Constant Network Activity

[Haste]

For some days, i'm facing problem that network icon in taskbar is showing constant Network Actvity.In every 2-3 seconds, the network lights in the icon glow for no reason.
So i've installed zone alarm, to check for if any spyware, etc is causing the activity.After completing its spyware/antivirus scan, nothing was found.But in "alerts and log" tab of zone alarm, the log viewer for firewall shows, the packets constantly being sent by some IP address(which are also constantly changing).Here's a screenshot of log viewer.

http://img400.imageshack.us/img400/2893/image18jc.jpg

So can anyone tell me, how to stop these packets.And BTW i'm using Windows 2000 professional.

 

[digen]

First & foremost Zone Alarm will only allow you to block incoming,outgoing connections made by programs from your computer.I'm not sure if ZA has lately added spyware detection & scanning capabilities but a thorough scan of Spybot or MS Anti-Spyware is what I would suggest.

Secondly constant or uknown network activity is a real threat cause it could be a program phoning home[calling back to the attacker].You understand what is it that is making use of the connection I suggest you get TCPView & note down the programs that make connections with IM,P2P programs all being closed.All valid applications that you use which make use of internet connectivity should be closed even from the taskbar.

Also a "netstat -ano" at command prompt will help to know about the connections.
About the screenie that you posted,all the connections are initiated from the outside.One thing to take notice of is the port they are trying to connect at> 6881 which if i'm not wrong is Bitorrent default port? Can someone using BT confirm that pls.

There is nothing to worry about those outside scans in the screeny.They are probing for connections with UDP as the protocol.

If it were me I would only worry about the "unknown network activity".So get back with the results of TCPView & Netstat & we can proceed if required.

 

[Haste]

Thanx for replyin buddy
Yeah, the new version of zonealarm (v6.x) has added spyware as well as virus detection & scanning capibilities.

Here's a screenshot of TCPview


The active "vsmon.exe" process belongs to ZoneAlarm, and "BlueSoleil.exe", belongs to the Bluetooth Dongle Drivers on my system, so they shouldn't be a 'cause for concern.

netstat -an (-ano doesn't work on my system) displays the following information

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1036 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1046 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3420 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3421 0.0.0.0:0 LISTENING
TCP 192.168.1.3:139 0.0.0.0:0 LISTENING
TCP 192.168.1.3:3844 203.94.243.70:53 TIME_WAIT
UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:1029 *:*
UDP 0.0.0.0:1049 *:*
UDP 192.168.1.3:137 *:*
UDP 192.168.1.3:138 *:*
UDP 192.168.1.3:491 *:*
UDP 192.168.1.3:500 *:*