Strange netstat -M output
When I did netstat -M on my debian NAT firewall, I got the following entry:
prot expire source destination ports
. . .
tcp 118:59.12 zaphod.example.org 220.127.116.11 3294 -> 5000 (64996)
. . .
Zaphod is a Windows ME box. I recently read the article on Slashdot and K5
about zombies and am quite concerned. But I do not think that this program is
a zombie because the thing on port 5000 of the remote box does not appear to
be an IRC server.
I'm preparing to set up a netstat script on my firewall to catch any packets
on that connection, but I nmaped the foregin box, so if he's awake at all, he
already knows that I know about him.
Does anyone know what this is?
Jordan Bettis <http://www.hafd.org/~jordanb/>
Pray: To ask that the laws of the universe be annulled in behalf of a single
petitioner, who is confessedly unworthy.
-- Ambrose Bierce