funny result from netstat

N

nesredep egrob

Looking at netstat with the -a selection, I find that 216.166.75.17 (was) is
connected (Established) to my computer on port 1039. I object and have naturally
closed the connection to port 1039.

I sent the following to the abuse of the provider. Maybe it would be a good
thing to have a script that you can from time to time start up to look at
connections using netstat - any takers, please.

Whois gave the following information:

OrgName: Yokubaitis Holding Corporation
OrgID: YOKU
Address: 2700 Via Fortuna
Address: Suite 500
City: Austin
StateProv: TX
PostalCode: 78746
Country: US

NetRange: 216.166.0.0 - 216.166.127.255
CIDR: 216.166.0.0/17
NetName: YHC-4
NetHandle: NET-216-166-0-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS3.TEXAS.NET
NameServer: NS2.TEXAS.NET
Comment:
RegDate: 2000-08-23
Updated: 2004-05-19

RTechHandle: TXNT-NOC-ARIN
RTechName: Texas Net Network Operations Center
RTechPhone: +1-512-684-9300
RTechEmail: (e-mail address removed)

OrgAbuseHandle: ABUSE991-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-512-684-9300
OrgAbuseEmail: (e-mail address removed)

OrgTechHandle: TXNT-NOC-ARIN
OrgTechName: Texas Net Network Operations Center
OrgTechPhone: +1-512-684-9300
OrgTechEmail: (e-mail address removed)

# ARIN WHOIS database, last updated 2006-06-05 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Naturally I shall to avoid such connection make sure that my router closes
connection of that type but I should like to have an explanation of what is
going on.

best regards from

Borge Pedersen,
2 Acton Rise,
Kingsley, Australia 6026
mailto:[email protected]
website http://www.members.ii.net/~borge

Borge in sunny Perth, Australia
 
P

Pegasus \(MVP\)

nesredep egrob said:
Looking at netstat with the -a selection, I find that 216.166.75.17 (was) is
connected (Established) to my computer on port 1039. I object and have naturally
closed the connection to port 1039.

I sent the following to the abuse of the provider. Maybe it would be a good
thing to have a script that you can from time to time start up to look at
connections using netstat - any takers, please.

Whois gave the following information:

OrgName: Yokubaitis Holding Corporation
OrgID: YOKU
Address: 2700 Via Fortuna
Address: Suite 500
City: Austin
StateProv: TX
PostalCode: 78746
Country: US

NetRange: 216.166.0.0 - 216.166.127.255
CIDR: 216.166.0.0/17
NetName: YHC-4
NetHandle: NET-216-166-0-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS3.TEXAS.NET
NameServer: NS2.TEXAS.NET
Comment:
RegDate: 2000-08-23
Updated: 2004-05-19

RTechHandle: TXNT-NOC-ARIN
RTechName: Texas Net Network Operations Center
RTechPhone: +1-512-684-9300
RTechEmail: (e-mail address removed)

OrgAbuseHandle: ABUSE991-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-512-684-9300
OrgAbuseEmail: (e-mail address removed)

OrgTechHandle: TXNT-NOC-ARIN
OrgTechName: Texas Net Network Operations Center
OrgTechPhone: +1-512-684-9300
OrgTechEmail: (e-mail address removed)

# ARIN WHOIS database, last updated 2006-06-05 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Naturally I shall to avoid such connection make sure that my router closes
connection of that type but I should like to have an explanation of what is
going on.

best regards from

Borge Pedersen,
2 Acton Rise,
Kingsley, Australia 6026
mailto:[email protected]
website http://www.members.ii.net/~borge

Borge in sunny Perth, Australia
Click to expand...

Instead of reporting the "abuser" (if, in fact, it was an abuse),
you should check your firewall for open ports. Try www.grc.com
and click ShielsUp to see how ports 1 .. 1055 are configured.
 
N

Never anonymous Bud

I sent the following to the abuse of the provider.
Click to expand...

Why? It's NOT abuse if something you installed is making that connection.

Unless you can prove it's spyware or some other abuse,
it's nothing to worry about.

And Yokubaitis IS Texas.net, and that is home to windrivers.com.



Lumber Cartel (tinlc) #2063. Spam this account at your own risk.

This sig censored by the Office of Home and Land Insecurity...

Remove XYZ to email me
 
N

nesredep egrob

Instead of reporting the "abuser" (if, in fact, it was an abuse),
you should check your firewall for open ports. Try www.grc.com
and click ShielsUp to see how ports 1 .. 1055 are configured.
Click to expand...

I have had the joy of closing one port after another
1039,1349,1422,1482,1542,1546,1818,1920,1948,2054,2056 using the router - some
fun.
They kept following me and finally I found the rat - it was the MS ftp which I
have tried for months to make available for family to download Photos from
Australia. I never suceeeded apart from the first 6 weeks or so but I realised
that the program was still available and closed it down.

The netstat -a does report, all is well.
Now I get peace and quiet again.
Sorry about the alert - but I am getting better, I think.

Now if I could make the site available for family and friends I might put up
with the odd intruder. Unfortunately I get the idea that the firewall in the DSL
router is just there to stop the users of the Lan from accessing unwanted URL's


Borge in sunny Perth, Australia
 
N

nesredep egrob

Why? It's NOT abuse if something you installed is making that connection.

Unless you can prove it's spyware or some other abuse,
it's nothing to worry about.

And Yokubaitis IS Texas.net, and that is home to windrivers.com.



Lumber Cartel (tinlc) #2063. Spam this account at your own risk.

This sig censored by the Office of Home and Land Insecurity...

Remove XYZ to email me
Click to expand...

Tell me how you knew that -as you see from a prior message it was in fact IIS
ftp that caused the bother.

Borge in sunny Perth, Australia
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Netstat question 9

Top