It's some months I notice a strange connection on my port 80 (I usually monitor my ports with Ip-Tools). It changes from 213.92.92.101 to 213.92.92.105 (passing quite randomly through 102, 103, 104) and it is sometimes in SYN SENT or TIME WAIT phase, rarely in ESTABLISHED phase. I scanned it in various ways but I coludn't find anything useful for proper identification. Please help me with all the info you can provide, I'd be very grateful! (I already tried SuperScan and CentralOps).

Originally posted by HelpMe
It's some months I notice a strange connection on my port 80 (I usually monitor my ports with Ip-Tools). It changes from 213.92.92.101 to 213.92.92.105 (passing quite randomly through 102, 103, 104) and it is sometimes in SYN SENT or TIME WAIT phase, rarely in ESTABLISHED phase. I scanned it in various ways but I coludn't find anything useful for proper identification. Please help me with all the info you can provide, I'd be very grateful! (I already tried SuperScan and CentralOps).
=======================================


Hi

I have the impression that it's NOT a connection on your port 80, it is rather an outgoing to 213.92.92.101:80
As a matter of fact, unless you are running your own http server, there will be NO possible connections on your port 80.
From the other hand, the IP range 213.92.92.101 till 213.92.92.105 belongs to a site in Milano/Italy.
I think that you have installed some kind of software that is trying to find an auto-update etc..

Anyways, this is the software that you need, nothing else
http://www.ntutility.com/freeware.html
works only for W2k, WinXP.
Download "active ports" and see which application is behind this traffic, then you will decide to keep the suspected application or delete it.


fE¨·.·¨Er
__________________________
http://fmk.virtualave.net/96crypt

I need some more help on the subject: "Spying connection?". Please.

hi,

try google,if you can be a little more specific we may be able to help you.

Regards Data.

Thanks Data. I'll be more specific. I've just discovered that the connection on port 80 begins when I use the Digiland chat (http://digipeople.iol.it/chat_new.php). It rarely establishes, usually it remains in TIME WAIT status. It changes from 213.92.92.101 to 213.92.92.105, passing trough 102, 103, 104 quite randomly, in the same period of time. These may be the 5 Digiland servers, they change depending on availability. The strange thing is that the connection is present even when I don't open Digiland chat for weeks. Maybe a javascript is downloaded on my pc the first time I have access to Digiland and then causes this? I think this is an interesting topic! Replies?

HI,

Ditto as Fever said. Install a firewall,set it to paranoid and keep watch of your outgoing connections.

Regards Data.

Umm try opening your chat program and then going to options and unchecking load at start-up. If theres no option, look in the windows start-up folder and move or delete the item. If that don't work go into your windows reg and delete the item from the run or run services key.