Re: Query on IP connections & security
On Fri, 24 Jul 2009, AG wrote:
> I was going through the hardinfo application and when I got to "IP
> connections" I noticed the following connections have the "Established" status
> using TCP and both on port 443 (SSL and HTTPS).
>
> One of these connections is to 71.62.0.176 (which doesn't seem to have a
> listing in the whois database that means anything) and 88.169.124.190 which
> points to http://www.proxad.net according to whois
>
> What applications could I have on my machine that would establish tcp
> connections with either of these using ssl/https?
>
> Also, although I was under the impression that the portmap service was not
> enabled at boot up, it would appear that it is running in the background. I
> recall that portmap used to be a security risk, but is this still the case and
> should I be concerned?
>
> Thanks
>
> AG
>
>
>
One handy tool to have is lsof. You can use that to see what applications
are talking to what IP. For example:
lsof -i@71.62.0.176 -n
will show you what applications are communicating with the ip. You can
also specify certain ports if you like, to trim down the results like so:
lsof -i@71.62.0.176:443
or to just see ports:
lsof -i:443
also, If you dint need portmap, the best solution is to just disable it.
No sense in running unneeded apps.
Hth,
Jeff
--
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.
Reply to: