Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Tuesday, May 7, 2013

bandwidth abuser

http://security.stackexchange.com/questions/12216/what-are-these-ip-adresses-my-computer-is-connected-and-how-do-i-block-them-if-t 
Understanding netstat and getting useful information
HERGESTELLT means that there is a connection. Ports that have been opened by server programs on your computer are in state LISTENING (ABHÖREN) instead. Looking at the target ports, this is likely web traffic with the exception of the first one.
In order to get more useful output, you need to use some parameters for netstat as explained in the documentation:
netstat -a -n -o
  • -a will include ports in state LISTENING,
  • -n will show the real ip-addresses instead of the DNS reverse lookup.
  • -o win include the process id (use the Windows Task manager to look it up).
Please keep in mind that in case your computer got infected, you cannot trust the output of netstat as the malicious program might have manipulated it.

Owners of ip-addresses

For the cases in which the IP-address is visible in your log, the owners are as follows:
  • 193.247.193.85: Google
Start - cmd - netstat
tvunetworks apps as bandwidth abuser
 38.103.62.175:http
 38.103.62.170:http
 38.103.62.168:http
 38.103.62.161:http
http://myip.ms/info/whois/38.103.62.161/k/1601840401/website/tvunetworks.com
http://www.pagesinventory.com/domain/channel3.tvunetworks.com.html
chinaunicom.cn
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/79120962-0380-4939-aa02-8f1702bcab40/
http://www.boonex.com/n/Just_For_Fun_the_April_Fools_that_attacked_BoonEx_show_up_with_some_demands_
http://www.tcpiputils.com/browse/ip-address/218.69.107.35
218.69.107.35:3950

wb-in-f120:http
wb-in-f120:http
wb-in-f120:http
wb-in-f120:http
wb-in-f120:http
wb-in-f120:http
yh-in-f191:http
wb-in-f120:http
128.121.22.160:htt
Logmein.com
http://www.magic-net.info/my-ip-and-city-information.dnslookup?fname=38.127.167.5
https://ipdb.at/ip/64.74.103.175
psinetwork.net
38.127.167.5:http
http://security.stackexchange.com/questions/12216/what-are-these-ip-adresses-my-computer-is-connected-and-how-do-i-block-them-if-t
yh-in-f125:5222
64.74.103.175:http
===============

C:\Users\tux>nslookup 64.74.103.179
Servidor:  resolver1.opendns.com
Address:  208.67.222.222

*** resolver1.opendns.com no encuentra 64.74.103.179: Non-existent domain

C:\Users\tux>nslookup 74.125.130.125
Servidor:  resolver1.opendns.com
Address:  208.67.222.222

Nombre:  gh-in-f125.1e100.net
Address:  74.125.130.125


C:\Users\tux>nslookup  173.194.73.125
Servidor:  resolver1.opendns.com
Address:  208.67.222.222

Nombre:  vb-in-f125.1e100.net
Address:  173.194.73.125

C:\Users\tux>nslookup 199.16.156.104
Servidor:  resolver1.opendns.com
Address:  208.67.222.222
*** resolver1.opendns.com no encuentra 199.16.156.104: Non-existent domain
C:\Users\tux>nslookup 74.125.139.139
Servidor:  resolver1.opendns.com
Address:  208.67.222.222
Nombre:  yn-in-f139.1e100.net
Address:  74.125.139.139
C:\Users\tux>nslookup 184.24.64.60
Servidor:  resolver1.opendns.com
Address:  208.67.222.222
Nombre:  a184-24-64-60.deploy.akamaitechnologies.com
Address:  184.24.64.60
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)