Re: netstat command

From: Steven L Umbach (n9rou_at_comcast.net)
Date: 10/12/03

  • Next message: Taishi: "Re: netstat command" 
    Date: Sun, 12 Oct 2003 03:14:47 GMT

    Not necessarily. This shows you are connected to various websites and a newserver. If
    a website is not resolved, cut and paste the address such as the 64.71.159.243 shown
    in your browser to see what it resolves to. Also try netstat -an which will list port
    numbers. Fport is a utility that can map listening/connected ports to an application
    or process. I hope you are using a firewall because you have the services www, smtp,
    and ftp listening which unless you are hosting those services or using them
    internally are a vulnerability. Ports 139 and 445 tell that you have file and print
    sharing enabled also which is another huge hole without a firewall. Go to
    http://scan.sygatetech.com/ and do a basic and trojan scan to see what it reports.

    Anytime you suspect something, never hesitate to run a virus/trojan scan. Virus scan
    should be run at least weekly by schedule anyhow using a program such as Norton that
    can do auto updates and scan emails also. I would recommend installing a firewall if
    you are not using one ASAP. If you do have one, then you are at much reduced risk
    from attacks outside your network and you should enable auditing of account logon
    events looking for unusual failures in the security log in Event Viewer. I prefer a
    hardware firewall which can be purchased for as little as $80, or if the budget is
    tight software firewalls are available for free for personal use. Still you should
    disable any services that are not needed. Running Microsoft Baseline Security
    Analyzer can help you with that. see links below for more help. --- Steve

    http://www.attackdenied.com/security_analyzer.htm
    http://www.webattack.com/Freeware/security/fwfirewall.shtml
    http://packetstormsecurity.nl/filedesc/fport.zip.html
    http://www.netgear.com/products/prod_details.asp?prodID=140&view=
    http://www.microsoft.com/security/protect/

    "Taishi" <taishi_bak@hotmail.com> wrote in message
    news:%230LK9nGkDHA.1084@tk2msftngp13.phx.gbl...
    > I can see alot of activity on my ports. Netstat output listed below. I
    > think I have a worm or a trojan. If this is true, Do any of you know what
    > it is?
    >
    > Is it possible for a hacker to view my keystrokes, passwords for my banking
    > account and other private passwords?
    >
    > Regards,
    > T
    >
    > Proto Local Address Foreign Address State
    > TCP my200srv:echo my200srv:0 LISTENING
    > TCP my200srv:discard my200srv:0 LISTENING
    > TCP my200srv:daytime my200srv:0 LISTENING
    > TCP my200srv:qotd my200srv:0 LISTENING
    > TCP my200srv:chargen my200srv:0 LISTENING
    > TCP my200srv:ftp my200srv:0 LISTENING
    > TCP my200srv:smtp my200srv:0 LISTENING
    > TCP my200srv:nameserver my200srv:0 LISTENING
    > TCP my200srv:domain my200srv:0 LISTENING
    > TCP my200srv:http my200srv:0 LISTENING
    > TCP my200srv:epmap my200srv:0 LISTENING
    > TCP my200srv:https my200srv:0 LISTENING
    > TCP my200srv:microsoft-ds my200srv:0 LISTENING
    > TCP my200srv:1026 my200srv:0 LISTENING
    > TCP my200srv:1029 my200srv:0 LISTENING
    > TCP my200srv:1034 my200srv:0 LISTENING
    > TCP my200srv:1036 my200srv:0 LISTENING
    > TCP my200srv:1039 my200srv:0 LISTENING
    > TCP my200srv:1040 my200srv:0 LISTENING
    > TCP my200srv:1873 my200srv:0 LISTENING
    > TCP my200srv:3439 my200srv:0 LISTENING
    > TCP my200srv:3440 my200srv:0 LISTENING
    > TCP my200srv:3441 my200srv:0 LISTENING
    > TCP my200srv:3743 my200srv:0 LISTENING
    > TCP my200srv:4505 my200srv:0 LISTENING
    > TCP my200srv:15000 my200srv:0 LISTENING
    > TCP my200srv:5555 my200srv:0 LISTENING
    > TCP my200srv:netbios-ssn my200srv:0 LISTENING
    > TCP my200srv:1873 msnews.microsoft.com:nntp ESTABLISHED
    > TCP my200srv:3436 64.71.159.243:http TIME_WAIT
    > TCP my200srv:3439 199.181.132.151:http ESTABLISHED
    > TCP my200srv:3440 64.71.159.243:http ESTABLISHED
    > TCP my200srv:3441 64.71.159.243:http SYN_SENT
    > TCP my200srv:3743 newssvr23-ext.news.prodigy.com:nntp
    > ESTABLISHED
    >
    >

  • Next message: Taishi: "Re: netstat command"

    Relevant Pages

    • Re: netstat command
      ... This shows you are connected to various websites and a newserver. ... in your browser to see what it resolves to. ... Fport is a utility that can map listening/connected ports to an application ... I hope you are using a firewall because you have the services www, smtp, ...
      (microsoft.public.security.virus)
    • Re: Cannot browse web pages using IE after set up firewall
      ... > firewall, just open a few ports, but I cannot visit websites now, how ... firewall and can't surf with Internet Explorer anymore. ...
      (microsoft.public.win2000.security)
    • Cannot browse web pages using IE after set up firewall
      ... Hello everyone, I have a windows 2000 server, recently I set up a firewall, ... just open a few ports, but I cannot visit websites now, how should I config ...
      (microsoft.public.win2000.security)
    • Re: Trouble accessing Outlook Web Access from behind firewall
      ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
      (comp.security.firewalls)
    • Re: iptables configuration
      ... >> that if a 'virus/trojan' initiated a connection to the net, the firewall ... >> would not protect the LAN. ... The LAN is NATed with private IPs to one public IP. ... the ports that are used by services running on linux. ...
      (comp.os.linux.security)