Thnaks for an update. I hope I understand what options software provide,
but threads do not give any clue, because there are many threads and not
possible to tie thread with TCP/IP connection.
I may ask if you tried by yourself ever go to System 4 TCP/IP
connections list and find which exactly program (at least thread)
triggered this particular connection.
With best regards
Martynas
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Colin Copley
Sent: Wednesday, September 27, 2006 11:59 PM
To: Buozis, Martynas
Cc: security-basics@securityfocus.com
Subject: Re: How to find process behing TCP connection ?
Still not sure I quite understand, but if Process Explorer (v10.2?) is
showing the process as "system 4" but not telling you the exe name
right?,
try a right click and check out the threads tab in the properties dialog
box, perhaps this will point to any other dll's or exe's this process is
calling out to, if they are not system files then they could be known
malware dll's which might betray it. Otherwise check out who is logged
into
the box & from where.
----- Original Message -----
From: "Buozis, Martynas" <martynas@ti.com>
Maybe I was not clear. Windows Server 2003 is acting as client and
initiates connection to service on port 139 too many workstations.
Actually it tries to logon as Administrator to many computers. And
process, that initiates connection, is "System 4". There are no reasons
why this server should connect to any of these workstations. Per
configuration attempt to logon as Admin is denied.
I set up open system and expect server will try to connect to it, so
maybe I will understand better what is behind activity, but I am also
sure, that more people got same problem for different reasons and they
are willing to share their experience.
So easy under Unix with LSOF and not possible under Windows ?... Can't
believe!
With best regards
Martynas
------------------------------------------------------------------------
---
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
