Pages: 1

 

2007-03-23 00:19:59
unnamednewbie13
Moderator
+2,079|7241|PNW

Something I've never quite seen before on the netstat -n command in WinXP:

Three or four command page-fulls of TCP 10.0.0.(x).(abcd) 216.32.70.18:8080 TIME_WAIT's. There are other IP's interspersed in between these, but they comprise the majority. So far, netstat only brings them up when I fire up the newest Firefox. Ran the updated versions of SmitfraudFix, AVG, Spybot and Ad-Aware, cleansed everything unessential from processes...no go. I've never seen Firefox cause this problem before...

Anybody experience anything similar? Been awhile since I encountered anything similar, so refresh me...I've never seen so many TIME_WAIT's up on this system.

Last edited by unnamednewbie13 (2007-03-23 00:25:22)

2007-03-23 00:33:14
blademaster
I'm moving to Brazil
+2,075|7114
they are basically spying over ur network I wouldn't be too concerned

if you are concerned and worried use SAM Spade utility that should tell u who it is just enter their IP address

Last edited by blademaster (2007-03-23 00:33:23)

2007-03-23 00:35:39
blademaster
I'm moving to Brazil
+2,075|7114
here is ur info on that IP address

Savvis SAVVIS (NET-216-32-0-0-1)
                                  216.32.0.0 - 216.35.255.255
Layered Technologies, Inc. NET-216-32-64-0 (NET-216-32-64-0-1)
                                  216.32.64.0 - 216.32.95.255

OrgName:    Savvis
OrgID:      SAVVI-2
Address:    3300 Regency Parkway
City:       Cary
StateProv:  NC
PostalCode: 27511
Country:    US
2007-03-24 00:06:55
unnamednewbie13
Moderator
+2,079|7241|PNW

../system32/koot.exe deleted, problem solved. Can't believe none of my spyware/av software found it.
2007-04-11 22:18:05
[FHF]MattyZ
What the Deuce?
+29|7131|Washington
Ok, i am running into the same thing, about 3 or 4 pages of crap when I run netstat.  I ran my AVG, CCleaner, turned on my XP firewall, am sitting behind a Linksys router.  Any help?
2007-04-11 22:21:07
montypythizzle
Member
+21|7072
win!
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Owner>netstat -n

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    127.0.0.1:2135         127.0.0.1:2136         ESTABLISHED
  TCP    127.0.0.1:2136         127.0.0.1:2135         ESTABLISHED
  TCP    127.0.0.1:3824         127.0.0.1:3825         ESTABLISHED
  TCP    127.0.0.1:3825         127.0.0.1:3824         ESTABLISHED
  TCP    127.0.0.1:3826         127.0.0.1:3827         ESTABLISHED
  TCP    127.0.0.1:3827         127.0.0.1:3826         ESTABLISHED
  TCP    192.168.0.101:1068     204.71.190.24:25999    ESTABLISHED
  TCP    192.168.0.101:2145     204.11.219.231:6346    ESTABLISHED
  TCP    192.168.0.101:2147     74.140.56.56:47416     ESTABLISHED
  TCP    192.168.0.101:2869     192.168.0.1:1094       CLOSE_WAIT
  TCP    192.168.0.101:2873     74.135.182.195:9723    ESTABLISHED
  TCP    192.168.0.101:2874     74.133.29.236:48373    ESTABLISHED
  TCP    192.168.0.101:2876     74.128.185.14:33570    ESTABLISHED
  TCP    192.168.0.101:3646     208.100.4.43:3815      ESTABLISHED
  TCP    192.168.0.101:3948     75.83.226.83:6348      CLOSE_WAIT
  TCP    192.168.0.101:4092     72.14.223.99:80        ESTABLISHED
  TCP    192.168.0.101:4093     72.14.223.99:80        ESTABLISHED
  TCP    192.168.0.101:4105     72.14.207.104:80       ESTABLISHED
  TCP    192.168.0.101:4118     64.233.167.99:80       ESTABLISHED
  TCP    192.168.0.101:4140     64.233.167.104:80      ESTABLISHED

C:\Documents and Settings\Owner>


no av firewall and w.e else on a windows install months old
notice last octet of my IP set it on static so it is AK-101
2007-04-11 22:22:59
[FHF]MattyZ
What the Deuce?
+29|7131|Washington
Here is an example:
Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    MATT:1045              74-140-130-222.dhcp.insightbb.com:2489  ESTABLIS
HED
  TCP    MATT:1697              Mail.mindbank.com:smtp  TIME_WAIT
  TCP    MATT:1713              mail-gw.popmanager.com:smtp  ESTABLISHED
  TCP    MATT:1867              b.mx.voyager.net:smtp  TIME_WAIT
  TCP    MATT:1869              58x157x247x189.ap58.ftth.ucom.ne.jp:smtp  TIME_W
AIT
  TCP    MATT:1876              mx1.spunky.mail.dreamhost.com:smtp  TIME_WAIT
  TCP    MATT:1877              data.ebay.com:smtp     LAST_ACK
  TCP    MATT:1883              mail.global.frontbridge.com:smtp  TIME_WAIT
  TCP    MATT:1884              mta-v8.mail.vip.mud.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:1886              mta-v1.mail.vip.in.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:1888              MAIL5.statefarm.com:smtp  TIME_WAIT
  TCP    MATT:1889              e3.ny.us.ibm.com:smtp  TIME_WAIT
  TCP    MATT:1892              207-91-139-213.nstci.net:smtp  TIME_WAIT
  TCP    MATT:1894              mta-v8.mail.vip.mud.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:1896              mta-v8.mail.vip.mud.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:1897              smtp1.msp.securence.com:smtp  TIME_WAIT
  TCP    MATT:1903              mfs.blackhills.com:smtp  TIME_WAIT
  TCP    MATT:1904              spf12.us4.outblaze.com:smtp  TIME_WAIT
  TCP    MATT:1910              mta-v14.mail.vip.re4.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:1913              mx1.optonline.net:smtp  TIME_WAIT
  TCP    MATT:1914              mta-v8.mail.vip.mud.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:1915              mta-v8.mail.vip.mud.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:1918              *.s8a1.psmtp.com:smtp  TIME_WAIT
  TCP    MATT:1919              mta13.grp.scd.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:1927              mail-kr.bigfoot.com:smtp  TIME_WAIT
  TCP    MATT:1928              tsugaike.janis.or.jp:smtp  TIME_WAIT
  TCP    MATT:1930              sitemail.everyone.net:smtp  TIME_WAIT
  TCP    MATT:1941              mgateway.renown.org:smtp  TIME_WAIT
  TCP    MATT:1942              gateway-a.comcast.net:smtp  TIME_WAIT
  TCP    MATT:1949              coexch1.itg-global.com:smtp  TIME_WAIT
  TCP    MATT:1952              mx2.mediageneral.net:smtp  ESTABLISHED
  TCP    MATT:1956              *.s8a1.psmtp.com:smtp  TIME_WAIT
  TCP    MATT:1959              smtp.mail.drexel.edu:smtp  TIME_WAIT
  TCP    MATT:1960              mta13.grp.scd.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:1961              216.163.188.53:smtp    TIME_WAIT
  TCP    MATT:1964              psychotropics.org:smtp  TIME_WAIT
  TCP    MATT:1968              mta-v1.mail.vip.re3.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:1969              relay4i.sun.com:smtp   ESTABLISHED
  TCP    MATT:1971              mta13.grp.scd.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:1976              leo.lunarpages.com:smtp  TIME_WAIT
  TCP    MATT:1977              fltr-in4.mail.dreamhost.com:smtp  TIME_WAIT
  TCP    MATT:1978              mail.donet.com:smtp    TIME_WAIT
  TCP    MATT:1981              smtpin.ptd.net:smtp    TIME_WAIT
  TCP    MATT:1984              mta-v8.mail.vip.mud.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:1985              ptang.com:smtp         TIME_WAIT
  TCP    MATT:1987              relay4i.sun.com:smtp   ESTABLISHED
  TCP    MATT:1990              mailserver.bmtc.com:smtp  TIME_WAIT
  TCP    MATT:1991              207.159.120.164:smtp   TIME_WAIT
  TCP    MATT:1996              nb-mx-vip3.prodigy.net:smtp  TIME_WAIT
  TCP    MATT:1997              mx-nrs1.mail-abuse.org:smtp  TIME_WAIT
  TCP    MATT:2001              nameservices.net:smtp  TIME_WAIT
  TCP    MATT:2006              www.paypal.com:https   TIME_WAIT
  TCP    MATT:2010              interceptor.coopertsmith.com:smtp  TIME_WAIT
  TCP    MATT:2011              chumashlodge90.org:smtp  TIME_WAIT
  TCP    MATT:2012              mail2.checkbridge.com:smtp  TIME_WAIT
  TCP    MATT:2013              mta-v8.mail.vip.mud.yahoo.com:smtp  TIME_WAIT
  TCP    MATT:2014              imsmx01.netvigator.com:smtp  ESTABLISHED
  TCP    MATT:2017              *.s6a1.psmtp.com:smtp  TIME_WAIT
  TCP    MATT:2021              *.s6a1.psmtp.com:smtp  TIME_WAIT
  TCP    MATT:2023              mail.hotmail.com:smtp  SYN_SENT
  TCP    MATT:2024              po-in-f147.google.com:http  ESTABLISHED
  TCP    MATT:2030              mail.global.frontbridge.com:smtp  TIME_WAIT
  TCP    MATT:2031              esmta-2.messageone.com:smtp  TIME_WAIT
  TCP    MATT:2033              mta-v8.mail.vip.mud.yahoo.com:smtp  SYN_SENT
  TCP    MATT:2036              *.s6a1.psmtp.com:smtp  TIME_WAIT
  TCP    MATT:2040              smtp2.uta.edu:smtp     TIME_WAIT
  TCP    MATT:2041              m1.dnsix.com:smtp      TIME_WAIT
  TCP    MATT:2044              mx3.spunky.mail.dreamhost.com:smtp  TIME_WAIT
  TCP    MATT:2046              mail.global.frontbridge.com:smtp  TIME_WAIT
  TCP    MATT:2047              mta13.grp.scd.yahoo.com:smtp  ESTABLISHED
  TCP    MATT:2048              mail.global.frontbridge.com:smtp  ESTABLISHED
  TCP    MATT:2049              fca-linksys.newnanutilities.org:smtp  ESTABLISHE
D

C:\Documents and Settings\Matt Zrelak>
2007-04-11 22:24:33
[FHF]MattyZ
What the Deuce?
+29|7131|Washington
C:\Documents and Settings\Matt Zrelak>netstat -n

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    192.168.1.102:1045     74.140.130.222:2489    ESTABLISHED
  TCP    192.168.1.102:1713     63.144.235.25:25       ESTABLISHED
  TCP    192.168.1.102:1952     199.193.13.42:25       FIN_WAIT_1
  TCP    192.168.1.102:1969     192.5.209.6:25         ESTABLISHED
  TCP    192.168.1.102:1987     192.5.209.6:25         ESTABLISHED
  TCP    192.168.1.102:2059     66.135.195.180:25      LAST_ACK
  TCP    192.168.1.102:2067     66.135.195.180:25      LAST_ACK
  TCP    192.168.1.102:2077     66.43.111.146:25       FIN_WAIT_1
  TCP    192.168.1.102:2090     64.30.204.246:25       TIME_WAIT
  TCP    192.168.1.102:2118     72.232.38.26:25        TIME_WAIT
  TCP    192.168.1.102:2119     208.21.175.136:25      TIME_WAIT
  TCP    192.168.1.102:2121     209.191.118.103:25     TIME_WAIT
  TCP    192.168.1.102:2122     198.109.24.214:25      TIME_WAIT
  TCP    192.168.1.102:2124     63.238.52.24:25        TIME_WAIT
  TCP    192.168.1.102:2131     69.6.255.189:25        TIME_WAIT
  TCP    192.168.1.102:2134     207.126.147.10:25      TIME_WAIT
  TCP    192.168.1.102:2135     63.161.12.133:25       TIME_WAIT
  TCP    192.168.1.102:2136     74.8.196.100:25        TIME_WAIT
  TCP    192.168.1.102:2138     209.191.118.103:25     TIME_WAIT
  TCP    192.168.1.102:2141     132.170.214.15:25      TIME_WAIT
  TCP    192.168.1.102:2150     66.11.48.69:80         TIME_WAIT
  TCP    192.168.1.102:2151     66.11.48.69:80         TIME_WAIT
  TCP    192.168.1.102:2152     72.14.253.147:80       ESTABLISHED
  TCP    192.168.1.102:2153     66.11.53.136:80        TIME_WAIT
  TCP    192.168.1.102:2154     66.11.49.197:80        TIME_WAIT
  TCP    192.168.1.102:2166     207.159.120.164:25     TIME_WAIT
  TCP    192.168.1.102:2168     209.191.118.103:25     TIME_WAIT
  TCP    192.168.1.102:2171     207.178.96.26:25       TIME_WAIT
  TCP    192.168.1.102:2172     168.61.15.20:25        TIME_WAIT
  TCP    192.168.1.102:2184     151.124.247.3:25       ESTABLISHED
  TCP    192.168.1.102:2189     64.18.5.10:25          TIME_WAIT
  TCP    192.168.1.102:2191     209.191.118.103:25     TIME_WAIT
  TCP    192.168.1.102:2192     216.163.188.58:25      TIME_WAIT
  TCP    192.168.1.102:2193     64.78.21.161:25        TIME_WAIT
  TCP    192.168.1.102:2199     209.191.118.103:25     TIME_WAIT
  TCP    192.168.1.102:2206     129.62.8.17:25         TIME_WAIT
  TCP    192.168.1.102:2209     64.18.5.10:25          TIME_WAIT
  TCP    192.168.1.102:2212     198.31.50.76:25        TIME_WAIT
  TCP    192.168.1.102:2213     134.197.1.108:25       TIME_WAIT
  TCP    192.168.1.102:2218     66.11.48.69:80         TIME_WAIT
  TCP    192.168.1.102:2219     66.11.48.69:80         TIME_WAIT
  TCP    192.168.1.102:2220     66.11.53.136:80        TIME_WAIT
  TCP    192.168.1.102:2221     66.11.49.197:80        TIME_WAIT
  TCP    192.168.1.102:2225     38.99.76.102:80        TIME_WAIT
  TCP    192.168.1.102:2233     139.15.237.6:25        TIME_WAIT
  TCP    192.168.1.102:2234     66.218.67.35:25        TIME_WAIT
  TCP    192.168.1.102:2243     209.191.118.103:25     TIME_WAIT
  TCP    192.168.1.102:2244     129.21.3.40:25         TIME_WAIT
  TCP    192.168.1.102:2248     69.209.82.243:25       TIME_WAIT
  TCP    192.168.1.102:2253     207.46.51.86:25        TIME_WAIT
  TCP    192.168.1.102:2262     65.55.251.22:25        TIME_WAIT
  TCP    192.168.1.102:2263     206.46.232.11:25       SYN_SENT
  TCP    192.168.1.102:2264     205.152.58.32:25       SYN_SENT
  TCP    192.168.1.102:2269     205.152.58.32:25       SYN_SENT
  TCP    192.168.1.102:2270     128.242.109.119:25     SYN_SENT
  TCP    192.168.1.102:2271     205.152.58.32:25       SYN_SENT
  TCP    192.168.1.102:2272     65.54.244.168:25       SYN_SENT

 

Pages: 1

Board footer

Privacy Policy - © 2025 Jeff Minard