1. Home
  2. Networking Firewalls
  3. PC-Cillin reports Idle, Port 32809, UDP outgoing connection

PC-Cillin reports Idle, Port 32809, UDP outgoing connection

I am running PC-Cillin on my PC. I get a lot of warnings about outgoing connections as below:

Application/program: Idle Port number used: 32809 (or similar number) Protocol: UDP

What does this mean?

Reply to
Robert S
Loading thread data ...

From what I can tell after a brief google search [1], it means you need to check if your antivirus software is up to date. If it isnt, you should seriously consider either reloading a fresh copy of Windows and this time get all security patches and the antivirus software in place before exposing your computer to the internet, or get some qualified PC tech to check if you're infected.

If the traffic you see is what I fear, your computer is currently part of a quite possibly global network of cracked computers, used by immature teenagers to get even with other teenagers at IRC. Or knock out a government network. No way to tell with the limited amount of information you provide, but this could potentially be very bad. See [2] and [3] for more info on these things.

  1. formatting link
    formatting link
    formatting link
Reply to
Eirik Seim

I update it about 4 times a day. I've also run an online scan from Symantec very recently. I doubt that its comprimised.

The traffic is directed at another PC on our network - a Linux box which functions as a proxy/web/mail/ssh server. What does "idle" do anyway?

Reply to
Robert S

PC-Cillin has pretty good email support. E-mail them and ask.

Reply to
optikl

How about spyware/adware scanning? If you run with administrator privileges that could certainly be an issue, and most won't show in a old fashion virus scan either.

This could mean it's completely harmless, just chatting with the proxy or whatever Windows computers do, but I see no obvious reason for it to use UDP.

It could also mean your Linux server is compromised, and someone has been busy installing backdoors and DDoS-bots on your computer. I'd take a serious look at that server if I were you. I hate to be the one to cry wolf, but if it was my network I wouldn't be able to rest until I knew what it was.

Not sure, but it seems it could be a way of "hiding" processes in a stupid and primitive way (rename whatever.exe to idle.exe, and when it runs, the user will see "Idle 99%" in the task list). I was told just now that there is no legit application called idle.exe in Windows, but get a second opinion -- I'm not a Windows-techie myself.

Reply to
Eirik Seim

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.