continous incoming traffic

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

i have sygate personal firewall installed on my system.it works well.
but the sygate icon in the system tray shows continous incoming
traffic(the down arrow appears blue).the applications that are getting
this traffic are ndisuio.sys and ntoskrnl.exe. even if i block these
application they keep on getting the traffic. am i under some kind of
threat.
i'll appreciate any comments
thanks
saurabh
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

I'll be watching the replies. too. Although I use NIS 2004, the same symptoms
apply. What's going on these days? I have to block all traffic just to keep
from receiving pop-up alerts every few seconds!
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Saurabh Goyal wrote:

> i have sygate personal firewall installed on my system.it works well.
> but the sygate icon in the system tray shows continous incoming
> traffic(the down arrow appears blue).

Over what port? We need firewall logs and such.
Besides, incoming traffic is due to the ton of insecure windows computers
(ranging from netbios wandering around on the internet on 137-139,445
ports) and worms (ports vary).

> the applications that are getting
> this traffic are ndisuio.sys and ntoskrnl.exe. even if i block these
> application they keep on getting the traffic. am i under some kind of
> threat.

I don't know. http://www.google.com

> i'll appreciate any comments
> thanks
> saurabh

--
Be a better psychiatrist and the world will beat a psychopath to your
door.
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

"Saurabh Goyal" <saurabh82g@yahoo.com> wrote in message
news:b77c3164.0404011055.480db96c@posting.google.com...
> i have sygate personal firewall installed on my system.it works well.
> but the sygate icon in the system tray shows continous incoming
> traffic(the down arrow appears blue).the applications that are getting
> this traffic are ndisuio.sys and ntoskrnl.exe. even if i block these
> application they keep on getting the traffic. am i under some kind of
> threat.
> i'll appreciate any comments

http://www.pcmag.com/article2/0,1759,640479,00.asp

Ntoskrnl.exe could be under attack and you need to find what's using it.

You can do this with Active Ports to look at connections in real time and
you can use Process Explorer to see what programs are using Ntoskrnl.exe
(look inside). Both programs arte free use Google.

Duane :)
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom