odd network traffic after installing ftp server

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
nighthawk33

odd network traffic after installing ftp server

#1 Post by nighthawk33 » 2020-07-03 00:47

so I installed the ftp server on windows 10 from this link https://filezilla-project.org/download.php?type=server and all is well and the server is running fine....

however I continuously log my network traffic and all of a sudden I am seeing this traffic..........(sorry about the formatting ..but you get the picture...)

any idea what this is...I'd hate to stop using this fine product because of this..but I am concerned, that I may have gotten more than I had expected

and ..no I absolutely did not agree to any 3rd party programs being installed on my computer

7/2/2020 8:13:38 PM Open 136.243.75.9 hosting.adhigh.net 50251 443 chrome.exe Germany
7/2/2020 8:15:51 PM Close 136.243.75.9 hosting.adhigh.net 50251 443 chrome.exe Germany
7/2/2020 8:17:05 PM Open 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
7/2/2020 8:17:06 PM Open 49.12.121.47 filezilla-project.org 50290 443 chrome.exe Germany
7/2/2020 8:17:08 PM Close 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
7/2/2020 8:17:12 PM Close 49.12.121.47 filezilla-project.org 50290 443 chrome.exe Germany
7/2/2020 8:17:26 PM Open 49.12.121.47 filezilla-project.org 50310 443 chrome.exe Germany
7/2/2020 8:17:29 PM Close 49.12.121.47 filezilla-project.org 50310 443 chrome.exe Germany
7/2/2020 8:17:35 PM Open 49.12.121.47 filezilla-project.org 50311 443 chrome.exe Germany
7/2/2020 8:17:37 PM Close 49.12.121.47 filezilla-project.org 50311 443 chrome.exe Germany
7/2/2020 8:17:58 PM Open 49.12.121.47 filezilla-project.org 50312 443 chrome.exe Germany
7/2/2020 8:18:01 PM Close 49.12.121.47 filezilla-project.org 50312 443 chrome.exe Germany
7/2/2020 8:18:30 PM Open 49.12.121.47 filezilla-project.org 50314 443 chrome.exe Germany
7/2/2020 8:18:32 PM Close 49.12.121.47 filezilla-project.org 50314 443 chrome.exe Germany
7/2/2020 8:13:07 PM Open 217.182.200.19 50176 443 chrome.exe France
7/2/2020 8:13:38 PM Open 51.210.112.64 ns3174900.ip-51-210-112.eu 50254 443 chrome.exe France
7/2/2020 8:13:41 PM Close 51.210.112.64 ns3174900.ip-51-210-112.eu 50254 443 chrome.exe France
7/2/2020 8:14:47 PM Close 217.182.200.19 50176 443 chrome.exe France
7/2/2020 8:13:06 PM Open 209.15.36.33 50144 443 chrome.exe Canada
7/2/2020 8:13:07 PM Open 209.15.36.33 50199 443 chrome.exe Canada
7/2/2020 8:13:07 PM Open 199.187.193.166 50205 443 chrome.exe Canada
7/2/2020 8:13:12 PM Close 209.15.36.33 50199 443 chrome.exe Canada
7/2/2020 8:13:14 PM Close 209.15.36.33 50144 443 chrome.exe Canada
7/2/2020 8:15:51 PM Close 199.187.193.166 50205 443 chrome.exe Canada

User avatar
boco
Contributor
Posts: 26913
Joined: 2006-05-01 03:28
Location: Germany

Re: odd network traffic after installing ftp server

#2 Post by boco » 2020-07-03 09:46

As you didn't post the column headers, I need to ask: Are you running your server on port 443?
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

nighthawk34
500 Command not understood
Posts: 4
Joined: 2020-07-03 11:27
First name: Lance
Last name: Palatini

Re: odd network traffic after installing ftp server

#3 Post by nighthawk34 » 2020-07-03 11:42

sorry..i accidentally messed up my account and had to create another one - I am the original poster

yes I am running the ftp server on a non-standard port but not 443

2 more items -

i checked the hash on the downloaded install file and it is correct - so the file matches what has been defined by the website

i de-installed the filezilla server last night and for the past 12 hours, i have not seen the offending network traffic

while the filezilla server was installed I ran the usual virus and adware scans and the server came up pretty clean

i am port forwarding through my google wifi router but only have a few selected ports open (443 is not one of them)
I am also using a paid ddns but these were in place for a few months without having this issue

I also have the windows firewall pretty well restricted

I might re-install and monitor this with wireshark, but again I did not expect to see this kind of traffic

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: odd network traffic after installing ftp server

#4 Post by botg » 2020-07-03 12:38

This traffic is not coming from FileZilla Server.

nighthawk34
500 Command not understood
Posts: 4
Joined: 2020-07-03 11:27
First name: Lance
Last name: Palatini

Re: odd network traffic after installing ftp server

#5 Post by nighthawk34 » 2020-07-03 12:48

I have not said that there is anything nefarious going on...

but doesn't it seem a bit "off" that right after I installed the server .. I get traffic from a IPs in Germany etc....and after I de-install the traffic goes away???

I normally see a lot of microsoft driven svhost traffic whic is annoying but normal...akamai highwinds etc. all legit ... but this stuff is new and somewhat troubling...

User avatar
boco
Contributor
Posts: 26913
Joined: 2006-05-01 03:28
Location: Germany

Re: odd network traffic after installing ftp server

#6 Post by boco » 2020-07-03 13:06

7/2/2020 8:17:05 PM Open 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
If it wasn't for the chrome.exe part, it might have been the IP check (if enabled).
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

nighthawk34
500 Command not understood
Posts: 4
Joined: 2020-07-03 11:27
First name: Lance
Last name: Palatini

Re: odd network traffic after installing ftp server

#7 Post by nighthawk34 » 2020-07-03 13:15

yup .. and one of the first things that I checked was that I didn't have any new chrome extensions installed

now that my curiosity has been triggered I might just re-install and let wireshark do it's thing

nighthawk34
500 Command not understood
Posts: 4
Joined: 2020-07-03 11:27
First name: Lance
Last name: Palatini

Re: odd network traffic after installing ftp server

#8 Post by nighthawk34 » 2020-07-04 00:15

soooo...about 16 hours after the filezilla server was de-installed I saw a pair of hits from that address in germany

so...I reinstalled the ftp server because I needed it and just blocked the offending ip addresses in my firewall

not getting any strange traffic now (16 hours)

Post Reply