Le Merveilleux Blog
Finding which programme started an outgoing connection under Windows …..

Open task manager on your pc, click View, select columns, and check the column next to PID, then click ok.

In the bottom of the task manager window, make sure ‘show processes from all users’ is checked.

Open a command prompt and type netstat -aon.

This command gives you a list of all network connections to and from your pc at the current time.

Find the IP Address/connection you are tracking down in this output, then look in the PID column.

Take that number back to the task manager window and sort this by the PID column at the top, and you’ll see the process which initiated this connection.

********************

For boot process, I suggest the command line

Wmic startup list full

It will show you programs and services during startup, the process that is creating the UDP frames will likely show up there.

*************************
Fport does a better job of showing the processes and their ports in use. However most antivirus products bark at it. If it’s a machine you administratively control, try it. If not, the previous reply to use netstat -ano and then use taskmgr or tasklist to identify the process is good.

I would recommend using process explorer by sysinternals to find the actual location of the exe on the hard disk. I use this instead of task manager. Use the add columns option to pick « image path » and you’ll see the actual location of every exe or service running.

*********************************
Alternatively you can check in the registry whether any program is
configured to load at startup and connect to that particular IP.

In Windows XP, it was
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. On
the right you will see programs which will be loaded at startup. You
would probably need to check the same in Win 7.

Alternatively check in services.msc whether there are any programs
which are running which are not required. Maybe stopping some or one
of them might solve the issue.

*********************************

TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.

http://technet.microsoft.com/en-us/sysinternals/bb897437

How to prevent fishing attacks ….

One of the more proactive things is to have a watermark in the banks HTML source code which contains a list of IP’s on which the bank’s website domain is registered.
If a phisher copies the HTML source code and hosts it on the phished site, the watermark will check that this rogue IP is not part of the whitleisted bank domain IP’s it can send an alert to the security team.
That way the phished site can be brought down before the customer gets redirected to it.

Honey Moon : Next Color for the coming year ….

Honey Moon is Color Marketing Group’s “Next Color” for the coming year. Determined by CMG’s color professionals at the 2010 Fall International Conference this mustard gold is the grounded hue of optimism.
Frivolous is out. Upbeat and realistic is in. Inspirations come from hardworking honeybees, a move away from glitzier golds, toward a remembrance of things past. Honey Moon is patinated and reminiscent of warm worn leather.
Honey Moon offers a fresh face on yellow and blends the sensual stimulations of color and taste. Take the sweet earthiness of honey and combine it with the romance of a harvest moon to uncover this blended yellow.
Although Honey Moon will be predominant, we can see it playing out in combination with the colors of fantasy brights, whites, and comforting, subdued hues.
From interior home to exterior accents, from tabletop to fashion flourishes, Honey Moon has just begun.

Honey Moon, color