PDA

View Full Version : Weird network connections



ggpanta
2006-02-24, 20:39
Hi, I have some weird network connections:

netstat -a result

TCP goliath:1105 *.69sexsearch.com:1106 CLOSE_WAIT
TCP goliath:1669 *.69sexsearch.com:1670 ESTABLISHED
TCP goliath:1670 *.69sexsearch.com:1669 ESTABLISHED
TCP goliath:2026 *.69sexsearch.com:2027 ESTABLISHED
TCP goliath:2027 *.69sexsearch.com:2026 ESTABLISHED
TCP goliath:3004 *.69sexsearch.com:3005 ESTABLISHED
TCP goliath:3005 *.69sexsearch.com:3004 ESTABLISHED
TCP goliath:3062 *.69sexsearch.com:3063 TIME_WAIT
TCP goliath:3066 *.69sexsearch.com:3067 TIME_WAIT
TCP goliath:3069 *.69sexsearch.com:3070 ESTABLISHED
TCP goliath:3070 *.69sexsearch.com:3069 ESTABLISHED
TCP goliath:3072 *.69sexsearch.com:3073 ESTABLISHED
TCP goliath:3073 *.69sexsearch.com:3072 ESTABLISHED
TCP goliath:3075 *.69sexsearch.com:3076 TIME_WAIT
TCP goliath:3081 *.69sexsearch.com:3082 TIME_WAIT
TCP goliath:3084 *.69sexsearch.com:3085 ESTABLISHED
TCP goliath:3085 *.69sexsearch.com:3084 ESTABLISHED
TCP goliath:3087 *.69sexsearch.com:3088 TIME_WAIT
TCP goliath:3090 *.69sexsearch.com:3091 ESTABLISHED
TCP goliath:3091 *.69sexsearch.com:3090 ESTABLISHED
TCP goliath:3093 *.69sexsearch.com:3094 ESTABLISHED
TCP goliath:3094 *.69sexsearch.com:3093 ESTABLISHED
TCP goliath:3095 *.69sexsearch.com:3097 ESTABLISHED
TCP goliath:3097 *.69sexsearch.com:3095 ESTABLISHED
TCP goliath:3099 *.69sexsearch.com:3100 ESTABLISHED
TCP goliath:3100 *.69sexsearch.com:3099 ESTABLISHED
TCP goliath:3102 *.69sexsearch.com:3103 ESTABLISHED
TCP goliath:3103 *.69sexsearch.com:3102 ESTABLISHED
TCP goliath:3105 *.69sexsearch.com:3106 TIME_WAIT
TCP goliath:3108 *.69sexsearch.com:3109 ESTABLISHED
TCP goliath:3109 *.69sexsearch.com:3108 ESTABLISHED
TCP goliath:3112 *.69sexsearch.com:3113 ESTABLISHED
TCP goliath:3113 *.69sexsearch.com:3112 ESTABLISHED
TCP goliath:3116 *.69sexsearch.com:3115 TIME_WAIT
TCP goliath:3119 *.69sexsearch.com:3120 TIME_WAIT
TCP goliath:3122 *.69sexsearch.com:3123 TIME_WAIT
TCP goliath:3124 *.69sexsearch.com:3125 TIME_WAIT
TCP goliath:3127 *.69sexsearch.com:3128 TIME_WAIT
TCP goliath:3131 *.69sexsearch.com:3132 TIME_WAIT
TCP goliath:3134 *.69sexsearch.com:3135 TIME_WAIT
TCP goliath:3138 *.69sexsearch.com:3139 TIME_WAIT
TCP goliath:3140 *.69sexsearch.com:3141 TIME_WAIT

does anyone know whats this?
SSD doesnt find anything other some tracking cookies on both of the workstations. I tracked all downloads from the proxy and the only suspicious is gigaget a download manager, it maybe something else though since we only keep logs for 4 months.
For now I will close all LAN to WAN ports for this 2 workstations, but I would appreciate some help since reformating isnt a good option.


Regards,
George

tashi
2006-02-24, 23:34
Is it possible for you post a hjt log, then a helper will take a look as soon as possible.
Instructions here:
Before you post a log, and who will advise you. (http://forums.spybot.info/showthread.php?t=288)

tashi
2006-02-28, 20:48
Due to lack of a response this topic will be archived.
If you need it re-opened please send me a pm and provide a link to the thread.