Hi all,
Just last night I was spending a bit of time trying to start learning a bit about how to be confident that my system is secure, as you know you don't do this sort of thing just in a day. But anyway I was in the process of learning about my ports and sockets and how to check which ones are open or not.
After reading about it briefly I typed in the command 'netstat' and got the following output:
$netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 nailz-desktop.loc:34978 www.kubuntu.org:www TIME_WAIT
tcp6 0 0 192.168.1.100%134:42017 cpe-75-83-58-21.so:2016 CLOSE_WAIT
tcp6 0 0 192.168.1.100%134:34823 c-69-251-123-154.:16099 ESTABLISHED
tcp6 0 0 192.168.1.100%134:42016 cpe:2016 CLOSE_WAIT
tcp6 0 0 192.168.1.100%134:48906 97.102.193.107%81:13870 ESTABLISHED
tcp6 0 0 192.168.1.100%134:37049 96-39-172-123.dhc:29270 ESTABLISHED
tcp6 0 0 192.168.1.100%134:58095 75-163-152-54.cls:34055 ESTABLISHED
tcp6 1 0 192.168.1.100%134:47521 v001.nuspace.net:www CLOSE_WAIT
tcp6 0 0 192.168.1.100%134:46897 c-98-235-20-169.h:19855 ESTABLISHED
Anyway I was a bit suspicious about this one...
v001.nuspace.net:www (Should this be there?)
It just brings me to the question of what connections should and should not be there?
This is a bit of an open-ended question, but I was just wondering if anyone else is able to give me any comments on this?
Cheers
Just last night I was spending a bit of time trying to start learning a bit about how to be confident that my system is secure, as you know you don't do this sort of thing just in a day. But anyway I was in the process of learning about my ports and sockets and how to check which ones are open or not.
After reading about it briefly I typed in the command 'netstat' and got the following output:
$netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 nailz-desktop.loc:34978 www.kubuntu.org:www TIME_WAIT
tcp6 0 0 192.168.1.100%134:42017 cpe-75-83-58-21.so:2016 CLOSE_WAIT
tcp6 0 0 192.168.1.100%134:34823 c-69-251-123-154.:16099 ESTABLISHED
tcp6 0 0 192.168.1.100%134:42016 cpe:2016 CLOSE_WAIT
tcp6 0 0 192.168.1.100%134:48906 97.102.193.107%81:13870 ESTABLISHED
tcp6 0 0 192.168.1.100%134:37049 96-39-172-123.dhc:29270 ESTABLISHED
tcp6 0 0 192.168.1.100%134:58095 75-163-152-54.cls:34055 ESTABLISHED
tcp6 1 0 192.168.1.100%134:47521 v001.nuspace.net:www CLOSE_WAIT
tcp6 0 0 192.168.1.100%134:46897 c-98-235-20-169.h:19855 ESTABLISHED
Anyway I was a bit suspicious about this one...
v001.nuspace.net:www (Should this be there?)
It just brings me to the question of what connections should and should not be there?
This is a bit of an open-ended question, but I was just wondering if anyone else is able to give me any comments on this?
Cheers
Comment