On Sat, 2010-05-01 at 08:30 -0700, MJang wrote: > Folks, > > Been experimenting a bit with nc. As such, I've been seeing how it > connects from system to system. To that end, I started an Apache server > on my laptop (on Hardy Heron). After a bit, I ran the following command > to see if the nc from another system would show up. > > netstat -atun > > Well, it didn't, but I soon got a bunch of entries similar to > > tcp 0 0 10.168.0.111:44535 xxx.yyy.zzz.aaa:80 ESTABLISHED > > Where xxx.yyy.zzz.aaa are public addresses from places like FL and MA. > It's not like I have anything but the standard "It works" page on that > Apache server. > > And I have a pretty standard (though old) firewall on the router, with > port forwarding set up (for the most part) to some non-existent systems > on my local private IP net. My laptop is not one of them. > > So there's a weakness somewhere. I don't have MS running anywhere (at > the moment) Any suggestions on where I should look?
Just to follow-up, I tried some of the IP addresses from the remote sites in my browser, and most of them go to fake Google home pages. I'm guessing they're looking for other places for their phishes. The fake Googles are pretty slick, even error pages from their IP addresses are carefully done. Thanks, Mike _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
