On Sat, 2010-05-01 at 08:49 -0700, MJang wrote: > On Sat, 2010-05-01 at 08:30 -0700, MJang wrote: > > Folks, > > > > Been experimenting a bit with nc. As such, I've been seeing how it > > connects from system to system. To that end, I started an Apache server > > on my laptop (on Hardy Heron). After a bit, I ran the following command > > to see if the nc from another system would show up. > > > > netstat -atun > > > > Well, it didn't, but I soon got a bunch of entries similar to > > > > tcp 0 0 10.168.0.111:44535 xxx.yyy.zzz.aaa:80 ESTABLISHED > > > > Where xxx.yyy.zzz.aaa are public addresses from places like FL and MA. > > It's not like I have anything but the standard "It works" page on that > > Apache server. > > > > And I have a pretty standard (though old) firewall on the router, with > > port forwarding set up (for the most part) to some non-existent systems > > on my local private IP net. My laptop is not one of them. > > > > So there's a weakness somewhere. I don't have MS running anywhere (at > > the moment) Any suggestions on where I should look? > > Just to follow-up, I tried some of the IP addresses from the remote > sites in my browser, and most of them go to fake Google home pages. I'm > guessing they're looking for other places for their phishes. The fake > Googles are pretty slick, even error pages from their IP addresses are > carefully done. > > Thanks, > Mike
Um... I think that probably is Google. *** Hmmm... learned something new. I went a step further (inspired by your lsof idea) and tried the following command to identify the process netstat -atump And they all link back to Firefox. So you're correct. Thank you! But that leaves one remaining question - Why do these processes appear in the netstat output --only-- when Apache is running? Thanks, Mike _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
