[RoofusPennymore]

There is some sort of activity coming from outside my Linksys (cable modem). and I can see activity on my TiBook. This is just based on watching the idiot lights on the modem, the switch and Spy menu bar. It appears that the outside "data" is being downloaded to my TiBook.

How can I find out what this outside activity is?

[Cipher13]

Originally posted by RoofusPennymore:
There is some sort of activity coming from outside my Linksys (cable modem). and I can see activity on my TiBook. This is just based on watching the idiot lights on the modem, the switch and Spy menu bar. It appears that the outside "data" is being downloaded to my TiBook.

How can I find out what this outside activity is?

Even if your computer is off, there will be data going through your router.

The 'data' being 'downloaded' to your Ti could just be misdirected data, random traffic, whatever. Nothing to be concerned about. There will always be a stream of data between machines, however small.

You could use a packet sniffer to have a look...

[ghporter]

On the other hand you could have some sort of trojan horse running. Definitely look into good antivirus software and definitely enable the firewall in your OS.

[RoofusPennymore]

Firewall is enabled and no services are on. Also have Norton Antivirus and it finds nothing. There is certinaly something coming ove the wire just wish I knew what it was.

[Emotionally Fragile Luke]

Your ISP sends stuff all the time. If your computer is off and you still see it I wouldn't worry about it.

[RoofusPennymore]

I've seen that kind of traffic before. This has been a very constant barrage of traffic and its only going to my TiBook. I have 4 other computers on my internal network and none of them are having any network activity.

[Angus_D]

Get a packet sniffer and snoop the traffic if you're paranoid

[OpenStep]

Could be traffic generated from an infected IIS server somewhere on the internet. My router still gets pegged with a good 20-40 requests a day from infected MS boxes.

[RoofusPennymore]

Its a constant barrage of traffic and I only see it being "accepted" by my TiBook when I'm logged in.

HenWen shows that there is traffic from 192.168.1.1 to 192.168.214 on port 1901. Obviously my Linksys is rerouting this traffic but I still dont know what the actual traffic is.

[Socially Awkward Solo]

Are the other computers on the network OS9 or X? Do you have your Ti set up as any sort of host for USB printer sharing or Appletalk?

Clear ALL settings on your router and only enter the minimum for what you need to get on the net. That should tell ya.

[John Strung]

Turn on Incoming Logging on your LinkSys and see what it says.

[RoofusPennymore]

Originally posted by John Strung:
Turn on Incoming Logging on your LinkSys and see what it says.

I never understood how to use this feature? Where on the computer does the log go when I set the IP address? I assumed you needed some other software for it to work.

[Socially Awkward Solo]

Did you do what I sugested above?

[John Strung]

You can use the feature directly from the LinkSys admin program. Just click on one of the buttons on the bottom of the logging function page. This will give you live log. You are right that if you want a permanent log, you need additional software, but from your description you should get the information you need pretty quickly just by watching the live log on screen.

[RoofusPennymore]

Originally posted by Socially Awkward Solo:
Did you do what I sugested above?

All services are turned off and Appletalk is turned off.

[Socially Awkward Solo]

Originally posted by RoofusPennymore:
All services are turned off and Appletalk is turned off.

No do this:
Clear ALL settings on your router and only enter the minimum for what you need to get on the net. That means don't open ports, don't change any special settings, nothing. Just what you need to get on the net. If that doesn't tell you I don't know what will.

Also unplug all the other computers.

[RoofusPennymore]

Originally posted by Socially Awkward Solo:
No do this:
Clear ALL settings on your router and only enter the minimum for what you need to get on the net. That means don't open ports, don't change any special settings, nothing. Just what you need to get on the net. If that doesn't tell you I don't know what will.

Also unplug all the other computers.

Did all that. I applied the latest firmware for the Linksys as well. I never had any ports forward-ed before that and pretty much had the default settings.

[Socially Awkward Solo]

Originally posted by RoofusPennymore:
Did all that. I applied the latest firmware for the Linksys as well. I never had any ports forward-ed before that and pretty much had the default settings.

And even with no other computer on the network you still see it?

[RoofusPennymore]

Originally posted by Socially Awkward Solo:
And even with no other computer on the network you still see it?

Yes. I have only seen this traffic on my TiBook.

[Leia's Right Bun]

Originally posted by RoofusPennymore:
Yes. I have only seen this traffic on my TiBook.

I cannot believe that with no other computers hooked up to your router, and a reset router you are still seeing this.

do you have web sharing on?

Even if a hacker was trying to get in they wouldn't be there all the time trying to get in.

[John Strung]

Try turning on the LinkSys logging feature for both incoming and outgoing traffic. Hit refresh periodically and watch the logs for about ten minutes. Copy and paste them to a text file and post them here and let us know what they show. If the traffic to your TiBook is external, this will show in the logs, complete with the URL or IP address it is going to or coming from.