Two IP Addresses at One Time?

Hello, long time reader first time poster here

Hope I am posting in the right section; I've been suspecting that I have an intruder in my computer (thats how I got into this forum months ago) but so far I am trying to solve the problem myself (please note that I am not an expert, just curious and enjoying trying to do things on my own) although I am not sure that I have successfully rid of the intruder.

But that is not my question. I was trying the netstat -b command earlier and got this:

Code:

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    182.2.***.***:49***    www-12-05-prn1:https   ESTABLISHED
 [chrome.exe]
  
  TCP    182.3.**.***:49***     download:http          CLOSE_WAIT
 [cmdagent.exe]
  TCP    182.3.**.***:49***     downloads:http         CLOSE_WAIT
 [cmdagent.exe]

I have edited a few parts, but noticed that I had two different IPs 182.2 and 182.3.

I logged out, and change my connection, this time it is from the same provider but different internet packages. I tried the netstat command again and got this result:

Code:

Active Connections

  Proto  Local Address          Foreign Address        State
  
  TCP    182.0.***.***:50***    static-74-209-160-10:http  ESTABLISHED
 [chrome.exe]
  
  TCP    182.3.**.***:49***     download:http          CLOSE_WAIT
 [cmdagent.exe]
  TCP    182.3.**.***:49***     downloads:http         CLOSE_WAIT
 [cmdagent.exe]

Noticed that my IP has changed (to 182.0), but 182.3 is still there and it is exactly the same as the above.

Can anyone please tell me whether this is normal or not, or should I be aware / this is a sign of intrusion?

Thanks in advance

 

Hi,

Since you're using the -b switch, which shows the program that created the connection:

" -b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions."

I'd start by tracking down what cmdagent.exe is.

Here's what I found:

http://www.file.net/process/cmdagent.exe.html

--- snip ---
cmdagent.exe file information

The process Comodo Agent Service or COMODO Internet Security or COMODO Firewall Pro belongs to the software COMODO Firewall Pro or COMODO Internet Security or Comodo Firewall or Comodo Agent Service or Comodo Personal Firewall by COMODO or Comodo CA Limited.
--- snip ---

So, it appears that it's a legitimate connection from a program installed on your computer, assuming that you have one of those programs installed.

182.2.x.x and 182.3.x.x are public IP addresses.

If you're on a home/consumer Internet connection, I advise investing in a hardware NAT/Router of some kind, as having a public IP address in that scenario indicates that your computer is directly connected to the Internet. Putting such a device between your computer and the Internet is a good idea: It adds another layer of defense for minimal cost, and helps minimize the exposure of your computer.

If you're at a university/college, then it's possible that you get a public IP address from them via DHCP and that they use public addresses for end users, and so you don't necessarily have to worry about it.

Regards,

dj

 

Hi DJ,

thank you for your response. Yes, I do have Comodo firewall installed in my computer, so that explains then. Yes, currently my setup is computer > USB Modem > internet, due to some circumstances currently this is my only option so I "compensated" it with firewall software (I heard that it is no longer necessary if we are using router ..?).

Anyway, thanks again. I have read the link you provided and I believe this is just a false alarm.

 

Hi,

That's not really true. Even if you have a hardware router/firewall, it's still a good idea to have protection software running on your computers as well. This helps create, to a small degree, what is called "defense in depth":

http://en.wikipedia.org/wiki/Defense_in_depth_(computing)

So, when you are able to get a hardware firewall, keep Comodo installed anyway, keep it updated (as well as Windows!) and also install the same kind of protection on any other computer/device as well.

Regards,

dj