Login or Register to Ask a Question and Join Our Community


IP Networking

ESTABLISHED web process??

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking ESTABLISHED web process??
# 1  
Old 08-28-2011
Data ESTABLISHED web process??
I put lsof -i -P -n into the terminal and this is the output. I believe i am being hacked??

Code:
lsof -i -P -n
COMMAND    PID        USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
SystemUIS 1578 melodysneed    9u  IPv4 0x07d608ec      0t0  UDP *:*
SystemUIS 1578 melodysneed   11u  IPv4 0x0ba68810      0t0  UDP *:*
WebProces 2141 melodysneed    7u  IPv4 0x0c550748      0t0  TCP 192.168.1.71:51015->74.125.67.17:443 (ESTABLISHED)
WebProces 2141 melodysneed   11u  IPv4 0x049f7ee8      0t0  TCP 192.168.1.71:50706->207.46.232.182:80 (ESTABLISHED)

Last edited by pludi; 08-28-2011 at 05:43 PM..
# 2  
Old 08-28-2011
what don't you understand?
# 3  
Old 08-28-2011
Perhaps,
It seems that your machine has an active connection , with a remote host .
It seems to be https and http connections.
This doesn't mean your system has been compromised or has been hacked.
1- verify the process webProces what is and why it's running .
2- You can do some reverse DNS lookups , whois and blacklist checkups.
3- you can examine what type of data is passing thru this connection by sniffing traffic
This User Gave Thanks to h@foorsa.biz For This Post:
melodysneed
# 4  
Old 08-28-2011
Well, I do not understand what these established connections are. I am connected to 2wire through ethernet. However I also ran ifconfig -a and these results also startled me. I am not a Pro by any means, however it looks like I have a lot of interfaces configured that I am not sure how they got that way. Ant insight would be GREATLY appreciated. Thanks in advance, Melody

Code:
ifconfig -a: 

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	inet 127.0.0.1 netmask 0xff000000 
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
	lladdr 00:22:41:ff:fe:ed:c1:16 
	media: autoselect <full-duplex>
	status: inactive
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
	ether 00:23:12:1b:c3:a8 
	media: autoselect (<unknown type>)
	status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 00:22:41:34:81:7f 
	inet6 fe80::222:41ff:fe34:817f%en0 prefixlen 64 scopeid 0x6 
	inet 192.168.1.71 netmask 0xffffff00 broadcast 192.168.1.255
	media: autoselect (100baseTX <full-duplex>)
	status: active

Last edited by radoulov; 08-28-2011 at 05:25 PM.. Reason: Code tags.
# 5  
Old 08-28-2011
after lsof
I ran ifconfig -a and these are my results. I am not a advanced Command line user, so any commands to trace these connections that you could pass on would be very useful. I am connected through ethernet and have my airport turned off. ????? CONFUSED
Here are the results of ifconfig -a:

Code:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	inet 127.0.0.1 netmask 0xff000000 
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
	lladdr 00:22:41:ff:fe:ed:c1:16 
	media: autoselect <full-duplex>
	status: inactive
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
	ether 00:23:12:1b:c3:a8 
	media: autoselect (<unknown type>)
	status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 00:22:41:34:81:7f 
	inet6 fe80::222:41ff:fe34:817f%en0 prefixlen 64 scopeid 0x6 
	inet 192.168.1.71 netmask 0xffffff00 broadcast 192.168.1.255
	media: autoselect (100baseTX <full-duplex>)
	status: active

Last edited by pludi; 08-28-2011 at 05:43 PM..
# 6  
Old 08-28-2011
looks like there is a open HTTP(web) connection to a mircosoft - Bing

and

a HTTP(SSL) connection to google.com

don't think you have to worry about them
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

30 tcp connections Established for a while and after a few minutes are close

Good morning, I need your help please After Restarting Aps or connection, these are connections tcp 0 0 10.80.1.26.57597 10.81.248.79.53008 ESTABLISHED tcp 0 47 10.80.1.26.57607 10.81.248.79.53008 ESTABLISHED tcp 0 0 ... (4 Replies)
Discussion started by: alexcol
4 Replies

2. AIX

AIX firewall accept established connection

I'm trying to configure a firewall for AIX to accept incoming connections on ports 22 and 443 and deny everything else. All is ok; the server accepts connections only on 22 and 443, but after that I also need to accept all outgoing connections -- ssh and telnet, for example. So I started with ... (0 Replies)
Discussion started by: Michael1457
0 Replies

3. Red Hat

Help: Find established conn source

Hi Friends, On one of my server which having direct connection to internet without firewall ..am seeing a established connection with SSH .. am not getting how ..there no login but I can see this established connection . ## have hidden original IPs with below notations for security concerns .... (0 Replies)
Discussion started by: Shirishlnx
0 Replies

4. Shell Programming and Scripting

Function to kill the established rsh session

HI I know that it sounds crazy :eek: appreciated if any one provided me a solution for my below case , the below script is checking the Database availability on many servers by establishing rsh session ( one by one ) , sometime one of the servers goes down and while this the script taking... (0 Replies)
Discussion started by: bejo4ever
0 Replies

5. Solaris

Established connections causing lag?

I'm not to sure how to go about this questions, so I will just ask it and then get criticized. How many Established connections should a V440 be able to support? (4 Replies)
Discussion started by: adelsin
4 Replies

6. Solaris

How to kill the TCP ESTABLISHED connection in netstat

Hello, Actually there are some bugs in application which does not close the TCP connection to other server though CORBA. We need to kill that ESTABLISHED connections as new connection are not happeneing as the allocated ports were used and showing as ESTABLISHED Is there any... (4 Replies)
Discussion started by: GIC1986
4 Replies

7. HP-UX

[HP-UX] Established ports although LAN is disconnected.

Hi, I have a few questions. There is a CORBA connection between 2 HP-UX 11.11i hosts. Then the LAN of the 2nd host is pulled. On the 1st host all connections disappear, as expected. But on the 2nd host all connections still are present, as established. With lsof one can see that the... (2 Replies)
Discussion started by: ejdv
2 Replies

8. IP Networking

Sniffing an established port

Hi All, On a solaris box A port B in which port B is established and receiving data. My question is how do i listen on that established port , how can i get the data received at box A: port B through my application I had searched the forum for the same, but i am unable to retrieve the... (5 Replies)
Discussion started by: matrixmadhan
5 Replies

9. Programming

C Prog to close a socket in established state

I have a SUN environment running an WebLogic that communicates w/a 3rd party running IIS. When the IIS site goes down (frequently), I am stuck with sockets in an ESTABLISHED state, and cannot seem to figure out how to avoid this. No exceptions are thrown as I can still open connections to the IIS... (1 Reply)
Discussion started by: teledelux
1 Replies
Login or Register to Ask a Question