On Sat, May 1, 2010 at 10:54 AM, MJang <[email protected]> wrote: > On Sat, 2010-05-01 at 08:49 -0700, MJang wrote: > > On Sat, 2010-05-01 at 08:30 -0700, MJang wrote: > > > Folks, > > > > > > Been experimenting a bit with nc. As such, I've been seeing how it > > > connects from system to system. To that end, I started an Apache server > > > on my laptop (on Hardy Heron). After a bit, I ran the following command > > > to see if the nc from another system would show up. > > > > > > netstat -atun > > > > > > Well, it didn't, but I soon got a bunch of entries similar to > > > > > > tcp 0 0 10.168.0.111:44535 xxx.yyy.zzz.aaa:80 ESTABLISHED > > > > > > Where xxx.yyy.zzz.aaa are public addresses from places like FL and MA. > > > It's not like I have anything but the standard "It works" page on that > > > Apache server. > > > > > > And I have a pretty standard (though old) firewall on the router, with > > > port forwarding set up (for the most part) to some non-existent systems > > > on my local private IP net. My laptop is not one of them. > > > > > > So there's a weakness somewhere. I don't have MS running anywhere (at > > > the moment) Any suggestions on where I should look? > > > > Just to follow-up, I tried some of the IP addresses from the remote > > sites in my browser, and most of them go to fake Google home pages. I'm > > guessing they're looking for other places for their phishes. The fake > > Googles are pretty slick, even error pages from their IP addresses are > > carefully done. > > > > Thanks, > > Mike > > Um... I think that probably is Google. > > *** > > Hmmm... learned something new. I went a step further (inspired by your > lsof idea) and tried the following command to identify the process > > netstat -atump > > And they all link back to Firefox. So you're correct. Thank you! > > But that leaves one remaining question - > > Why do these processes appear in the netstat output --only-- when Apache > is running? > > Thanks, > Mike > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug >
I would have to guess that is a coincidence. If you stop apache and browse to google, the connections should show up in netstat. If they didn't, I would be _very_ surprised. -wes _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
