[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Strange netstat -M output

When I did netstat -M on my debian NAT firewall, I got the following entry:

 prot   expire source               destination          ports
. . .
 tcp 118:59.12 zaphod.example.org        3294 -> 5000 (64996)

. . .

Zaphod is a Windows ME box. I recently read the article on Slashdot and K5
about zombies and am quite concerned. But I do not think that this program is
a zombie because the thing on port 5000 of the remote box does not appear to
be an IRC server. 

I'm preparing to set up a netstat script on my firewall to catch any packets
on that connection, but I nmaped the foregin box, so if he's awake at all, he
already knows that I know about him.

Does anyone know what this is?

Jordan Bettis <http://www.hafd.org/~jordanb/>
Pray:  To ask that the laws of the universe be annulled in behalf of a single
petitioner, who is confessedly unworthy.
-- Ambrose Bierce

Reply to: