Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

find out what triggers connections to unknown ip


  • Please log in to reply
No replies to this topic

#1 setmo

setmo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 16 December 2016 - 07:53 AM

Hi,

 

maybe someone can help out here with a strange problem.

 

I have a system with the following outbound connections:

 

mtTdgAo.png

 

On the systems runs dns, exchange, dhcp (SBS2011) etc.

 

All those connections in the screenshot go to Port 389/LDAP - the IP is unknown, but was associated with a time server in the past.

 

I uploaded those files to different sites like vt etc.

 

All seem clean. The System is scanned with rootkit scanners, av scanners etc. -> all clean.

 

Malwarebytes Antimalware blocked this IP a few days ago when the process svchost.exe tried to connect to this IP on Port 123.

 

Port 123 and 389 are closed on the IP.

 

Does anybody know what to do here to find out what triggers a process like dns.exe/MSExchangeADtopologyservice.exe to go to this IP?

 



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users