Solved Hundreds of TCP - IPv4 loopback connections?

nums

New member
Member
Local time
8:21 PM
Messages
52
Heya,

Was looking through the resource monitor and noticed I have a large number of TCP Connections going through "IPv4 loopback". It seems to just be going through each port 1 by 1.


https://i.imgur.com/M3VHjcx.png

Anyone know what's happening here?
 

My Computer My Computer

At a glance

Windows 7 Home 64biti5-4670 Quad Core @ 3.40GHz8 GBGTX 780
Computer type
PC/Desktop
OS
Windows 7 Home 64bit
CPU
i5-4670 Quad Core @ 3.40GHz
Motherboard
Gigabyte H87-D3H
Memory
8 GB
Graphics Card(s)
GTX 780
Hard Drives
Samsung SSD 840 EVO 250GB | OZC-VERTEX2 120GB
PSU
SST-ST75F-P
If I've read correctly, Port 1120 is registered to Battlenet for its Blizzard file transfer function. I've never heard of Battlenet, but I guess it has something to do with online games. And I'm not sure why it has a file transfer function. Maybe for downloading games.

Even so, that doesn't explain why it is opening connections that never leave your PC. If you were to run a NETSTAT command (or use some utility that gives connection status) I suspect you will see these connections are mostly in a Close_Wait or Time_Wait. (I used to live in this stuff, but now I can't remember which is which.) One of them can normally last a long time - like 4 minutes. This is the TCP/IP stack's way of insuring that a port stays unused until there is no chance that a packet from a previous connection between the same two end points will wander in an be accepted as part of a new connection.

This is a normal occurrence, but it can be exploited by malware trying to do a Denial of Service attack. This is pretty unlikely, but I describe it below.

If you have some malware, it could be continually opening and closing connections on your loopback addr (for both source and destination) between port 1120 and an ephemeral port. If is does this very fast it can eat up all your ephemeral ports. They will clear up after the wait period, but if it keeps running it will grab the freed ports as soon as they free up.

This DoS scenario would create thousands, not hundreds, of temporarily unusable ports. A more likely scenario would be some local function needing hundreds of short-lived connections withing your pc to do some legitimate work. (But if it's not Battlenet, it should not be using port 1120.)
 

My Computer My Computer

At a glance

Windows 7 x64 ProIntel i7 4771 3.50 GHzKingston DDR3 - 16GBIntel HD Graphics 4600
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom built by Puget Systems
OS
Windows 7 x64 Pro
CPU
Intel i7 4771 3.50 GHz
Motherboard
ASUS Z87-A
Memory
Kingston DDR3 - 16GB
Graphics Card(s)
Intel HD Graphics 4600
Sound Card
M-Audio Delta Audiofile 2496
Monitor(s) Displays
Samsung SyncMasterr 2043 BWX
Hard Drives
Samsung SSD 840 PRO
WDC WD1002FAEX-00Z3A0
PSU
built in - part of case - 650 Watt
Case
Fractal Design R4
Cooling
Coolmaster Hyper TX3
Keyboard
Dell PS/2
Mouse
Logitech USB
Internet Speed
50 Mb Cable
Antivirus
Kaspersky Internet Security 2015
Browser
Firefox
If I've read correctly, Port 1120 is registered to Battlenet for its Blizzard file transfer function. I've never heard of Battlenet, but I guess it has something to do with online games.

Ah, Blizzard has a battle.net app launcher which they use to update and manage their games. If I exit the program the TCP connections stop so I'm guessing it's that, in which case its very unlikely to be malicious.

Thanks for the help. Mystery solved :)
 

My Computer My Computer

At a glance

Windows 7 Home 64biti5-4670 Quad Core @ 3.40GHz8 GBGTX 780
Computer type
PC/Desktop
OS
Windows 7 Home 64bit
CPU
i5-4670 Quad Core @ 3.40GHz
Motherboard
Gigabyte H87-D3H
Memory
8 GB
Graphics Card(s)
GTX 780
Hard Drives
Samsung SSD 840 EVO 250GB | OZC-VERTEX2 120GB
PSU
SST-ST75F-P
Still, hundreds of connections seems odd.
 

My Computer My Computer

At a glance

Windows 7 x64 ProIntel i7 4771 3.50 GHzKingston DDR3 - 16GBIntel HD Graphics 4600
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom built by Puget Systems
OS
Windows 7 x64 Pro
CPU
Intel i7 4771 3.50 GHz
Motherboard
ASUS Z87-A
Memory
Kingston DDR3 - 16GB
Graphics Card(s)
Intel HD Graphics 4600
Sound Card
M-Audio Delta Audiofile 2496
Monitor(s) Displays
Samsung SyncMasterr 2043 BWX
Hard Drives
Samsung SSD 840 PRO
WDC WD1002FAEX-00Z3A0
PSU
built in - part of case - 650 Watt
Case
Fractal Design R4
Cooling
Coolmaster Hyper TX3
Keyboard
Dell PS/2
Mouse
Logitech USB
Internet Speed
50 Mb Cable
Antivirus
Kaspersky Internet Security 2015
Browser
Firefox
Sounds like you have many games and applications phoning home
 

My Computer My Computer

At a glance

Microsoft Windows 7 Ultimate 64-bit 7601 Mult...AMD FX(tm)-6100 Six-Core Processor4.00 GBAMD Radeon HD 6450
Computer type
PC/Desktop
Computer Manufacturer/Model Number
custom build
OS
Microsoft Windows 7 Ultimate 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
AMD FX(tm)-6100 Six-Core Processor
Motherboard
ASUSTeK Computer INC. M5A78L-M LX PLUS
Memory
4.00 GB
Graphics Card(s)
AMD Radeon HD 6450
Sound Card
(1) AMD High Definition Audio Device (2) Realtek High Defi
Monitor(s) Displays
Toshiba 47ZV650U 47" LCD 240Hz
Screen Resolution
1920 x 1080 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
(1) HDT722516DLA380 ATA Device (2) Hitachi HDS721025CLA382 ATA Device (3) ST4000VN000-1H4168 ATA Device (4) Generic STORAGE DEVICE USB Device (5) Generic STORAGE DEVICE USB Device (6) Generic STORAGE DEVICE USB Device (7) Generic STORAGE
PSU
Corsair CX430M
Case
WMI (Waste Management Incorporated)
Cooling
Yes, it's very cool.
Keyboard
Bluetooth KB & Mousepad
Internet Speed
Fios 15/5 and it sucks when Verizon is throttling it down
Antivirus
Avast, MSE and Malwarebytes
Browser
Firefox v.41.0.2 and IE 11
Other Info
2 years old and so far this rig still kicks butt
Back
Top