Hello,
Upon issuing the netstat -t command, I find some lines with the
Foreign Address listing an unknown IP with the State ESTABLISHED (tcp).
After googling and reading the man page for netstat, I'm still unsure
as to what precisely this means other than there is an established
connection. I suppose what I need is to know are these connections a
security risk? And if so, how do I stop them?
Thanks,
Christine
ChristineLWilson@gmail.com wrote:
> Hello,
> Upon issuing the netstat -t command, I find some lines with the
> Foreign Address listing an unknown IP with the State ESTABLISHED (tcp).
> After googling and reading the man page for netstat, I'm still unsure
> as to what precisely this means other than there is an established
> connection. I suppose what I need is to know are these connections a
> security risk? And if so, how do I stop them?
What about using "netstat -tulpen" (Unix) or "netstat -anbo" (Windows)?
This will clearly show you what process owns these connections.
ChristineLWilson@gmail.com said:
> Upon issuing the netstat -t command, I find some lines with the
>Foreign Address listing an unknown IP with the State ESTABLISHED (tcp).
> After googling and reading the man page for netstat, I'm still unsure
>as to what precisely this means other than there is an established
>connection. I suppose what I need is to know are these connections a
>security risk? And if so, how do I stop them?
More often than not, these have been network services (web sites etc) that
have been used by the local user. Including at least port numbers (and
indicating which port number is on local address and which is on remote
address) would do a lot in determining what is going on.
It could also be that the machine has been cracked, and is used for
malicious purposes. But as said, with just the information that there
are connections, it is impossible to make any educated guesses.
If the machine has been cracked, it'll be _very hard_ to be able to
establish trust on the system without doing a complete re-install.
On a cracked system, any part of the system may be set up as an additional
back door (or intelligence gathering service - such as keyboard snooper).
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)