Backdoor?
shimi
linux-il at shimi.net
Mon Nov 24 00:53:50 IST 2014
On Sun, Nov 23, 2014 at 10:45 PM, Amichai Rotman <amichai at iglu.org.il>
wrote:
> Hi All,
>
> I am trying to troubleshoot a bottleneck in my internet connection.
>
> I came across a few lines like these ones when I run 'netstat -ptW':
>
> tcp 0 0 10.0.0.3:42239
> 82-166-201-152.barak-online.net:http ESTABLISHED 5881/chrome
>
This is a server on the Akamai CDN. Could be any website using Akamai. Use
a sniffer instead of netstat if you want to know what's going on.
> tcp 0 0 10.0.0.3:55224
> bzq-179-180-121.static.bezeqint.net:https ESTABLISHED 5881/chrome
>
>
Using -n in netstat is advised; Some IPs have a reverse DNS without a
matching forward DNS. Anyways, this is likely 212.179.180.121.
Also known as:
$ host www.google.com | grep 212.179.180.121
www.google.com has address 212.179.180.121
> Does Bezeq and the ISPs open a backdoor in my router somehow?
>
> They could be, but this log is probably not showing the case.
-- Shimi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20141124/e649bed5/attachment.html>
More information about the Linux-il
mailing list