werid netstat result :S

Stuff that don´t fit in the other categories.
Post Reply
User avatar
l0ngb1t
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 598
Joined: 15 Apr 2009, 16:00
15
Contact:
Contact l0ngb1t

werid netstat result :S

Post by l0ngb1t »

this half of my netstat result (the weird part)
TCP WINXP:7299 143.215.143.11:http CLOSE_WAIT
TCP WINXP:7314 ec2-174-129-39-108.compute-1.amazonaws.com:http
FIN_WAIT_2
TCP WINXP:7353 ec2-174-129-39-108.compute-1.amazonaws.com:http
ESTABLISHED
TCP WINXP:7362 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7365 ec2-174-129-39-108.compute-1.amazonaws.com:http
ESTABLISHED
TCP WINXP:7368 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7371 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7374 ec2-174-129-39-108.compute-1.amazonaws.com:http
ESTABLISHED
TCP WINXP:7377 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7383 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7386 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7389 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7392 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7395 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7398 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7401 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7404 ec2-174-129-39-108.compute-1.amazonaws.com:http
ESTABLISHED
TCP WINXP:7410 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7413 ec2-174-129-39-108.compute-1.amazonaws.com:http
ESTABLISHED
TCP WINXP:7416 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7419 ec2-174-129-39-108.compute-1.amazonaws.com:http
ESTABLISHED
TCP WINXP:7422 ec2-174-129-39-108.compute-1.amazonaws.com:http
ESTABLISHED
TCP WINXP:7425 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7428 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7431 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7437 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7440 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7443 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7446 ec2-174-129-39-108.compute-1.amazonaws.com:http
TIME_WAIT
TCP WINXP:7449 ec2-174-129-39-108.compute-1.amazonaws.com:http
ESTABLISHED
TCP WINXP:7452 ec2-174-129-39-108.compute-1.amazonaws.com:http
FIN_WAIT_2
TCP WINXP:7455 ec2-174-129-39-108.compute-1.amazonaws.com:http
FIN_WAIT_2
TCP WINXP:7458 ec2-174-129-39-108.compute-1.amazonaws.com:http
FIN_WAIT_2
TCP WINXP:7461 ec2-174-129-39-108.compute-1.amazonaws.com:http
FIN_WAIT_2
TCP WINXP:7464 ec2-174-129-39-108.compute-1.amazonaws.com:http
FIN_WAIT_2
TCP WINXP:7467 ec2-174-129-39-108.compute-1.amazonaws.com:http
FIN_WAIT_2
TCP WINXP:7470 ec2-174-129-39-108.compute-1.amazonaws.com:http
ESTABLISHED
i noticed that each time the port number is been incremented by 3 :S
+ my AV blocked a connection to this IP 143.215.143.11 (it appears a the top of the result)
any idea on what is that or how locate the application behind all this
There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly. "The Jester"
Top
User avatar
Alien1
forum buddy
forum buddy
Posts: 21
Joined: 10 Sep 2009, 16:00
14

Post by Alien1 »

check with your ISP if their DNS servers are susceptible to cache poisoning, get in touch with them and show them this proof.
Top
User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:
Contact DNR

Post by DNR »

Do this test:

Start internet connection.
run netstat with browser closed.
view results.
run netstat with browser opened.
view results.

If you have no ports opened and running with the browser closed, then its not likely related to your ISP. Once you open your browser, all those open ports should pop up.

I am wondering if your ISP is speeding up your 'downloads' by chaining multiple connections to a website - to retrieve and assemble the webpage faster. I get the same multiple open ports from Verizon's ISP - all to the same site I am visiting at the moment. You can watch the chain start large and get smaller as the page is completed. This is propriety to Verizon and other ISPs. Typical HTTP is supposed to be one connection!

It might also be a BHO - browser helper object, connecting with a third party site, again, tracing the IPs you find in your netstat results will tell you what its for.

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Top
User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:
Contact bad_brain

Post by bad_brain »

yep, I agree with DNR, it's most likely a BHO, check your installed browser plugins (especially search plugins) in context with amazon.
the IP itself is not a malicious one, there are fake rogue amazonaws systems around, but this one is a valid one (just checked the bot forum I am a member of)..... :wink:

if you are hardcore and don't care about amazon at all anyway you could also ban 174.129.0.0/16 completely... :lol:
Image
Top
Post Reply

Return to “General Computing”