我刚刚netstat在计算机上运行,发现有大量远程 IP 连接,其中至少有一个显示来自一个网站,当我用 Google 搜索时,该网站被列为已知的诈骗网站——我自己从未访问过该网站。我希望能够做的是:
立即关闭所有非必要连接
找到一种方法来过滤和监控连接,这样就不会再发生这种情况
如果有人能建议我如何处理这个问题,让我能够持续保持对连接到我的机器的 IP 的控制和可见性,那就太好了。
(我目前使用 Windows 10)
列表如下:
C:\Sites>netstat
Active Connections
Proto Local Address Foreign Address State
TCP 127.0.0.1:1542 Metatron-Prime:5354 ESTABLISHED
TCP 127.0.0.1:1543 Metatron-Prime:5354 ESTABLISHED
TCP 127.0.0.1:1561 Metatron-Prime:27015 ESTABLISHED
TCP 127.0.0.1:5354 Metatron-Prime:1542 ESTABLISHED
TCP 127.0.0.1:5354 Metatron-Prime:1543 ESTABLISHED
TCP 127.0.0.1:27015 Metatron-Prime:1561 ESTABLISHED
TCP 192.168.1.122:12324 104.244.42.193:https ESTABLISHED
TCP 192.168.1.122:12506 ec2-23-23-191-237:https ESTABLISHED
TCP 192.168.1.122:15924 xx-fbcdn-shv-01-lhr3:https CLOSE_WAIT
TCP 192.168.1.122:15937 a23-65-38-233:https CLOSE_WAIT
TCP 192.168.1.122:33472 a23-209-195-156:https CLOSE_WAIT
TCP 192.168.1.122:34696 157.55.56.147:40036 ESTABLISHED
TCP 192.168.1.122:34701 msnbot-191-232-139-114:https ESTABLISHED
TCP 192.168.1.122:34755 wb-in-f188:5228 ESTABLISHED
TCP 192.168.1.122:34773 ec2-52-72-45-37:https ESTABLISHED
TCP 192.168.1.122:34774 ec2-52-72-196-252:https ESTABLISHED
TCP 192.168.1.122:34930 91.190.216.66:12350 ESTABLISHED
TCP 192.168.1.122:35876 207.46.155.236:https ESTABLISHED
TCP 192.168.1.122:36652 191.232.139.13:https ESTABLISHED
TCP 192.168.1.122:38499 snt405-m:https CLOSE_WAIT
TCP 192.168.1.122:38500 snt405-m:https ESTABLISHED
TCP 192.168.1.122:38937 lhr26s05-in-f14:https ESTABLISHED
TCP 192.168.1.122:39256 lhr26s05-in-f14:https ESTABLISHED
TCP 192.168.1.122:39314 ec2-54-84-31-86:https ESTABLISHED
TCP 192.168.1.122:39315 ec2-52-201-207-113:https ESTABLISHED
TCP 192.168.1.122:39355 stackoverflow:https ESTABLISHED
TCP 192.168.1.122:39765 lhr26s02-in-f3:https ESTABLISHED
TCP 192.168.1.122:40171 87.237.19.50:https ESTABLISHED
TCP 192.168.1.122:40278 fastsuppodt:https CLOSE_WAIT
TCP 192.168.1.122:40279 fastsuppodt:https ESTABLISHED
TCP 192.168.1.122:40285 fastsuppodt:https ESTABLISHED
TCP 192.168.1.122:40286 fastsuppodt:https CLOSE_WAIT
TCP 192.168.1.122:40290 67.217.67.200:https CLOSE_WAIT
TCP 192.168.1.122:40291 67.217.67.200:https ESTABLISHED
TCP 192.168.1.122:40292 67.217.67.200:https ESTABLISHED
TCP 192.168.1.122:40348 65.55.44.109:https ESTABLISHED
TCP 192.168.1.122:40569 ec2-54-243-247-94:https ESTABLISHED
TCP 192.168.1.122:40580 lhr26s05-in-f14:https ESTABLISHED
TCP 192.168.1.122:40583 lhr26s05-in-f14:https ESTABLISHED
TCP 192.168.1.122:40653 68.232.35.111:https ESTABLISHED
TCP 192.168.1.122:40654 68.232.35.111:https ESTABLISHED
TCP 192.168.1.122:40655 68.232.35.111:https ESTABLISHED
TCP 192.168.1.122:40656 68.232.35.111:https ESTABLISHED
TCP 192.168.1.122:40657 68.232.35.111:https ESTABLISHED
TCP 192.168.1.122:40658 68.232.35.111:https ESTABLISHED
TCP 192.168.1.122:40659 a23-209-200-231:https ESTABLISHED
TCP 192.168.1.122:40663 lhr26s05-in-f16:https ESTABLISHED
TCP 192.168.1.122:40665 lhr25s02-in-f8:https ESTABLISHED
TCP 192.168.1.122:40667 a184-30-97-91:https ESTABLISHED
TCP 192.168.1.122:40671 lhr26s05-in-f6:https ESTABLISHED
TCP 192.168.1.122:40674 lhr25s02-in-f110:https ESTABLISHED
TCP 192.168.1.122:40679 wk-in-f155:https ESTABLISHED
TCP 192.168.1.122:40682 104.25.26.12:https ESTABLISHED
TCP 192.168.1.122:40684 185.31.19.193:https ESTABLISHED
TCP 192.168.1.122:40824 ec2-52-86-69-94:https ESTABLISHED
TCP 192.168.1.122:40825 ec2-52-86-69-94:https ESTABLISHED
TCP 192.168.1.122:40828 ec2-52-86-69-94:https ESTABLISHED
TCP 192.168.1.122:40829 ec2-52-86-69-94:https ESTABLISHED
TCP 192.168.1.122:40830 ec2-52-86-69-94:https ESTABLISHED
TCP 192.168.1.122:40831 ec2-52-86-69-94:https ESTABLISHED
TCP 192.168.1.122:40834 lhr25s02-in-f110:https ESTABLISHED
TCP 192.168.1.122:40931 lhr26s05-in-f5:https ESTABLISHED
TCP 192.168.1.122:40950 151.80.207.141:http ESTABLISHED
TCP 192.168.1.122:40954 lhr25s09-in-f2:http ESTABLISHED
TCP 192.168.1.122:40956 lhr26s01-in-f10:https ESTABLISHED
TCP 192.168.1.122:40959 host04:http ESTABLISHED
TCP 192.168.1.122:41000 lhr25s09-in-f2:https ESTABLISHED
TCP 192.168.1.122:41001 lhr25s09-in-f2:https ESTABLISHED
TCP 192.168.1.122:41004 wb-in-f95:https ESTABLISHED
TCP 192.168.1.122:41005 a23-55-122-180:https ESTABLISHED
TCP 192.168.1.122:41006 ec2-54-173-23-49:https TIME_WAIT
TCP 192.168.1.122:41009 lhr26s02-in-f162:https ESTABLISHED
TCP 192.168.1.122:41010 ec2-54-247-115-216:https TIME_WAIT
TCP 192.168.1.122:41011 ec2-176-34-115-222:https TIME_WAIT
TCP 192.168.1.122:41014 a104-65-26-123:https ESTABLISHED
TCP 192.168.1.122:41015 ec2-54-175-1-116:https TIME_WAIT
TCP 192.168.1.122:41016 server-52-85-59-161:https ESTABLISHED
TCP 192.168.1.122:41028 54.239.25.208:http TIME_WAIT
TCP 192.168.1.122:41097 157.56.148.23:https ESTABLISHED
TCP 192.168.1.122:41105 93.184.221.200:https ESTABLISHED
TCP 192.168.1.122:41106 a23-65-46-202:https ESTABLISHED
TCP 192.168.1.122:41107 a104-65-20-192:https ESTABLISHED
TCP 192.168.1.122:41108 a104-65-20-192:https ESTABLISHED
TCP 192.168.1.122:41115 a104-65-20-192:https ESTABLISHED
TCP 192.168.1.122:41120 134.170.188.139:https ESTABLISHED
TCP 192.168.1.122:41121 93.184.221.200:https ESTABLISHED
TCP 192.168.1.122:41124 a104-65-29-50:https ESTABLISHED
TCP 192.168.1.122:41126 a23-195-66-72:https ESTABLISHED
TCP 192.168.1.122:41127 a23-43-75-27:http ESTABLISHED
TCP 192.168.1.122:41128 40.114.241.141:https ESTABLISHED
TCP 192.168.1.122:41164 ec2-54-229-90-9:https ESTABLISHED
TCP 192.168.1.122:41201 a-0001:https ESTABLISHED
TCP 192.168.1.122:41210 server-54-239-164-192:https ESTABLISHED
答案1
立即关闭所有非必要连接
Nirsoft Currports 应该可以帮你完成这项工作。它显示当前打开的 TCP/UDP 连接/端口,并允许你终止连接。你可以在 Nirsoft 网站上找到它。
找到一种方法来过滤和监控连接,这样就不会再发生这种情况
Windows 高级防火墙足以过滤网络活动,我建议将它与下面的应用程序结合使用。
为了监控您的网络活动,我建议结合使用 Wireshare 和 Process Monitor。这两种工具都非常强大,并且包含大量信息。如果您以前从未使用过 Wireshark,我建议您浏览其社区和文档,否则您可能会被呈现的所有信息弄得不知所措。
编辑:
作为@jveazey根据下面评论中的建议,我会将 TCPView 添加到列表中。在这种情况下,它有效地结合了 Currports 和 Proccess Monitor 的功能。
答案2
进程黑客是一款可能适合您目的的工具。我把它安装在我的所有机器上。单击“网络”选项卡并从那里终止任何不需要的连接。并且正如建议的那样,您可以将任何不需要的域添加到 HOSTS 文件中c:\windows\system32\drivers\etc