odd network traffic after installing ftp server

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
nighthawk33
500 Command not understood
Posts: 1
Joined: 2020-07-03 00:26
First name: Lance
Last name: Not Provided

odd network traffic after installing ftp server

#1 Post by nighthawk33 » 2020-07-03 00:47

so I installed the ftp server on windows 10 from this link https://filezilla-project.org/download.php?type=server and all is well and the server is running fine....

however I continuously log my network traffic and all of a sudden I am seeing this traffic..........(sorry about the formatting ..but you get the picture...)

any idea what this is...I'd hate to stop using this fine product because of this..but I am concerned, that I may have gotten more than I had expected

and ..no I absolutely did not agree to any 3rd party programs being installed on my computer

7/2/2020 8:13:38 PM Open 136.243.75.9 hosting.adhigh.net 50251 443 chrome.exe Germany
7/2/2020 8:15:51 PM Close 136.243.75.9 hosting.adhigh.net 50251 443 chrome.exe Germany
7/2/2020 8:17:05 PM Open 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
7/2/2020 8:17:06 PM Open 49.12.121.47 filezilla-project.org 50290 443 chrome.exe Germany
7/2/2020 8:17:08 PM Close 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
7/2/2020 8:17:12 PM Close 49.12.121.47 filezilla-project.org 50290 443 chrome.exe Germany
7/2/2020 8:17:26 PM Open 49.12.121.47 filezilla-project.org 50310 443 chrome.exe Germany
7/2/2020 8:17:29 PM Close 49.12.121.47 filezilla-project.org 50310 443 chrome.exe Germany
7/2/2020 8:17:35 PM Open 49.12.121.47 filezilla-project.org 50311 443 chrome.exe Germany
7/2/2020 8:17:37 PM Close 49.12.121.47 filezilla-project.org 50311 443 chrome.exe Germany
7/2/2020 8:17:58 PM Open 49.12.121.47 filezilla-project.org 50312 443 chrome.exe Germany
7/2/2020 8:18:01 PM Close 49.12.121.47 filezilla-project.org 50312 443 chrome.exe Germany
7/2/2020 8:18:30 PM Open 49.12.121.47 filezilla-project.org 50314 443 chrome.exe Germany
7/2/2020 8:18:32 PM Close 49.12.121.47 filezilla-project.org 50314 443 chrome.exe Germany
7/2/2020 8:13:07 PM Open 217.182.200.19 50176 443 chrome.exe France
7/2/2020 8:13:38 PM Open 51.210.112.64 ns3174900.ip-51-210-112.eu 50254 443 chrome.exe France
7/2/2020 8:13:41 PM Close 51.210.112.64 ns3174900.ip-51-210-112.eu 50254 443 chrome.exe France
7/2/2020 8:14:47 PM Close 217.182.200.19 50176 443 chrome.exe France
7/2/2020 8:13:06 PM Open 209.15.36.33 50144 443 chrome.exe Canada
7/2/2020 8:13:07 PM Open 209.15.36.33 50199 443 chrome.exe Canada
7/2/2020 8:13:07 PM Open 199.187.193.166 50205 443 chrome.exe Canada
7/2/2020 8:13:12 PM Close 209.15.36.33 50199 443 chrome.exe Canada
7/2/2020 8:13:14 PM Close 209.15.36.33 50144 443 chrome.exe Canada
7/2/2020 8:15:51 PM Close 199.187.193.166 50205 443 chrome.exe Canada

User avatar
boco
Contributor
Posts: 25330
Joined: 2006-05-01 03:28
Location: Germany

Re: odd network traffic after installing ftp server

#2 Post by boco » 2020-07-03 09:46

As you didn't post the column headers, I need to ask: Are you running your server on port 443?
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

nighthawk34
500 Command not understood
Posts: 4
Joined: 2020-07-03 11:27
First name: Lance
Last name: Palatini

Re: odd network traffic after installing ftp server

#3 Post by nighthawk34 » 2020-07-03 11:42

sorry..i accidentally messed up my account and had to create another one - I am the original poster

yes I am running the ftp server on a non-standard port but not 443

2 more items -

i checked the hash on the downloaded install file and it is correct - so the file matches what has been defined by the website

i de-installed the filezilla server last night and for the past 12 hours, i have not seen the offending network traffic

while the filezilla server was installed I ran the usual virus and adware scans and the server came up pretty clean

i am port forwarding through my google wifi router but only have a few selected ports open (443 is not one of them)
I am also using a paid ddns but these were in place for a few months without having this issue

I also have the windows firewall pretty well restricted

I might re-install and monitor this with wireshark, but again I did not expect to see this kind of traffic

User avatar
botg
Site Admin
Posts: 33238
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: odd network traffic after installing ftp server

#4 Post by botg » 2020-07-03 12:38

This traffic is not coming from FileZilla Server.

nighthawk34
500 Command not understood
Posts: 4
Joined: 2020-07-03 11:27
First name: Lance
Last name: Palatini

Re: odd network traffic after installing ftp server

#5 Post by nighthawk34 » 2020-07-03 12:48

I have not said that there is anything nefarious going on...

but doesn't it seem a bit "off" that right after I installed the server .. I get traffic from a IPs in Germany etc....and after I de-install the traffic goes away???

I normally see a lot of microsoft driven svhost traffic whic is annoying but normal...akamai highwinds etc. all legit ... but this stuff is new and somewhat troubling...

User avatar
boco
Contributor
Posts: 25330
Joined: 2006-05-01 03:28
Location: Germany

Re: odd network traffic after installing ftp server

#6 Post by boco » 2020-07-03 13:06

7/2/2020 8:17:05 PM Open 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
If it wasn't for the chrome.exe part, it might have been the IP check (if enabled).
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

nighthawk34
500 Command not understood
Posts: 4
Joined: 2020-07-03 11:27
First name: Lance
Last name: Palatini

Re: odd network traffic after installing ftp server

#7 Post by nighthawk34 » 2020-07-03 13:15

yup .. and one of the first things that I checked was that I didn't have any new chrome extensions installed

now that my curiosity has been triggered I might just re-install and let wireshark do it's thing

nighthawk34
500 Command not understood
Posts: 4
Joined: 2020-07-03 11:27
First name: Lance
Last name: Palatini

Re: odd network traffic after installing ftp server

#8 Post by nighthawk34 » 2020-07-04 00:15

soooo...about 16 hours after the filezilla server was de-installed I saw a pair of hits from that address in germany

so...I reinstalled the ftp server because I needed it and just blocked the offending ip addresses in my firewall

not getting any strange traffic now (16 hours)

Post Reply