Heya,
Was looking through the resource monitor and noticed I have a large number of TCP Connections going through "IPv4 loopback". It seems to just be going through each port 1 by 1.
https://i.imgur.com/M3VHjcx.png
Anyone know what's happening here?
If I've read correctly, Port 1120 is registered to Battlenet for its Blizzard file transfer function. I've never heard of Battlenet, but I guess it has something to do with online games. And I'm not sure why it has a file transfer function. Maybe for downloading games.
Even so, that doesn't explain why it is opening connections that never leave your PC. If you were to run a NETSTAT command (or use some utility that gives connection status) I suspect you will see these connections are mostly in a Close_Wait or Time_Wait. (I used to live in this stuff, but now I can't remember which is which.) One of them can normally last a long time - like 4 minutes. This is the TCP/IP stack's way of insuring that a port stays unused until there is no chance that a packet from a previous connection between the same two end points will wander in an be accepted as part of a new connection.
This is a normal occurrence, but it can be exploited by malware trying to do a Denial of Service attack. This is pretty unlikely, but I describe it below.
If you have some malware, it could be continually opening and closing connections on your loopback addr (for both source and destination) between port 1120 and an ephemeral port. If is does this very fast it can eat up all your ephemeral ports. They will clear up after the wait period, but if it keeps running it will grab the freed ports as soon as they free up.
This DoS scenario would create thousands, not hundreds, of temporarily unusable ports. A more likely scenario would be some local function needing hundreds of short-lived connections withing your pc to do some legitimate work. (But if it's not Battlenet, it should not be using port 1120.)
Still, hundreds of connections seems odd.
Sounds like you have many games and applications phoning home
Quote