Please HELP multiple connectionsNETSTAT am i being hijacked?

Discussion in 'Hardware' started by bubble03, Feb 9, 2010.

  1. bubble03

    bubble03 Private E-2

    aftet typing netstat i find the following (with firefox open )

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Administrator>netstat

    Active Connections

    Proto Local Address Foreign Address State
    TCP julius:1064 julius:1065 ESTABLISHED
    TCP julius:1065 julius:1064 ESTABLISHED
    TCP julius:1066 julius:1067 ESTABLISHED
    TCP julius:1067 julius:1066 ESTABLISHED
    TCP julius:1069 gv-in-f99.1e100.net:http ESTABLISHED
    TCP julius:1070 gv-in-f147.1e100.net:http ESTABLISHED
    TCP julius:1071 gv-in-f104.1e100.net:http ESTABLISHED
    TCP julius:1072 gv-in-f104.1e100.net:http ESTABLISHED
    TCP julius:1073 gv-in-f104.1e100.net:http ESTABLISHED
    TCP julius:1076 fxfeeds.acelb.sj.mozilla.com:http TIME_WAIT
    TCP julius:1079 ww-in-f101.1e100.net:http ESTABLISHED
    TCP julius:1080 ww-in-f101.1e100.net:http TIME_WAIT
    TCP julius:1082 c18-rb-gtm4-tron-xw-lb.cnet.com:http ESTABLISHE
    D
    TCP julius:1083 84.53.132.42:http ESTABLISHED
    TCP julius:1084 84.53.132.42:http ESTABLISHED
    TCP julius:1085 84.53.132.42:http ESTABLISHED
    TCP julius:1086 84.53.132.42:http ESTABLISHED
    TCP julius:1087 84.53.132.42:http ESTABLISHED
    TCP julius:1089 c18-dw-xw-lb.cnet.com:http TIME_WAIT
    TCP julius:1090 c17-ad-xw-lb.cnet.com:http ESTABLISHED
    TCP julius:1091 js-pd05-eu.revsci.net:http TIME_WAIT
    TCP julius:1092 84.53.178.88:http TIME_WAIT
    TCP julius:1093 84.53.132.42:http ESTABLISHED
    TCP julius:1094 c17-ad-xw-lb.cnet.com:http ESTABLISHED
    TCP julius:1095 c17-ad-xw-lb.cnet.com:http TIME_WAIT
    TCP julius:1097 c17-ad-xw-lb.cnet.com:http ESTABLISHED
    TCP julius:1098 c17-ad-xw-lb.cnet.com:http TIME_WAIT
    TCP julius:1099 c17-ad-xw-lb.cnet.com:http TIME_WAIT
    TCP julius:1100 c13-ss-1-lb.cnet.com:http TIME_WAIT
    TCP julius:1102 c18-ss-1-lb.cnet.com:http ESTABLISHED
    TCP julius:1104 c18-rb-gtm3-tron-xw-lb.cnet.com:http ESTABLISHE
    D
    TCP julius:1105 c16-uk-cnetnetworks-lb.eu.cnet.co.uk:http TIME_
    WAIT
    TCP julius:1106 pix04-pd05-eu.revsci.net:http TIME_WAIT
    TCP julius:1107 c18-gdl-xw-lb.cnet.com:http ESTABLISHED
    TCP julius:1108 c18-dw-xw-lb.cnet.com:http TIME_WAIT
    TCP julius:1110 c18-dw-xw-lb.cnet.com:http TIME_WAIT
    TCP julius:1112 c18-dw-xw-lb.cnet.com:http TIME_WAIT
    TCP julius:1113 c17-ad-xw-lb.cnet.com:http ESTABLISHED
    TCP julius:1114 c17-ad-xw-lb.cnet.com:http ESTABLISHED
    TCP julius:1116 c17-ad-xw-lb.cnet.com:http ESTABLISHED
    TCP julius:1117 c18-dw-xw-lb.cnet.com:http TIME_WAIT
    TCP julius:1119 pix04-pd05-eu.revsci.net:http TIME_WAIT
    TCP julius:1120 ww-in-f148.1e100.net:http ESTABLISHED
    TCP julius:1121 84.53.178.88:http ESTABLISHED
    TCP julius:1122 c16-uk-cnetnetworks-lb.eu.cnet.co.uk:http TIME_
    WAIT
    TCP julius:1123 cds185.lon.llnw.net:http CLOSE_WAIT

    C:\Documents and Settings\Administrator>
     
    bubble03, Feb 9, 2010
    #1
  2. chookers

    chookers Staff Sergeant

    What makes you ask that? I don't know a lot about netstat at this stage but I can read domain names and I can see that you have local connections (your computer is called julius, I'm guessing). Also, there are connections to cnet.com, cnet.co.uk, mozilla.com and this one which is a Google domain, 1e100.net.
    http://superuser.com/questions/75841/what-is-1e100-net-and-why-do-i-have-tcp-ports-open-to-it

    When you have a look at the log, you can see various addresses such as this one, c18-gdl-xw-lb.cnet.com, which has cnet.com at the end - that's the domain. Likewise, c16-uk-cnetnetworks-lb.eu.cnet.co.uk has cnet.co.uk at the end.

    revsci.net is an ad server. You can block that.
    http://www.ehow.com/how_5026847_rid-adsrevscinet-revscicom.html
    http://www.mywot.com/en/scorecard/revsci.net

    llnw.net is Limelight Networks and is probably no concern:
    http://en.wikipedia.org/wiki/Limelight_Networks
    http://www.mywot.com/en/scorecard/limelightnetworks.com

    The only two I'm having much trouble with are the IP addresses, but I think they both belong to Akamai:
    http://ip-lookup.net/whois-ip?ip=84.53.178.88
    http://whois.domaintools.com/84.53.132.42
    http://whois.domaintools.com/84.53.178.88

    Here is a Wiki article about netstat:
    http://en.wikipedia.org/wiki/Netstat

    And if you have genuine reason to worry about whether your computer has any problems of a security nature, there are two very good guides here, one to clean an infected computer and the other one to check if you have put sufficient security on your computer:
    http://forums.majorgeeks.com/showthread.php?t=35407
    http://forums.majorgeeks.com/showthread.php?t=44525
     
    chookers, Mar 10, 2010
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds