Netstat returns IP= xxx.xxx.xxx.xxx.blackjack what's up?

Netstat returns IP= xxx.xxx.xxx.xxx.blackjack what's up?

Post by Nuno Branc » Fri, 04 Jul 2003 00:29:54



Have you tried to see in /etc/services if there is some port "named"
blackjack? Did you try to google for that port number?


> Hi and thanks,

> A netstat command produces a result I don't understand.  The column in
> question
> usually shows the user's IP address and port,(xxx.xxx.xxx.xxx.nnnn).
> However the entries in question, about a dozen our of a 100, appear to
> show the user attached to a port (?) named "blackjac", the actual entry
> looks like this, xxx.xxx.xxx.xxx.blackjac

> These people ARE not playing cards/games! Take my word for that!

> Any ideas!

> Thanks.

> Cary

--

Best Regards,
Nuno Branco

 
 
 

Netstat returns IP= xxx.xxx.xxx.xxx.blackjack what's up?

Post by Mike Forsma » Fri, 04 Jul 2003 00:42:30



> Hi and thanks,

> A netstat command produces a result I don't understand.  The column in
> question
> usually shows the user's IP address and port,(xxx.xxx.xxx.xxx.nnnn).
> However the entries in question, about a dozen our of a 100, appear to show
> the user attached to a port (?) named "blackjac", the actual entry looks
> like this, xxx.xxx.xxx.xxx.blackjac

> These people ARE not playing cards/games! Take my word for that!

> Any ideas!

> Thanks.

> Cary

If your netstat command has a --program option you could use
that to figure out what process is on that port.
Another option would be to use lsof if that is available.
lsof -i tcp:1025

Hope this helps,

Mike

 
 
 

1. question: Who is xxx.xxx.xxx.xxx tell xxx.yyy.yyy.zzz

This morning I noticed the activity LED on my cable modem has been going
nuts with loads of network traffic. I'm just sitting there not doing
anything. I'm using a Mandrake 7.2 box with IPCHAINS and Portsentry.

I checked my log files and Portsentry mail and see lots of DENY stuff.

I then fired up ethereal and start capturing. I see page after page of
messages such as:

Who has 24.177.63.127 Tell 65.112.55.123

The numbers are not accurate (I can post them if needed), but the messages
are all the same with differing IP numbers on both sides.

What does this mean? I called my broadband provider and they said they had
no idea.

Has my system been hacked?

Thanks,
Paul Nixon

2. Getting problem of Ascii Characters

3. Arpresolve error: can't allocate llinfo for xxx.xxx.xxx.xxx

4. bootsector

5. Mail server on Linux

6. These "ICMP redirect from xxx.xxx.xxx.xxx" errors

7. Apache: mod_speling per directory

8. Installation freezing at "Add default route xxx.xxx.xxx.xxx" with NE2000 card

9. kernel: ICMP: xxx.xxx.xxx.xxx: Source route failed

10. Telnet xxx.xxx.xxx.xxx 25

11. ICMP: xxx.xxx.xxx.xxx Source Route Failed ?

12. ICMP redirect from xxx.xxx.xxx.xxx on eth0 ignored