Networking Forums  

Go Back   Networking Forums > Networking Newsgroups > Linux Networking
Reload this Page netstat question

netstat question

Reply
 
Thread Tools Display Modes
  #1  
Old 05-22-2006, 07:35 PM
Default netstat question


Hello,
Upon issuing the netstat -t command, I find some lines with the
Foreign Address listing an unknown IP with the State ESTABLISHED (tcp).
After googling and reading the man page for netstat, I'm still unsure
as to what precisely this means other than there is an established
connection. I suppose what I need is to know are these connections a
security risk? And if so, how do I stop them?

Thanks,
Christine



ChristineLWilson@gmail.com
Reply With Quote
  #2  
Old 05-22-2006, 07:38 PM
Sebastian Gottschalk
Guest
  
Posts: n/a
Default Re: netstat question
(E-Mail Removed) wrote:
> Hello,
> Upon issuing the netstat -t command, I find some lines with the
> Foreign Address listing an unknown IP with the State ESTABLISHED (tcp).
> After googling and reading the man page for netstat, I'm still unsure
> as to what precisely this means other than there is an established
> connection. I suppose what I need is to know are these connections a
> security risk? And if so, how do I stop them?

What about using "netstat -tulpen" (Unix) or "netstat -anbo" (Windows)?
This will clearly show you what process owns these connections.
Reply With Quote
  #3  
Old 05-25-2006, 11:22 AM
Juha Laiho
Guest
  
Posts: n/a
Default Re: netstat question
(E-Mail Removed) said:
> Upon issuing the netstat -t command, I find some lines with the
>Foreign Address listing an unknown IP with the State ESTABLISHED (tcp).
> After googling and reading the man page for netstat, I'm still unsure
>as to what precisely this means other than there is an established
>connection. I suppose what I need is to know are these connections a
>security risk? And if so, how do I stop them?

More often than not, these have been network services (web sites etc) that
have been used by the local user. Including at least port numbers (and
indicating which port number is on local address and which is on remote
address) would do a lot in determining what is going on.

It could also be that the machine has been cracked, and is used for
malicious purposes. But as said, with just the information that there
are connections, it is impossible to make any educated guesses.

If the machine has been cracked, it'll be _very hard_ to be able to
establish trust on the system without doing a complete re-install.
On a cracked system, any part of the system may be set up as an additional
back door (or intelligence gathering service - such as keyboard snooper).
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)
Reply With Quote
Reply

Tags
netstat, question

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 05:29 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.