Feeling Paranoid?
Posted by
Unknown
Out of curiousity, I looked up the commands for netstat. Seems you can do a "netstat -n" from your dos prompt and it will show all your current IP's and ports in use. Think of the IP's as houses (pc's) and the ports as doors (ways in and out).
Anyway, I did this on my home pc. It came up to about 11 in use showing connected. Hmm, so what are all these foriegn IP's? Most were simply our cable provider. However, one came up as a RIPE. You see, I did a whois inquiry on some IP's. I didn't recognize that one. So I went onto their little link to do the IP inquiry again. The results are below.
Query the RIPE Database
Search for
Switch to the RIPE TEST Database
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '213.93.171.0 - 213.93.171.255'
inetnum: 213.93.171.0 - 213.93.171.255
netname: ROTTERDAM-CUSTOMER-CABLE
descr: Chello Rotterdam
descr: Cablemodems DHCP
country: NL
admin-c: HMCB1-RIPE
tech-c: HMCB1-RIPE
status: ASSIGNED PA
remarks: Contact abuse@chello.nl concerning criminal
remarks: activities like spam, hacks, portscans
mnt-by: CHELLO-MNT
source: RIPE # Filtered
role: Hostmaster Chello Broadband
address: UPC Broadband
address: Internet Services
address: Erlachgasse 116
address: A-1100 Vienna
address: Austria
The connection was on a very high port. Check out the address location (I bolded it)...Austria. No clue as to the who and the why. I did a simple Telnet onto the foriegn IP and that high port number. It connected right up. I don't know any Telnet commands. I just use it to verify ports are open for work. It wasn't connected for very long. The connection ended. I did another netstat -n command and low-behold, no more connection to that IP and high port from my home pc.
I just thought it was pretty interesting.
Subscribe to:
Post Comments (Atom)
Post a Comment