[Dshield] Transient Netstat Output

allan.vanleeuwen@orangemail.nl allan.vanleeuwen at orangemail.nl
Wed Apr 21 11:10:31 GMT 2004


Could be an attacker trying to find a backdoor he placed x amount of time
ago.

-----Original Message-----
From: Jeffrey Pike [mailto:jpike at gpl.org] 
Sent: woensdag 21 april 2004 0:13
To: DShield
Subject: [Dshield] Transient Netstat Output


I'm seeing entries like this from "netstat -an" on a Windows NT 4.0 Server
machine with IIS 4.0. They come and go. I checked the first foreign IP at
RIPE. It belongs to a service provider in the Netherlands. My system runs at
a public library in Massachusetts.

I ran the 1628x port series through Google and Symantec Security Response
and didn't find anything. Neither my NT event viewer or W3SVC logs show
anything unusual. I'm patched, running URLScan, and up to date on virus
defs.

What do these mean?

Thank-you.
Jeffrey Pike
--------------------------------------------------
TCP    192.168.x.x:80         213.84.8.90:16284      TIME_WAIT
TCP    192.168.x.x:80         213.84.8.90:16285      ESTABLISHED
TCP    192.168.x.x:80         213.84.8.90:16286      ESTABLISHED

TCP    192.168.x.x:80         68.184.43.214:25256    TIME_WAIT

TCP    192.168.x.x:4112       209.225.11.243:80      TIME_WAIT

TCP    192.168.x.x:80         68.184.43.159:3442     ESTABLISHED
TCP    192.168.x.x:80         68.184.43.159:3444     TIME_WAIT
TCP    192.168.x.x:80         68.184.43.159:3445     TIME_WAIT

_______________________________________________
list mailing list
list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
===========================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen
bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt,
wordt u verzocht de inhoud niet te gebruiken en de afzender direct te
informeren door het bericht te retourneren. Hoewel Orange maatregelen heeft
genomen om virussen in deze email of attachments te voorkomen, dient u ook
zelf na te gaan of virussen aanwezig zijn aangezien Orange niet
aansprakelijk is voor computervirussen die veroorzaakt zijn door deze
email..

The information contained in this message may be confidential and is
intended to be only for the addressee. Should you receive this message
unintentionally, please do not use the contents herein and notify the sender
immediately by return e-mail. Although Orange has taken steps to ensure that
this email and attachments are free from any virus, you do need to verify
the possibility of their existence as Orange can take no responsibility for
any computer virus which might be transferred by way of this email.
===========================================================





More information about the list mailing list