PDA

View Full Version : does this seem suspicious



tensux
08-13-2010, 10:24 AM
i have nothing open:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\home>cd\

C:\>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:21 newlaptop:0 LISTENING
TCP 0.0.0.0:135 newlaptop:0 LISTENING
TCP 0.0.0.0:445 newlaptop:0 LISTENING
TCP 0.0.0.0:554 newlaptop:0 LISTENING
TCP 0.0.0.0:2869 newlaptop:0 LISTENING
TCP 0.0.0.0:5357 newlaptop:0 LISTENING
TCP 0.0.0.0:10243 newlaptop:0 LISTENING
TCP 0.0.0.0:49152 newlaptop:0 LISTENING
TCP 0.0.0.0:49153 newlaptop:0 LISTENING
TCP 0.0.0.0:49154 newlaptop:0 LISTENING
TCP 0.0.0.0:49156 newlaptop:0 LISTENING
TCP 0.0.0.0:49157 newlaptop:0 LISTENING
TCP 0.0.0.0:49158 newlaptop:0 LISTENING
TCP 0.0.0.0:49159 newlaptop:0 LISTENING
TCP 127.0.0.1:5354 newlaptop:0 LISTENING
TCP 127.0.0.1:6968 newlaptop:0 LISTENING
TCP 127.0.0.1:6969 newlaptop:0 LISTENING
TCP 127.0.0.1:6970 newlaptop:0 LISTENING
TCP 127.0.0.1:12311 newlaptop:0 LISTENING
TCP 127.0.0.1:12311 validation:53596 ESTABLISHED
TCP 127.0.0.1:53596 validation:12311 ESTABLISHED
TCP 127.0.0.1:64022 newlaptop:0 LISTENING
TCP 192.168.1.44:139 newlaptop:0 LISTENING
TCP 192.168.1.49:52473 iad04s01-in-f100:http ESTABLISHED
TCP 192.168.1.49:52474 72.172.69.60:http TIME_WAIT
TCP 192.168.1.49:52593 a96-17-149-33:http ESTABLISHED
TCP 192.168.1.49:52594 a96-6-46-128:http ESTABLISHED
TCP 192.168.1.49:52614 173.194.33.104:https ESTABLISHED
TCP 192.168.1.49:52659 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52660 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52661 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52662 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52663 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52664 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52666 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52683 72.172.69.60:https ESTABLISHED
TCP 192.168.1.49:52697 c-24-147-64-187:8080 TIME_WAIT
TCP 192.168.1.49:52709 c-24-147-64-187:8080 TIME_WAIT
TCP 192.168.1.49:52720 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52723 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52724 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52743 173.194.33.104:http TIME_WAIT
TCP 192.168.1.49:52745 c-24-147-64-187:8080 TIME_WAIT
TCP 192.168.1.49:52757 iad04s01-in-f100:http TIME_WAIT
TCP 192.168.1.49:52760 iad04s01-in-f102:http ESTABLISHED
TCP 192.168.1.49:52761 nuq04s01-in-f102:http ESTABLISHED
^C
C:\>
C:\>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:21 newlaptop:0 LISTENING
TCP 0.0.0.0:135 newlaptop:0 LISTENING
TCP 0.0.0.0:445 newlaptop:0 LISTENING
TCP 0.0.0.0:554 newlaptop:0 LISTENING
TCP 0.0.0.0:2869 newlaptop:0 LISTENING
TCP 0.0.0.0:5357 newlaptop:0 LISTENING
TCP 0.0.0.0:10243 newlaptop:0 LISTENING
TCP 0.0.0.0:49152 newlaptop:0 LISTENING
TCP 0.0.0.0:49153 newlaptop:0 LISTENING
TCP 0.0.0.0:49154 newlaptop:0 LISTENING
TCP 0.0.0.0:49156 newlaptop:0 LISTENING
TCP 0.0.0.0:49157 newlaptop:0 LISTENING
TCP 0.0.0.0:49158 newlaptop:0 LISTENING
TCP 0.0.0.0:49159 newlaptop:0 LISTENING
TCP 127.0.0.1:5354 newlaptop:0 LISTENING
TCP 127.0.0.1:6968 newlaptop:0 LISTENING
TCP 127.0.0.1:6969 newlaptop:0 LISTENING
TCP 127.0.0.1:6970 newlaptop:0 LISTENING
TCP 127.0.0.1:12311 newlaptop:0 LISTENING
TCP 127.0.0.1:12311 validation:53596 ESTABLISHED
TCP 127.0.0.1:53596 validation:12311 ESTABLISHED
TCP 127.0.0.1:64022 newlaptop:0 LISTENING
TCP 192.168.1.44:139 newlaptop:0 LISTENING
TCP 192.168.1.49:52473 iad04s01-in-f100:http ESTABLISHED
TCP 192.168.1.49:52593 a96-17-149-33:http TIME_WAIT
TCP 192.168.1.49:52594 a96-6-46-128:http TIME_WAIT
TCP 192.168.1.49:52614 173.194.33.104:https TIME_WAIT
TCP 192.168.1.49:52745 c-24-147-64-187:8080 TIME_WAIT
TCP 192.168.1.49:52757 iad04s01-in-f100:http TIME_WAIT
TCP 192.168.1.49:52760 iad04s01-in-f102:http TIME_WAIT
TCP 192.168.1.49:52761 nuq04s01-in-f102:http TIME_WAIT
TCP 192.168.1.49:52762 173.194.33.104:http TIME_WAIT
TCP 192.168.1.49:52765 72.172.69.60:https ESTABLISHED
TCP 192.168.1.49:52766 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52767 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52768 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52769 qy-in-f109:pop3s TIME_WAIT
TCP 192.168.1.49:52770 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52771 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52772 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52774 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52776 72.172.69.60:https ESTABLISHED
TCP 192.168.1.49:52780 bs1b1:http TIME_WAIT
TCP 192.168.1.49:52784 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52785 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52786 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52787 192.168.1.1:5555 TIME_WAIT
TCP 192.168.1.49:52788 192.168.1.1:5555 TIME_WAIT
TCP [::]:135 newlaptop:0 LISTENING
TCP [::]:445 newlaptop:0 LISTENING
TCP [::]:554 newlaptop:0 LISTENING
TCP [::]:2869 newlaptop:0 LISTENING
TCP [::]:3587 newlaptop:0 LISTENING
TCP [::]:5357 newlaptop:0 LISTENING
TCP [::]:10243 newlaptop:0 LISTENING
TCP [::]:49152 newlaptop:0 LISTENING
TCP [::]:49153 newlaptop:0 LISTENING
TCP [::]:49154 newlaptop:0 LISTENING
TCP [::]:49156 newlaptop:0 LISTENING
TCP [::]:49157 newlaptop:0 LISTENING
TCP [::]:49158 newlaptop:0 LISTENING
TCP [::]:49159 newlaptop:0 LISTENING
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3544 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5004 *:*
UDP 0.0.0.0:5005 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:49152 *:*
UDP 0.0.0.0:49154 *:*
UDP 0.0.0.0:50469 *:*
UDP 0.0.0.0:50471 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:51212 *:*
UDP 192.168.1.44:137 *:*
UDP 192.168.1.44:138 *:*
UDP 192.168.1.49:1900 *:*
UDP 192.168.1.49:5353 *:*
UDP 192.168.1.49:51211 *:*
UDP 192.168.1.49:64427 *:*
UDP [::]:500 *:*
UDP [::]:3540 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:4500 *:*
UDP [::]:5004 *:*
UDP [::]:5005 *:*
UDP [::]:5355 *:*
UDP [::]:49153 *:*
UDP [::]:49155 *:*
UDP [::]:50470 *:*
UDP [::]:50472 *:*
UDP [::1]:1900 *:*
UDP [::1]:51210 *:*
UDP [fe80::e0fe:6bd9:5c2c:de29%12]:1900 *:*
UDP [fe80::e0fe:6bd9:5c2c:de29%12]:51209 *:*

C:\>

Ninjahedge
08-13-2010, 10:31 AM
Just looking, I do not see any external IP's in there, just mappings for internal.

I do not know enough to giveyou an "all clear" but it does not look like anything you should be scared of, but maybe it is a bit much for an at-rest machine......

49 almost looks like something is expected there. Do you have any other device hooked up? (44 looks like your "newlaptop")

tensux
08-13-2010, 10:40 AM
49 is the laptop, nothing is installed, just bot sure why so many ports are open

tensux
08-13-2010, 10:44 AM
are these reaching to the outside?

TCP 192.168.1.49:52743 173.194.33.104:http TIME_WAIT

TCP 192.168.1.49:52776 72.172.69.60:https ESTABLISHED

TCP 192.168.1.49:52757 iad04s01-in-f100:http TIME_WAIT

TCP 192.168.1.49:52593 a96-17-149-33:http TIME_WAIT

Ninjahedge
08-15-2010, 02:29 PM
Not sure 10.... You may want to do a lookup on the IP's online. There are sites for that, but I would have to Google them to find out what their addy's are.......

lilith
08-16-2010, 03:55 PM
Stop Forum Spam
http://www.stopforumspam.com/

or BotScout
http://botscout.com/

might help