Link to home
Start Free TrialLog in
Avatar of aphuk
aphuk

asked on

Internet Gateway > Internet Connection' LIVE CALL WHAT IS THIS FOR ??

I am running XP Home edition 2002 sp2

in my Network connections I found an
'Internet Gateway > Internet Connection'
which i am sure i have never seen before

when i viewed the properties of the  'Internet Connection'
icon it had a 'settings' button

clicking this opened a 'services' dialog which had 3 entries

livecall (192.168.1.100:8345) 21985 UDP
livecall (192.168.1.100:8345) 36069 TCP
MsnMsgr (192.168.1.100:10205) 4582 UDP

I unchecked these items and also 'disabled' this interent gateway and my internet still seems to be running fine

I do have SKYPE and MSN installed and i use SKYPE for VoiP
 Can anyone tell me whether these settings have allowed someone to access my PC ?
Avatar of giltjr
giltjr
Flag of United States of America image

Livecall looks like http://www.liveperson.com/sb/livecall.asp
MsnMsgr is most likely MSN Messenger from Microsoft, an online chat and instant messaging client.

Do you use either one of these?
Avatar of aphuk
aphuk

ASKER

i do not use Livecall
i do use MSN & SKYPE and i noticed this time that i also now have a check box for SKYPE in the connection list

is 'Internet Gateway > Internet Connection' always present when you are online ?  i am sure i have never seen it before
Avatar of aphuk

ASKER

for now  have set the 'Internet Gateway > Internet Connection'  to disabled, what impact will this have on SKYPE & MSN msgr?
I am not really sure.  I have not seen "Internet Gatgeway > Internet Connection" before, but what I think this may is Internet Connection Sharing.  Have you ever configured your computer to allow Internet Connection Sharing before?
Internet Gateway is alos a result of UPnP, a service that allows for dynamic configuration of the router. If you go to start>run>services.msc, and disable Univeral Plug and Play, then reboot... Does it appear?
Avatar of aphuk

ASKER

this time round only the MSnMsgr was checked ?!*
stopped the service
it said dependency was from Windows Media Player
that may be because MSN displays whatever music i am playing on the MSN title bar ...??
Avatar of aphuk

ASKER

service was stopped
machine was rebooted
conditions still exist and i now have 4 items back in the list
livecall (192.168.1.100:8345) 21985 UDP
livecall (192.168.1.100:8345) 36069 TCP
MsnMsgr (192.168.1.100:10205) 4582 UDP
SKYPE

services show Upnp running as a manual service
Can you upload the dump files from c:\windows\minidump for us to look at?

Http://www.ee-stuff.com is a free upload site for us....

Might be able to pinpoint the fauting modules in there....
Not sure if it is directly related, but there is a MSN Messenger plugin for Windows Media player.  one of the features is if you are using MSN Messenger as a IM client, it will display the music you have been listening to with Windows Media player.

http://www.mess.be/msnmessengerfaq/article.php?id=117&action=print

It is also possible that Windows Media player does use MSN Messenger to get the information about music you are listening to.

As to the livecall stuff, did you look at the Web Page I referred you to earlier?  Did it look/sound familure?  Do you, or did you, ever have 3rd party support?
Avatar of aphuk

ASKER

giltjr:
looked at this 'livecall' site and it is not familiar to me at all but you know how it is , in the past i have used direct contact dialog boxes to some websites (talk to a LIVE operator) but not for a LONG time!!
Also no sure why there are two of them in the list. The only 3rd party support i can recall is PREVX. It would be nice if these references were signed as to who put it in my configuration!!

I can delete the 'service' using the properties but as soon as i restart the machine the service is back

i have screen shots available but cannot get them onto Http://www.ee-stuff.com as it appears to be in flux at the minute
Avatar of aphuk

ASKER

johnb6767:
Http://www.ee-stuff.com appears to be unavailable at the moment

I have one minidump on my machine from Aug 2006.
You may want to get HijackThis (http://www.spywareinfo.com/~merijn/programs.php)  and run it to see what it says.

I did a little more searching and it seems that livecall may also be related to MSN Messenger.

Avatar of aphuk

ASKER

Thanks Tolomir. Thought someone would have been able to shed light on this one.?!
Do you think that somebody has accessed your computer?  

If you do a:

     netstat -ano

Do you show anything running with those ports open?  Those settings by themself would not have allowed somebody to access your computer.  If you have your firewall configured correctly then nobody should have been able to get into your computer.

However if your firewall is not configured correctly, then almost anybody can.
Avatar of aphuk

ASKER

i am not sure if someone has accessed my computer

netstat -ano reports the following, but I am not sure if this is GOOD or BAD ?

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       3812
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1012
  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING       3812
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:990            0.0.0.0:0              LISTENING       2428
  TCP    0.0.0.0:999            0.0.0.0:0              LISTENING       3784
  TCP    0.0.0.0:2869           0.0.0.0:0              LISTENING       1244
  TCP    0.0.0.0:10243          0.0.0.0:0              LISTENING       2036
  TCP    0.0.0.0:26675          0.0.0.0:0              LISTENING       3784
  TCP    0.0.0.0:57830          0.0.0.0:0              LISTENING       3812
  TCP    127.0.0.1:1029         0.0.0.0:0              LISTENING       708
  TCP    127.0.0.1:4664         0.0.0.0:0              LISTENING       3480
  TCP    127.0.0.1:5679         0.0.0.0:0              LISTENING       2280
  TCP    127.0.0.1:7438         0.0.0.0:0              LISTENING       2280
  TCP    169.254.2.2:139        0.0.0.0:0              LISTENING       4
  TCP    169.254.2.2:990        169.254.2.1:1139       ESTABLISHED     2428
  TCP    169.254.2.2:990        169.254.2.1:1141       ESTABLISHED     2428
  TCP    169.254.2.2:999        169.254.2.1:1142       ESTABLISHED     3784
  TCP    169.254.2.2:5678       169.254.2.1:1143       ESTABLISHED     3784
  TCP    169.254.2.2:5678       169.254.2.1:1144       ESTABLISHED     3784
  TCP    169.254.2.2:5721       0.0.0.0:0              LISTENING       2428
  TCP    169.254.2.2:26675      169.254.2.1:1158       ESTABLISHED     4
  TCP    192.168.1.101:139      0.0.0.0:0              LISTENING       4
  TCP    192.168.1.101:1138     207.46.109.42:1863     ESTABLISHED     1424
  TCP    192.168.1.101:1341     24.225.201.62:56841    ESTABLISHED     3812
  TCP    192.168.1.101:1933     62.189.194.207:80      TIME_WAIT       0
  TCP    192.168.1.101:1935     64.156.132.140:80      TIME_WAIT       0
  TCP    192.168.1.101:1964     62.189.194.207:80      TIME_WAIT       0
  TCP    192.168.1.101:2807     192.168.10.70:445      ESTABLISHED     4
  TCP    192.168.1.101:58898    192.168.1.1:2869       CLOSING         1424
  UDP    0.0.0.0:445            *:*                                    4
  UDP    0.0.0.0:500            *:*                                    752
  UDP    0.0.0.0:1028           *:*                                    1472
  UDP    0.0.0.0:1041           *:*                                    1164
  UDP    0.0.0.0:1099           *:*                                    1424
  UDP    0.0.0.0:1136           *:*                                    1164
  UDP    0.0.0.0:4500           *:*                                    752
  UDP    0.0.0.0:57830          *:*                                    3812
  UDP    127.0.0.1:123          *:*                                    1092
  UDP    127.0.0.1:1080         *:*                                    3812
  UDP    127.0.0.1:1131         *:*                                    1424
  UDP    127.0.0.1:1900         *:*                                    1244
  UDP    127.0.0.1:1931         *:*                                    1396
  UDP    127.0.0.1:1946         *:*                                    3356
  UDP    169.254.2.2:123        *:*                                    1092
  UDP    169.254.2.2:137        *:*                                    4
  UDP    169.254.2.2:138        *:*                                    4
  UDP    169.254.2.2:1900       *:*                                    1244
  UDP    169.254.2.2:15797      *:*                                    1424
  UDP    169.254.2.2:62567      *:*                                    1424
  UDP    192.168.1.101:123      *:*                                    1092
  UDP    192.168.1.101:137      *:*                                    4
  UDP    192.168.1.101:138      *:*                                    4
  UDP    192.168.1.101:1900     *:*                                    1244
  UDP    192.168.1.101:12215    *:*                                    1424
  UDP    192.168.1.101:60844    *:*                                    1424
O.K, it looks like you have two network connections.  Are you using this as a Internet Connection Sharing devices?


I would figure out what all of the following is.  You need to find out what  the PIDs are.  These are listening, which means they are waiting for somebody to connect to them.  If your firewall is not configured properly, then somebody could connect to your computer via the Internet.

TCP    0.0.0.0:990            0.0.0.0:0              LISTENING       2428
TCP    0.0.0.0:999            0.0.0.0:0              LISTENING       3784
TCP    0.0.0.0:2869           0.0.0.0:0              LISTENING       1244
TCP    0.0.0.0:10243          0.0.0.0:0              LISTENING       2036
TCP    0.0.0.0:26675          0.0.0.0:0              LISTENING       3784
TCP    0.0.0.0:57830          0.0.0.0:0              LISTENING       3812
UDP    192.168.1.101:1900     *:*                                    1244
UDP    192.168.1.101:12215    *:*                                    1424
UDP    192.168.1.101:60844    *:*                                    1424
UDP    169.254.2.2:1900       *:*                                    1244
UDP    169.254.2.2:15797      *:*                                    1424
UDP    169.254.2.2:62567      *:*                                    1424
ASKER CERTIFIED SOLUTION
Avatar of johnb6767
johnb6767
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of aphuk

ASKER

giltjr:

sorry did not get back sooner but i have been in a location with no internet connection

can you help me with finding out what the PID's are ?

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of aphuk

ASKER

Sorry it took so long but I got there in the end. Only Grey area is
'Internet Gateway > Internet Connection'
from what i can work out it seems that if i have a wireless connection then it appears
if i am using cable then it does'nt
I have both network types on my laptop.

Used Netstat and TCPView for Windows v2.4 and then good old Google to look up each item in the list and they all seemed to be Valid so 'all's well that ends well'
My guess is that you have your computer configured for Internet Connection Sharing (ICS).  This is only active if you have two network connection.  You can't use ICS with a single connection.
Avatar of aphuk

ASKER

found how it can be installed here
http://www.practicallynetworked.com/sharing/xp_ics/

found out how to remove it here
http://support.microsoft.com/kb/263276