I was recently looking at my ISP account and noticed they were alleging I was uploading 20GB on some days. I never upload much. So I installed Net limiter to monitor my traffic. Whilst watching I noticed something else strange, which has become more worrying than the 20GB upload.
I see an inbound connection from naj.sk to port 25360-, which I see in OpenVPN's config is used for a management port interface offset?
If I block naj.sk then I get what appears to be the same traffic from another domain. If I block that too, the same thing. Rinse and repeat.
naj.sk appears to be a Swiss women's fashion site. Definitely not a site I'd be using
This inbound traffic is a constant 6bps.
using netstat -ab or -ano I see port 25360 used by Thunderbird, or by Firefox, or by Potplayer and also openvpn.exe. There may be other programs, but that's all I've checked so far.
If I disconnect from the VPN this traffic stops. It's only when connected to the VPN that I see this traffic.
Should I be approaching my VPN provider or might this be somehow related to OpenVPN givem that 25360 is OPenVPNs management interface port offset.
naj.sk is in my hosts file, which I guess is why I'm seeing 127.0.0.1 as the local address?
I've tried 2.6.6 and 2.6.9.
Code: Select all
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 pipe:0 LISTENING
RpcEptMapper
[svchost.exe]
TCP 0.0.0.0:445 pipe:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:1024 pipe:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:5357 pipe:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:49664 pipe:0 LISTENING
[lsass.exe]
TCP 0.0.0.0:49665 pipe:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:49666 pipe:0 LISTENING
EventLog
[svchost.exe]
TCP 0.0.0.0:49667 pipe:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:49668 pipe:0 LISTENING
[spoolsv.exe]
TCP 10.8.2.6:139 pipe:0 LISTENING
Can not obtain ownership information
TCP 10.8.2.6:1201 unn-84-17-38-228:https TIME_WAIT
TCP 10.8.2.6:1208 unn-84-17-38-228:https TIME_WAIT
TCP 10.8.2.6:1259 93:https ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1025 www:1026 ESTABLISHED
[thunderbird.exe]
TCP 127.0.0.1:1026 www:1025 ESTABLISHED
[thunderbird.exe]
TCP 127.0.0.1:1058 www:25360 ESTABLISHED
[openvpn-gui.exe]
TCP 127.0.0.1:1070 www:1071 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1071 www:1070 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1072 www:1073 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1073 www:1072 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1074 www:1075 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1075 www:1074 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1076 www:1077 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1077 www:1076 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1084 www:1085 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1085 www:1084 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1267 www:https SYN_SENT
[PotPlayerMini64.exe]
TCP 127.0.0.1:25360 pipe:0 LISTENING
[openvpn.exe]
TCP 127.0.0.1:25360 www:1058 ESTABLISHED
[openvpn.exe]
TCP 127.0.0.1:52307 www:1258 TIME_WAIT
TCP 192.168.1.2:139 pipe:0 LISTENING
Can not obtain ownership information
TCP 192.168.1.2:1057 SERVER:microsoft-ds ESTABLISHED
Can not obtain ownership information
TCP 192.168.1.2:1199 SERVER:http TIME_WAIT
TCP 192.168.1.2:1202 SERVER:http TIME_WAIT
TCP 192.168.1.2:1203 SERVER:http TIME_WAIT
TCP 192.168.1.2:1204 SERVER:microsoft-ds ESTABLISHED
Can not obtain ownership information
TCP [::]:135 Tanya-PC:0 LISTENING
RpcEptMapper
[svchost.exe]
TCP [::]:445 Tanya-PC:0 LISTENING
Can not obtain ownership information
TCP [::]:1024 Tanya-PC:0 LISTENING
Can not obtain ownership information
TCP [::]:5357 Tanya-PC:0 LISTENING
Can not obtain ownership information
TCP [::]:49664 Tanya-PC:0 LISTENING
[lsass.exe]
TCP [::]:49665 Tanya-PC:0 LISTENING
Can not obtain ownership information
TCP [::]:49666 Tanya-PC:0 LISTENING
EventLog
[svchost.exe]
TCP [::]:49667 Tanya-PC:0 LISTENING
Schedule
[svchost.exe]
TCP [::]:49668 Tanya-PC:0 LISTENING
[spoolsv.exe]
UDP 0.0.0.0:3702 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:5353 *:*
Dnscache
[svchost.exe]
UDP 0.0.0.0:49664 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:53020 *:*
[openvpn.exe]
UDP 10.8.2.6:137 *:*
Can not obtain ownership information
UDP 10.8.2.6:138 *:*
Can not obtain ownership information
UDP 192.168.1.2:137 *:*
Can not obtain ownership information
UDP 192.168.1.2:138 *:*
Can not obtain ownership information
UDP [::]:3702 *:*
FDResPub
[svchost.exe]
UDP [::]:3702 *:*
FDResPub
[svchost.exe]
UDP [::]:49665 *:*
FDResPub
[svchost.exe]