+ Reply to Thread
Page 1 of 4 1 2 3 ... LastLast
Results 1 to 10 of 33
  1. January 30th, 2004 03:26 AM #1
    MemorY
    MemorY is offline
    Banned MemorY MemorY MemorY MemorY MemorY MemorY MemorY MemorY MemorY MemorY MemorY
    Join Date
    Apr 2003
    Posts
    3,840

    Something odd is happening.

    Ok this is creepy. look at this

    netstat -an

    Active Connections

    Proto Local Address Foreign Address State
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1041 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1084 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1500 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1501 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1101 127.0.0.1:1458 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1460 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1462 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1464 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1474 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1476 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1480 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1490 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1492 TIME_WAIT
    TCP 127.0.0.1:1101 127.0.0.1:1494 TIME_WAIT
    TCP 127.0.0.1:1470 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:1478 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:1482 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:1484 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:1486 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:1488 127.0.0.1:1101 TIME_WAIT
    TCP 127.0.0.1:11523 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:11523 127.0.0.1:1453 TIME_WAIT
    TCP 127.0.0.1:11523 127.0.0.1:1459 TIME_WAIT
    TCP 127.0.0.1:11523 127.0.0.1:1465 TIME_WAIT
    TCP 127.0.0.1:11523 127.0.0.1:1495 TIME_WAIT
    TCP 172.173.122.153:1035 0.0.0.0:0 LISTENING
    TCP 172.173.122.153:1035 205.188.67.139:13784 ESTABLISHED
    TCP 172.173.122.153:1041 64.12.24.228:5190 ESTABLISHED
    TCP 172.173.122.153:1500 63.146.109.210:80 SYN_SENT
    TCP 172.173.122.153:1501 63.146.109.210:80 SYN_SENT
    UDP 0.0.0.0:445 *:*
    UDP 0.0.0.0:500 *:*
    UDP 0.0.0.0:1043 *:*
    UDP 0.0.0.0:1157 *:*
    UDP 127.0.0.1:123 *:*
    UDP 127.0.0.1:1406 *:*
    UDP 127.0.0.1:1438 *:*
    UDP 172.173.122.153:123 *:*
    the 0.0.0.0.0 are IE connections. I run antyports and it showed me that IE,AOL,lsaas, system and svchost is going through those. And: Pictures, banners, or simple small gif's wont display on websites, AIM won't connect,(Aim service can't be reached), and i can't download anything with DAP 7.0, it won't connect to the ftp server to download ad-aware. Im gonna go thourgh my CD's and see where i can find ad-aware, install it, run it and see what i get, i also am gonna do a virus scan. I currently don't have a firewall installed, so i can't tell you guys if anything specific has been connecting to my computer.I'll give an update when i run all the scans. I also looked at all my folders, registry, start-up, and task manager, nothin unusual is running, nothin unusual has been installed.
    Reply With Quote Reply With Quote
  2. January 30th, 2004 03:44 AM #2
    D0pp139an93r
    D0pp139an93r is offline
    @ŽΜĮЙǐЅŦГǻţΩЯ D0pp139an93r has a reputation beyond repute D0pp139an93r has a reputation beyond repute D0pp139an93r has a reputation beyond repute D0pp139an93r has a reputation beyond repute D0pp139an93r has a reputation beyond repute D0pp139an93r has a reputation beyond repute D0pp139an93r has a reputation beyond repute D0pp139an93r has a reputation beyond repute D0pp139an93r has a reputation beyond repute D0pp139an93r has a reputation beyond repute D0pp139an93r has a reputation beyond repute D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,689
    Hot damn that's a weird netstat. I would run one of those programs that shows connections and the program that opened it. You running any p2p stuff?
    Real security doesn't come with an installer.
    Reply With Quote Reply With Quote
  3. January 30th, 2004 04:10 AM #3
    Tedob1
    Tedob1 is offline
    Senior Member Tedob1 Tedob1 Tedob1 Tedob1 Tedob1 Tedob1 Tedob1 Tedob1 Tedob1 Tedob1 Tedob1
    Join Date
    Nov 2001
    Posts
    4,786
    check your hosts file
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
    Reply With Quote Reply With Quote
  4. January 30th, 2004 04:11 AM #4
    Axeman
    Axeman is offline
    Member Axeman is a jewel in the rough Axeman is a jewel in the rough Axeman is a jewel in the rough
    Join Date
    Jan 2004
    Posts
    40
    That looks almost like mine? And mine I just rebuilt.
    I have 315 relays and 118 switches and have all the power of a calculator.
    Reply With Quote Reply With Quote
  5. January 30th, 2004 04:12 AM #5
    576869746568617
    576869746568617 is offline
    Yes, that's my CC number! 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Wait a minute...1st entry...you said that all the 0.0.0.0 are IE connections, right?

    Why the hell is IE listening on port 135 and 445?

    just curious
    Reply With Quote Reply With Quote
  6. January 30th, 2004 04:21 AM #6
    cheyenne1212
    cheyenne1212 is offline
    Senior Member cheyenne1212 has a reputation beyond repute cheyenne1212 has a reputation beyond repute cheyenne1212 has a reputation beyond repute cheyenne1212 has a reputation beyond repute cheyenne1212 has a reputation beyond repute cheyenne1212 has a reputation beyond repute cheyenne1212 has a reputation beyond repute cheyenne1212 has a reputation beyond repute cheyenne1212 has a reputation beyond repute cheyenne1212 has a reputation beyond repute cheyenne1212 has a reputation beyond repute
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Mines kinda like that as well.


    _
    Active Connections

    Proto Local Address Foreign Address State
    TCP 0.0.0.0:113 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3024 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3120 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3122 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:4134 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:4135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:4245 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1027 127.0.0.1:4134 ESTABLISHED
    TCP 127.0.0.1:3001 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:3002 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:3003 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:3012 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:3120 127.0.0.1:1027 CLOSE_WAIT
    TCP 127.0.0.1:3122 127.0.0.1:1027 CLOSE_WAIT
    TCP 127.0.0.1:4134 127.0.0.1:1027 ESTABLISHED
    TCP 192.168.0.1:139 0.0.0.0:0 LISTENING
    TCP 192.168.0.1:1781 192.168.0.1:2869 TIME_WAIT
    TCP 192.168.0.1:2869 192.168.0.1:30947 ESTABLISHED
    TCP 192.168.0.1:24145 192.168.0.1:2869 TIME_WAIT
    TCP 192.168.0.1:30947 0.0.0.0:0 LISTENING
    TCP 192.168.0.1:30947 192.168.0.1:2869 ESTABLISHED
    TCP 208.180.47.89:4135 207.46.106.133:1863 ESTABLISHED
    TCP 208.180.47.89:4245 212.147.10.42:6667 ESTABLISHED
    UDP 0.0.0.0:445 *:*
    UDP 0.0.0.0:500 *:*
    UDP 0.0.0.0:1026 *:*
    UDP 0.0.0.0:1028 *:*
    UDP 0.0.0.0:3004 *:*
    UDP 0.0.0.0:3010 *:*
    UDP 0.0.0.0:3019 *:*
    UDP 0.0.0.0:4141 *:*
    UDP 0.0.0.0:4246 *:*
    UDP 0.0.0.0:4247 *:*
    UDP 0.0.0.0:6327 *:*
    UDP 0.0.0.0:6459 *:*
    UDP 127.0.0.1:123 *:*
    UDP 127.0.0.1:1900 *:*
    UDP 127.0.0.1:2234 *:*
    UDP 127.0.0.1:3005 *:*
    UDP 127.0.0.1:3013 *:*
    UDP 127.0.0.1:4913 *:*
    UDP 192.168.0.1:53 *:*
    UDP 192.168.0.1:67 *:*
    UDP 192.168.0.1:68 *:*
    UDP 192.168.0.1:123 *:*
    UDP 192.168.0.1:137 *:*
    UDP 192.168.0.1:138 *:*
    UDP 192.168.0.1:1900 *:*
    UDP 192.168.0.1:2234 *:*
    UDP 192.168.0.1:24131 *:*
    UDP 208.180.47.89:9 *:*
    UDP 208.180.47.89:123 *:*
    UDP 208.180.47.89:1900 *:*
    UDP 208.180.47.89:2234 *:*
    UDP 208.180.47.89:37890 *:*

    C:\Documents and Settings\Matt>
    =
    Reply With Quote Reply With Quote
  7. January 30th, 2004 04:25 AM #7
    dublix
    dublix is offline
    Senior Member dublix is a glorious beacon of light dublix is a glorious beacon of light dublix is a glorious beacon of light dublix is a glorious beacon of light dublix is a glorious beacon of light dublix is a glorious beacon of light
    Join Date
    Dec 2002
    Posts
    275
    Here's mine:

    C:\Documents and Settings\(>netstat -an

    Active Connections

    Proto Local Address Foreign Address State
    UDP 0.0.0.0:1025 *:*
    I think some of you need to take a trip over to services.msc and 'cut the fat'.

    .dublix
    Reply With Quote Reply With Quote
  8. January 30th, 2004 04:34 AM #8
    576869746568617
    576869746568617 is offline
    Yes, that's my CC number! 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617 has much to be proud of 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Damn, cheyenne1212..135, 137,138, 139 and 445 open.....you do have a hardware firewall...right?

    If not, give me your public IP I'll just use Matt's username.

    Just Kidding
    Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.

    Reply With Quote Reply With Quote
  9. January 30th, 2004 04:42 AM #9
    MemorY
    MemorY is offline
    Banned MemorY MemorY MemorY MemorY MemorY MemorY MemorY MemorY MemorY MemorY MemorY
    Join Date
    Apr 2003
    Posts
    3,840
    Wait a minute...1st entry...you said that all the 0.0.0.0 are IE connections, right?
    Some of them, i posted that some of them are from IE,AOL,lsaas, system and svchost.

    It's all good now, though. I ran ad-aware, found 4 registry entries and 2 files. I deleted them and restarted. everything works fine now.
    Reply With Quote Reply With Quote
  10. January 30th, 2004 04:47 AM #10
    MemorY
    MemorY is offline
    Banned MemorY MemorY MemorY MemorY MemorY MemorY MemorY MemorY MemorY MemorY MemorY
    Join Date
    Apr 2003
    Posts
    3,840
    sorry for the dobule post but i had to attach a file. I ran antiy ports(program) again and now this is really weird. I'm only on one AIM screen name(no double AIM's running) and i only have on IE open but look at all those connections.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides