How to use /usr/sbin/iptstate command

Discussion in 'Linux Networking' started by colinmarr0, Oct 1, 2012.

  1. colinmarr0

    colinmarr0 Guest

    I have been trying to understand some port issues.

    First.
    I like the command /usr/sbin/iptstate
    But I only want to look at one address eg 10.1.0.52
    I cant seem to see how to just have this address filtered so I only see it.

    Second I have run this command found tons of the following...
    10.1.0.52,139 5.190.107.130,2504 tcp ESTABLISHED 71:57:27
    10.1.0.52,139 5.190.107.130,4608 tcp ESTABLISHED 88:08:17
    10.1.0.52,139 5.190.107.130,4160 tcp ESTABLISHED 108:34:24
    10.1.0.52,139 5.190.107.130,3125 tcp ESTABLISHED 118:15:26
    10.1.0.52,139 5.190.107.130,1175 tcp ESTABLISHED 112:22:23
    10.1.0.52,139 5.190.107.130,1748 tcp ESTABLISHED 80:02:52
    10.1.0.52,139 5.190.107.130,1516 tcp ESTABLISHED 112:34:50
    10.1.0.52,139 5.190.107.130,2015 tcp ESTABLISHED 85:27:28
    10.1.0.52,139 5.190.107.130,2273 tcp ESTABLISHED 63:14:47
    10.1.0.52,139 5.190.107.130,3237 tcp ESTABLISHED 101:14:18
    10.1.0.52,139 5.190.107.130,2411 tcp ESTABLISHED 114:38:56
    10.1.0.52,139 5.190.107.130,1058 tcp ESTABLISHED 59:13:26
    10.1.0.52,139 5.190.107.130,3676 tcp ESTABLISHED 91:09:53
    10.1.0.52,139 5.190.107.130,3925 tcp ESTABLISHED 108:25:34


    One note I saw said if you see a lot of these you might have a worm. the .52 is a windows XP computer using the linux computer as a gateway. (the one I ran the IPTables command on.) I have tried to track the ip 5.190.107.130 but it doesnt seem bad eg. no one has reported it. But it also seems to be somewhere int he middle east. (a questionable place.)
    Regards
     
    colinmarr0, Oct 1, 2012
    #1
    1. Advertisements

  2. colinmarr0

    Jorgen Grahn Guest

    man grep

    If you maintain a Linux machine, you really need to learn basic
    Unix/Linux usage. Highly recommended!
    % grep 139 /etc/services
    netbios-ssn 139/tcp

    That's SMB and other Windows services -- things you're supposed to use
    on a LAN. I assume (I don't know Windows) they are not encrypted,
    either. Having successful connections from foreign networks is
    probably a very Bad Thing.

    Tell someone in your organization who's responsible for security
    and knows his/her job. This is important.
    It's in Iran. Lots of decent people live there.

    /Jorgen
     
    Jorgen Grahn, Oct 1, 2012
    #2
    1. Advertisements

  3. colinmarr0

    Tauno Voipio Guest


    You should close the Microsoft sharing ports (including TCP and UDP 139)
    to the outside world. If this is a Windows computer, the details do
    not belong to Linux networking group.
     
    Tauno Voipio, Oct 2, 2012
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.