Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Background download when playing mp3.

  • 26-03-2007 3:28pm
    #1
    Brando_ie
    Registered Users, Registered Users 2 Posts: 425 ✭✭


    I am experiencing an unusual problem. We are currently receiving a lot of spam messages and have actually exceeded our 3GB mail transfer limit (up from 200mb or so typically monthly)

    In my efforts to try and determine if we are sending (a la Trojan) or receiving (a la spam sending p*$"k) most of this mass mail I installed DuScan to monitor network traffic on the office workstations whilst awaiting our hosts to reset our email stats and we can try to track down the source. Two of the stations started showing an unusual amount of download traffic amounting to approx 1Mb / minute (65+Mb / hour) and after a bit of hit and miss we determined that it was happening whilst ripped mp3's (and i stress ripped not d/l'd) was playing on media player (as far as we can determine, media player was the program used to rip the tunes in the first place).

    The massive download seems to be isolated to two machines in the office and as an test I ripped a tune (non media player encoder) and played it on my own terminal - no background download. Saved to server and villain played it using his media player - background download started, then when I played it back on my media player on my unaffected PC the background downloading started on my machine!!. It appears that the villains terminal somehow tagged the file and when I played the effected file i was hit with the downloading.

    Naturally 2 PC's downloading 1mb/min for a working week could account for 4.2Gb / week of bandwidth which is totally unacceptable and the users have been banned from playing tunes until we get to the bottom of this but I am wondering if anyone has come across anything like this. I am unsure if this might be a DRM issue or a Trojan type problem (virus check come up clean and I would expect U/L not D/L for virus??)

    Any advice welcome

    :confused:


Comments

  • #2
    snappieT
    Registered Users, Registered Users 2 Posts: 3,357 ✭✭✭snappieT


    If you ripped the mp3s yourself, it won't be a DRM issue.

    What media player are you using?
    What CD ripper are you using?
    You say you were monitoring network traffic, can you pinpoint where the affected workstations are connecting to? Could it be an audioscrobbler plugin gone haywire?


  • #3
    Brando_ie
    Registered Users, Registered Users 2 Posts: 425 ✭✭Brando_ie


    1st PC with issues (Win XP) - Windows Media Player 11.0.5721.5145
    2nd PC with issues (Win 2K) - Windows Media Player 9.00.00.3349

    Both villains ripped mp3's to their own PC's with there own version of media player (possibly an earlier version of each due to auto update(s).

    My example of a file not effected with the D/L problem was firstly ripped with FreeRIP 2.931 and did not have the download problem on my own PC until after it was played on villain 2's PC (as described in the OP) Basically, first FreeRip - clean play on my PC, transfered to villains PC - downloading problem, transfered back to my PC - now downloading problem on my PC when playing.

    Not monitoring downloading location. DuScan simply monitors traffic not locations, do you have any suggestions to view / log U/L and D/L traffic and its locations?


  • #4
    snappieT
    Registered Users, Registered Users 2 Posts: 3,357 ✭✭✭snappieT


    Yeah, install ethereal (free), VERY extensive logging, it'll show you each and every packet going through the network card, and you'll be able to see the destination address.
    Do you know what port the data is being sent on even?


  • #5
    papu
    Registered Users, Registered Users 2 Posts: 3,357 ✭✭✭papu


    if ye can get something like mcafee i had it for a while and was amazed at the firewall thing they had it logged all incomming requests and allowed you to back trace it , try disconnecting from the network rip a cd or two and see if anything happens , other than that try ripping a cd with itunes or anyother kinda of media player and see if its not just wmp thats infected , or even upgrade wmp to 11?


  • #6
    snappieT
    Registered Users, Registered Users 2 Posts: 3,357 ✭✭✭snappieT


    For that matter, scratch ethereal, it's more information than you need.

    Peerguradian (it's on sourcefoge), and there's a checkbox that will show you all connections made, which IP and which port. Very very handy.

    Then what you can do is go into your hosts file (c:\windows\system32\drivers\etc), and add a line that has the hostname that keeps connecting, and 127.0.0.1

    This will cause the computer to lookup the DNS of www.thisisthedodgysite.com or whatever to be localhost, which will refuse the connection, and nothing hits the network.

    Feel free to PM me if you need a hand with this.


  • Advertisement
  • #7
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    if you want to cross off trojan/virus as possible reason then dl this
    http://www.majorgeeks.com/download3155.html
    do a "System scan and save a logfile", send that to me and can see if its a trojan.


Advertisement