odd network traffic after installing ftp server
Moderator: Project members
odd network traffic after installing ftp server
so I installed the ftp server on windows 10 from this link https://filezilla-project.org/download.php?type=server and all is well and the server is running fine....
however I continuously log my network traffic and all of a sudden I am seeing this traffic..........(sorry about the formatting ..but you get the picture...)
any idea what this is...I'd hate to stop using this fine product because of this..but I am concerned, that I may have gotten more than I had expected
and ..no I absolutely did not agree to any 3rd party programs being installed on my computer
7/2/2020 8:13:38 PM Open 136.243.75.9 hosting.adhigh.net 50251 443 chrome.exe Germany
7/2/2020 8:15:51 PM Close 136.243.75.9 hosting.adhigh.net 50251 443 chrome.exe Germany
7/2/2020 8:17:05 PM Open 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
7/2/2020 8:17:06 PM Open 49.12.121.47 filezilla-project.org 50290 443 chrome.exe Germany
7/2/2020 8:17:08 PM Close 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
7/2/2020 8:17:12 PM Close 49.12.121.47 filezilla-project.org 50290 443 chrome.exe Germany
7/2/2020 8:17:26 PM Open 49.12.121.47 filezilla-project.org 50310 443 chrome.exe Germany
7/2/2020 8:17:29 PM Close 49.12.121.47 filezilla-project.org 50310 443 chrome.exe Germany
7/2/2020 8:17:35 PM Open 49.12.121.47 filezilla-project.org 50311 443 chrome.exe Germany
7/2/2020 8:17:37 PM Close 49.12.121.47 filezilla-project.org 50311 443 chrome.exe Germany
7/2/2020 8:17:58 PM Open 49.12.121.47 filezilla-project.org 50312 443 chrome.exe Germany
7/2/2020 8:18:01 PM Close 49.12.121.47 filezilla-project.org 50312 443 chrome.exe Germany
7/2/2020 8:18:30 PM Open 49.12.121.47 filezilla-project.org 50314 443 chrome.exe Germany
7/2/2020 8:18:32 PM Close 49.12.121.47 filezilla-project.org 50314 443 chrome.exe Germany
7/2/2020 8:13:07 PM Open 217.182.200.19 50176 443 chrome.exe France
7/2/2020 8:13:38 PM Open 51.210.112.64 ns3174900.ip-51-210-112.eu 50254 443 chrome.exe France
7/2/2020 8:13:41 PM Close 51.210.112.64 ns3174900.ip-51-210-112.eu 50254 443 chrome.exe France
7/2/2020 8:14:47 PM Close 217.182.200.19 50176 443 chrome.exe France
7/2/2020 8:13:06 PM Open 209.15.36.33 50144 443 chrome.exe Canada
7/2/2020 8:13:07 PM Open 209.15.36.33 50199 443 chrome.exe Canada
7/2/2020 8:13:07 PM Open 199.187.193.166 50205 443 chrome.exe Canada
7/2/2020 8:13:12 PM Close 209.15.36.33 50199 443 chrome.exe Canada
7/2/2020 8:13:14 PM Close 209.15.36.33 50144 443 chrome.exe Canada
7/2/2020 8:15:51 PM Close 199.187.193.166 50205 443 chrome.exe Canada
however I continuously log my network traffic and all of a sudden I am seeing this traffic..........(sorry about the formatting ..but you get the picture...)
any idea what this is...I'd hate to stop using this fine product because of this..but I am concerned, that I may have gotten more than I had expected
and ..no I absolutely did not agree to any 3rd party programs being installed on my computer
7/2/2020 8:13:38 PM Open 136.243.75.9 hosting.adhigh.net 50251 443 chrome.exe Germany
7/2/2020 8:15:51 PM Close 136.243.75.9 hosting.adhigh.net 50251 443 chrome.exe Germany
7/2/2020 8:17:05 PM Open 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
7/2/2020 8:17:06 PM Open 49.12.121.47 filezilla-project.org 50290 443 chrome.exe Germany
7/2/2020 8:17:08 PM Close 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
7/2/2020 8:17:12 PM Close 49.12.121.47 filezilla-project.org 50290 443 chrome.exe Germany
7/2/2020 8:17:26 PM Open 49.12.121.47 filezilla-project.org 50310 443 chrome.exe Germany
7/2/2020 8:17:29 PM Close 49.12.121.47 filezilla-project.org 50310 443 chrome.exe Germany
7/2/2020 8:17:35 PM Open 49.12.121.47 filezilla-project.org 50311 443 chrome.exe Germany
7/2/2020 8:17:37 PM Close 49.12.121.47 filezilla-project.org 50311 443 chrome.exe Germany
7/2/2020 8:17:58 PM Open 49.12.121.47 filezilla-project.org 50312 443 chrome.exe Germany
7/2/2020 8:18:01 PM Close 49.12.121.47 filezilla-project.org 50312 443 chrome.exe Germany
7/2/2020 8:18:30 PM Open 49.12.121.47 filezilla-project.org 50314 443 chrome.exe Germany
7/2/2020 8:18:32 PM Close 49.12.121.47 filezilla-project.org 50314 443 chrome.exe Germany
7/2/2020 8:13:07 PM Open 217.182.200.19 50176 443 chrome.exe France
7/2/2020 8:13:38 PM Open 51.210.112.64 ns3174900.ip-51-210-112.eu 50254 443 chrome.exe France
7/2/2020 8:13:41 PM Close 51.210.112.64 ns3174900.ip-51-210-112.eu 50254 443 chrome.exe France
7/2/2020 8:14:47 PM Close 217.182.200.19 50176 443 chrome.exe France
7/2/2020 8:13:06 PM Open 209.15.36.33 50144 443 chrome.exe Canada
7/2/2020 8:13:07 PM Open 209.15.36.33 50199 443 chrome.exe Canada
7/2/2020 8:13:07 PM Open 199.187.193.166 50205 443 chrome.exe Canada
7/2/2020 8:13:12 PM Close 209.15.36.33 50199 443 chrome.exe Canada
7/2/2020 8:13:14 PM Close 209.15.36.33 50144 443 chrome.exe Canada
7/2/2020 8:15:51 PM Close 199.187.193.166 50205 443 chrome.exe Canada
Re: odd network traffic after installing ftp server
As you didn't post the column headers, I need to ask: Are you running your server on port 443?
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 4
- Joined: 2020-07-03 11:27
- First name: Lance
- Last name: Palatini
Re: odd network traffic after installing ftp server
sorry..i accidentally messed up my account and had to create another one - I am the original poster
yes I am running the ftp server on a non-standard port but not 443
2 more items -
i checked the hash on the downloaded install file and it is correct - so the file matches what has been defined by the website
i de-installed the filezilla server last night and for the past 12 hours, i have not seen the offending network traffic
while the filezilla server was installed I ran the usual virus and adware scans and the server came up pretty clean
i am port forwarding through my google wifi router but only have a few selected ports open (443 is not one of them)
I am also using a paid ddns but these were in place for a few months without having this issue
I also have the windows firewall pretty well restricted
I might re-install and monitor this with wireshark, but again I did not expect to see this kind of traffic
yes I am running the ftp server on a non-standard port but not 443
2 more items -
i checked the hash on the downloaded install file and it is correct - so the file matches what has been defined by the website
i de-installed the filezilla server last night and for the past 12 hours, i have not seen the offending network traffic
while the filezilla server was installed I ran the usual virus and adware scans and the server came up pretty clean
i am port forwarding through my google wifi router but only have a few selected ports open (443 is not one of them)
I am also using a paid ddns but these were in place for a few months without having this issue
I also have the windows firewall pretty well restricted
I might re-install and monitor this with wireshark, but again I did not expect to see this kind of traffic
Re: odd network traffic after installing ftp server
This traffic is not coming from FileZilla Server.
-
- 500 Command not understood
- Posts: 4
- Joined: 2020-07-03 11:27
- First name: Lance
- Last name: Palatini
Re: odd network traffic after installing ftp server
I have not said that there is anything nefarious going on...
but doesn't it seem a bit "off" that right after I installed the server .. I get traffic from a IPs in Germany etc....and after I de-install the traffic goes away???
I normally see a lot of microsoft driven svhost traffic whic is annoying but normal...akamai highwinds etc. all legit ... but this stuff is new and somewhat troubling...
but doesn't it seem a bit "off" that right after I installed the server .. I get traffic from a IPs in Germany etc....and after I de-install the traffic goes away???
I normally see a lot of microsoft driven svhost traffic whic is annoying but normal...akamai highwinds etc. all legit ... but this stuff is new and somewhat troubling...
Re: odd network traffic after installing ftp server
If it wasn't for the chrome.exe part, it might have been the IP check (if enabled).7/2/2020 8:17:05 PM Open 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 4
- Joined: 2020-07-03 11:27
- First name: Lance
- Last name: Palatini
Re: odd network traffic after installing ftp server
yup .. and one of the first things that I checked was that I didn't have any new chrome extensions installed
now that my curiosity has been triggered I might just re-install and let wireshark do it's thing
now that my curiosity has been triggered I might just re-install and let wireshark do it's thing
-
- 500 Command not understood
- Posts: 4
- Joined: 2020-07-03 11:27
- First name: Lance
- Last name: Palatini
Re: odd network traffic after installing ftp server
soooo...about 16 hours after the filezilla server was de-installed I saw a pair of hits from that address in germany
so...I reinstalled the ftp server because I needed it and just blocked the offending ip addresses in my firewall
not getting any strange traffic now (16 hours)
so...I reinstalled the ftp server because I needed it and just blocked the offending ip addresses in my firewall
not getting any strange traffic now (16 hours)