Strange netstat -M output

To: debian-security@lists.debian.org
Subject: Strange netstat -M output
From: Jordan Bettis <jordanb@hafd.org>
Date: Fri, 1 Jun 2001 11:16:28 -0500
Message-id: <[🔎] 20010601111628.A2038@gandalf.hafd.org>

When I did netstat -M on my debian NAT firewall, I got the following entry:

 prot   expire source               destination          ports
. . .
 tcp 118:59.12 zaphod.example.org      209.225.26.22        3294 -> 5000 (64996)

. . .

Zaphod is a Windows ME box. I recently read the article on Slashdot and K5
about zombies and am quite concerned. But I do not think that this program is
a zombie because the thing on port 5000 of the remote box does not appear to
be an IRC server. 

I'm preparing to set up a netstat script on my firewall to catch any packets
on that connection, but I nmaped the foregin box, so if he's awake at all, he
already knows that I know about him.

Does anyone know what this is?

-- 
Jordan Bettis <http://www.hafd.org/~jordanb/>
Pray:  To ask that the laws of the universe be annulled in behalf of a single
petitioner, who is confessedly unworthy.
-- Ambrose Bierce

Reply to:

Prev by Date: Re: Password encrypting
Next by Date: Re: X & tcp listening
Previous by thread: Re: Kernal Panic
Next by thread: MASQUERADE problem
Index(es):
- Date
- Thread