On Friday July 8 2005 6:40 pm, Robert Brockway wrote: > On Fri, 8 Jul 2005, Marty wrote: > > This is for readers who are unfortunate enough to have > > more Windows administration knowledge than I. The sole > > Windoze XP box on my LAN is sending http requests to > > a site named movies.go.com, although there is no web > > client running on the XP box (at least none obvious). > > I am analyzing the LAN traffic and appreciate any > > ideas about where to go next. > > If the traffic from the Winbox is passing through a Linux box then > you can use transparent proxying to force all HTTP requests to the > Linux box and run it through Squid. You can then monitor the > traffic to see what is happen and even block it.
Or you can use sniffit to watch the requests in real time or log it to a file. > > I've heard all the chilling spyware stories, but this is > > an eye opener for the sheer volume of data being passed > > 24/7 to or from this box. But what data and to whom? > > It is often a good idea to isolate any Winboxes in their own LAN > and firewall them from the other boxes as much as possible > (including the aforementioned transparent proxy and squid cache :). > Then the users of the non-Win boxes can be less worried about > network sniffing, attacks, etc. In addition to that squid, I strongly recommend the adzapper package as well. -- Paul Johnson Email and Instant Messenger (Jabber): [EMAIL PROTECTED] http://ursine.ca/~baloo/
pgpzC7GGNNeuf.pgp
Description: PGP signature
