concerned

zukeft · May 19th, 2003

This is what the NETSTAT report for me has been looking like lately. Now the problem is that I don't know if I'm attacking or being attacked. I know I did have a backdoor virus a few hours ago, but apparently something's still weird.

Active Connections

Proto Local Address Foreign Address State
TCP nick:3380 user-11208dq.dsl.mindspring.com:netbios-ssn SYN_SENT
TCP nick:3392 user-11208e1.dsl.mindspring.com:netbios-ssn SYN_SENT
TCP nick:3422 user-11208en.dsl.mindspring.com:netbios-ssn SYN_SENT
TCP nick:3437 user-11208f0.dsl.mindspring.com:netbios-ssn SYN_SENT
TCP nick:1029 211.38.148.189:8000 ESTABLISHED
TCP nick:1050 efnet.demon.co.uk:6666 ESTABLISHED
TCP nick:1061 64.12.24.145:5190 ESTABLISHED
TCP nick:2499 baym-cs206.msgr.hotmail.com:1863 ESTABLISHED
TCP nick:2798 user-112080t.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:2815 user-112081a.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:2820 user-112081b.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:2834 user-112081k.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:2859 user-1120826.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:2886 user-112082r.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:2887 user-112082s.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:2921 user-112083h.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:2950 user-1120846.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:2959 user-1120849.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:2980 user-112084n.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:2991 user-112084u.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3016 user-112085h.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3048 user-112086b.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3091 user-112087g.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3099 user-112087k.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3108 user-112087p.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3121 user-1120882.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3138 user-112088e.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3147 user-112088j.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3173 user-1120898.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3208 user-11208a1.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3216 user-11208a5.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3228 user-11208ac.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3252 user-11208au.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3296 user-11208c4.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3301 user-11208c5.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3316 user-11208cg.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3328 user-11208co.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3341 user-11208cv.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3355 user-11208d9.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3377 user-11208dq.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3378 user-11208dq.dsl.mindspring.com:microsoft-ds SYN_SENT
TCP nick:3379 user-11208dq.dsl.mindspring.com:netbios-ssn SYN_SENT
TCP nick:3388 user-11208e1.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3389 user-11208e1.dsl.mindspring.com:microsoft-ds SYN_SENT
TCP nick:3391 user-11208e1.dsl.mindspring.com:netbios-ssn SYN_SENT
TCP nick:3418 user-11208en.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3420 user-11208en.dsl.mindspring.com:microsoft-ds SYN_SENT
TCP nick:3421 user-11208en.dsl.mindspring.com:netbios-ssn SYN_SENT
TCP nick:3432 user-11208eu.dsl.mindspring.com:microsoft-ds SYN_SENT
TCP nick:3433 user-11208ev.dsl.mindspring.com:microsoft-ds SYN_SENT
TCP nick:3434 user-11208f0.dsl.mindspring.com:microsoft-ds TIME_WAIT
TCP nick:3435 user-11208f0.dsl.mindspring.com:microsoft-ds SYN_SENT
TCP nick:3436 user-11208f0.dsl.mindspring.com:netbios-ssn SYN_SENT
TCP nick:3439 user-11208f1.dsl.mindspring.com:microsoft-ds SYN_SENT
TCP nick:3440 user-11208f2.dsl.mindspring.com:microsoft-ds SYN_SENT
TCP nick:3441 user-11208f3.dsl.mindspring.com:microsoft-ds SYN_SENT

IP Statistics

Packets Received = 15918
Received Header Errors = 0
Received Address Errors = 0
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 15918
Output Requests = 30701
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

ICMP Statistics

Received Sent
Messages 791 54
Errors 2 0
Destination Unreachable 771 33
Time Exceeded 12 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echos 0 18
Echo Replies 6 0
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0

TCP Statistics

Active Opens = 8216
Passive Opens = 14
Failed Connection Attempts = 7605
Reset Connections = 176
Current Connections = 4
Segments Received = 10337
Segments Sent = 16147
Segments Retransmitted = 8513

UDP Statistics

Datagrams Received = 4677
No Ports = 902
Receive Errors = 0
Datagrams Sent = 5944

Kraelis · May 23rd, 2003

What did the original reports (before the funny incidents) look like? It does seem a bit peculiar, but not necessarily evil. Try closing off the ports you don't use, netbios for instance.

If it's an attack on you, it's not doing the damage it should, apparently. If you're being used to attack, that's too few SYN attempts.

Maybe somebody's scanning you?

My two cents.

zukeft · May 23rd, 2003

Actually, I was infected with a trojan: http://www.symantec.com/avcenter/ven...oor.rsbot.html

Really horrible stuff. :S

May 19th, 2003	#1 (permalink)
zukeft Registered User Join Date: Sep 2002 Location: Bogota, Colombia Posts: 1,157	concerned This is what the NETSTAT report for me has been looking like lately. Now the problem is that I don't know if I'm attacking or being attacked. I know I did have a backdoor virus a few hours ago, but apparently something's still weird. Active Connections Proto Local Address Foreign Address State TCP nick:3380 user-11208dq.dsl.mindspring.com:netbios-ssn SYN_SENT TCP nick:3392 user-11208e1.dsl.mindspring.com:netbios-ssn SYN_SENT TCP nick:3422 user-11208en.dsl.mindspring.com:netbios-ssn SYN_SENT TCP nick:3437 user-11208f0.dsl.mindspring.com:netbios-ssn SYN_SENT TCP nick:1029 211.38.148.189:8000 ESTABLISHED TCP nick:1050 efnet.demon.co.uk:6666 ESTABLISHED TCP nick:1061 64.12.24.145:5190 ESTABLISHED TCP nick:2499 baym-cs206.msgr.hotmail.com:1863 ESTABLISHED TCP nick:2798 user-112080t.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:2815 user-112081a.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:2820 user-112081b.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:2834 user-112081k.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:2859 user-1120826.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:2886 user-112082r.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:2887 user-112082s.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:2921 user-112083h.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:2950 user-1120846.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:2959 user-1120849.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:2980 user-112084n.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:2991 user-112084u.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3016 user-112085h.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3048 user-112086b.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3091 user-112087g.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3099 user-112087k.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3108 user-112087p.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3121 user-1120882.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3138 user-112088e.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3147 user-112088j.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3173 user-1120898.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3208 user-11208a1.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3216 user-11208a5.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3228 user-11208ac.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3252 user-11208au.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3296 user-11208c4.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3301 user-11208c5.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3316 user-11208cg.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3328 user-11208co.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3341 user-11208cv.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3355 user-11208d9.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3377 user-11208dq.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3378 user-11208dq.dsl.mindspring.com:microsoft-ds SYN_SENT TCP nick:3379 user-11208dq.dsl.mindspring.com:netbios-ssn SYN_SENT TCP nick:3388 user-11208e1.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3389 user-11208e1.dsl.mindspring.com:microsoft-ds SYN_SENT TCP nick:3391 user-11208e1.dsl.mindspring.com:netbios-ssn SYN_SENT TCP nick:3418 user-11208en.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3420 user-11208en.dsl.mindspring.com:microsoft-ds SYN_SENT TCP nick:3421 user-11208en.dsl.mindspring.com:netbios-ssn SYN_SENT TCP nick:3432 user-11208eu.dsl.mindspring.com:microsoft-ds SYN_SENT TCP nick:3433 user-11208ev.dsl.mindspring.com:microsoft-ds SYN_SENT TCP nick:3434 user-11208f0.dsl.mindspring.com:microsoft-ds TIME_WAIT TCP nick:3435 user-11208f0.dsl.mindspring.com:microsoft-ds SYN_SENT TCP nick:3436 user-11208f0.dsl.mindspring.com:netbios-ssn SYN_SENT TCP nick:3439 user-11208f1.dsl.mindspring.com:microsoft-ds SYN_SENT TCP nick:3440 user-11208f2.dsl.mindspring.com:microsoft-ds SYN_SENT TCP nick:3441 user-11208f3.dsl.mindspring.com:microsoft-ds SYN_SENT IP Statistics Packets Received = 15918 Received Header Errors = 0 Received Address Errors = 0 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 15918 Output Requests = 30701 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 0 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Successfully Fragmented = 0 Datagrams Failing Fragmentation = 0 Fragments Created = 0 ICMP Statistics Received Sent Messages 791 54 Errors 2 0 Destination Unreachable 771 33 Time Exceeded 12 0 Parameter Problems 0 0 Source Quenches 0 0 Redirects 0 0 Echos 0 18 Echo Replies 6 0 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0 TCP Statistics Active Opens = 8216 Passive Opens = 14 Failed Connection Attempts = 7605 Reset Connections = 176 Current Connections = 4 Segments Received = 10337 Segments Sent = 16147 Segments Retransmitted = 8513 UDP Statistics Datagrams Received = 4677 No Ports = 902 Receive Errors = 0 Datagrams Sent = 5944 Last edited by zukeft; May 19th, 2003 at 21:44.

May 23rd, 2003	#2 (permalink)
Kraelis Fallen Join Date: Jun 2001 Location: Moonlight Spire Posts: 1,393	What did the original reports (before the funny incidents) look like? It does seem a bit peculiar, but not necessarily evil. Try closing off the ports you don't use, netbios for instance. If it's an attack on you, it's not doing the damage it should, apparently. If you're being used to attack, that's too few SYN attempts. Maybe somebody's scanning you? My two cents. __________________ --KrÆlis Cross Mundus vult decipi, ergo decipiatur =============== Athlon 64 x2 3800\| Asrock ALiveNF6G-VSTA \| Kingston DDR2 1 Gb RAM

May 23rd, 2003	#3 (permalink)
zukeft Registered User Join Date: Sep 2002 Location: Bogota, Colombia Posts: 1,157	Actually, I was infected with a trojan: http://www.symantec.com/avcenter/ven...oor.rsbot.html Really horrible stuff. :S __________________ Flaretech.biz web hosting

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode