interested member. We´re looking forward to your contributions.
    What´s still missing is an AV scan, if you don´t have one installed at the moment: try an on-line scan http://www.wilders.org/free_services.htm (Panda or Trend/Housecall)

    Regards,

    Pieter
     
  22. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Jump

    In regards to your original question, it is normal for IE to use a localhost (loopback) connection for UDP. You mention "3", is this the port it shows as listening on? It has been my experience that it will usually use ports in the range of 1024-5000 for this.

    You also mention this ComSocks (ComTun) program. What is your purpose for running this program?
     
  23. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    It is normal to see those types of scans show up in the logs. If you wanted to get more out of the information in your NIS logs, take a look at Log Viewer: http://home.debitel.net/user/svenschaef/logview/
    It will allow you analyze your logs if you suspect a problem or particular repeat remote IP and much more.
     
  24. jump

    jump Registered Member

    Joined:
    Nov 21, 2002
    Posts:
    5
    Thanks Pieter
    - fully updated Norton Antivirus scan was done too.

    CrazyM
    well it shows up in the NPfirewall statistics as UDP connection localhost: 3
    under 'network connections'
    winword also seems to open localhost: 3 at the same time.

    ...at least when I close IExplorer.exe it closes the program properly now and port closes along with it.

    here is a printout of netstat -a command output
    doesn't seem to have localhost:3 show up on this.

    C:\>netstat -a

    Active Connections

    Proto Local Address Foreign Address State
    TCP crystal-ice379:http crystal-ice379:0 LISTENING
    TCP crystal-ice379:epmap crystal-ice379:0 LISTENING
    TCP crystal-ice379:microsoft-ds crystal-ice379:0 LISTENING
    TCP crystal-ice379:1026 crystal-ice379:0 LISTENING
    TCP crystal-ice379:1027 crystal-ice379:0 LISTENING
    TCP crystal-ice379:5055 crystal-ice379:0 LISTENING
    TCP crystal-ice379:pop3 crystal-ice379:0 LISTENING
    TCP crystal-ice379:56501 crystal-ice379:0 LISTENING
    TCP crystal-ice379:smtp crystal-ice379:0 LISTENING
    TCP crystal-ice379:pop3 crystal-ice379:0 LISTENING
    TCP crystal-ice379:1080 crystal-ice379:0 LISTENING
    TCP crystal-ice379:8080 crystal-ice379:0 LISTENING
    UDP crystal-ice379:epmap *:*
    UDP crystal-ice379:microsoft-ds *:*
    UDP crystal-ice379:1025 *:*
    UDP crystal-ice379:1028 *:*
    UDP crystal-ice379:1033 *:*
    UDP crystal-ice379:1645 *:*
    UDP crystal-ice379:1646 *:*
    UDP crystal-ice379:radius *:*
    UDP crystal-ice379:radacct *:*
    UDP crystal-ice379:1029 *:*
    UDP crystal-ice379:1030 *:*
    UDP crystal-ice379:1774 *:*
    UDP crystal-ice379:1808 *:*
    UDP crystal-ice379:isakmp *:*
    UDP crystal-ice379:isakmp *:*
    UDP crystal-ice379:domain *:*
    UDP crystal-ice379:isakmp *:*





    ----
    using Comsocks (comtun) to provide proxy/NAT on small network.


    will have a look at the logview page you suggested soon.
     
  25. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Jump

    To clarify what you are seeing under View Statistics Network Connections...the IE UDP connection on localhost should similar to this. The localhost: xxxx number will vary and usually be in the 1024-5000 range.

    As for comsocks/comtun, do you require the proxy features? Have you considered just using ICS and NIS on the systems in the lan?
     

    Attached Files:

Thread Status:
Not open for further replies.