dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
606
share rss forum feed

ohjar

join:2013-02-27
Edmond, OK

netstat screenshot (inquire within)

Click for full size
downloadscreenshotrrr.pdf 116,457 bytes
New to the forums so hello! My computer has been acting weird lately and I've had a bad experience with hackers(to make a long story short my comp was being used as a sword by a guy in anonymous"have poof") I've been monitoring my netstat and this pops up all at once(screenshot). should i be worried?

EDIT: sorry for picture quality


trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

That hardly tells us anything, we need to know what programs are initiating those connections. Local ports, remote ports, PIDs, executable names, etc.



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to ohjar

said by ohjar:

EDIT: sorry for picture quality

Copy, paste, and code blocks. And the "Foreign Addresses" and process IDs; like this:
C:\util\dig>netstat -aon
 
Active Connections
 
  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       812
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING       4
  TCP    192.168.42.36:49171    69.22.151.207:443      ESTABLISHED     3312
  TCP    192.168.42.36:49204    17.149.36.220:5223     ESTABLISHED     3928
  TCP    192.168.42.36:59744    31.13.77.39:443        ESTABLISHED     1788
  TCP    192.168.42.36:59779    31.13.77.42:443        ESTABLISHED     1788
  TCP    192.168.42.36:60811    74.125.224.100:80      ESTABLISHED     1788
  TCP    192.168.42.36:60818    209.123.109.175:80     TIME_WAIT       0
  TCP    192.168.42.36:60819    209.123.109.175:80     TIME_WAIT       0
  TCP    192.168.42.36:60827    74.125.141.95:80       ESTABLISHED     1788
  TCP    192.168.42.36:60844    2.19.131.235:443       ESTABLISHED     364
  UDP    0.0.0.0:7              *:*                                    1812
  UDP    0.0.0.0:9              *:*                                    1812
  UDP    0.0.0.0:13             *:*                                    1812
  UDP    0.0.0.0:17             *:*                                    1812
  UDP    0.0.0.0:19             *:*                                    1812
  UDP    0.0.0.0:68             *:*                                    976
 

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

HELLFIRE
Premium
join:2009-11-25
kudos:15
reply to ohjar

Try "netstat -abn > file.txt" and post file.txt up for review.

If you're thinking you're still being hacked, you definately want to do the above and write to a new file periodically for
review / comparison.

Regards