Date: Mon, 8 Nov 2004 11:20:03 +0100 From: "Jorn Argelo" <jorn@wcborstel.nl> To: questions@freebsd.org Subject: Strange netstat output Message-ID: <20041108100954.M66265@wcborstel.nl>
next in thread | raw e-mail | index | archive | help
Hi folks, Recently I took notice about a strange netstat output within my LAN: [jorn@www] ~> netstat -ra Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default ACA80101.ipt.aol.c UGS 0 156153 rl0 localhost localhost UH 2 539754 lo0 ACA80100.ipt.aol.c link#1 UC 0 0 rl0 ACA80101.ipt.aol.c 00:09:5b:a7:a4:3e UHLW 1 3918 rl0 790 ACA80102.ipt.aol.c 00:10:a7:0d:6f:7f UHLW 0 325 rl0 1193 ACA80104.ipt.aol.c localhost UGHS 0 0 lo0 ACA801FF.ipt.aol.c ff:ff:ff:ff:ff:ff UHLWb 0 1091 rl0 192.168.2.105 localhost UGHS 0 0 lo0 The ipt.aol.com is the one that's the problem. If I ping it, it returns this: PING ACA80102.ipt.aol.com (172.168.1.2): 56 data bytes 64 bytes from 172.168.1.2: icmp_seq=0 ttl=64 time=0.120 ms 64 bytes from 172.168.1.2: icmp_seq=1 ttl=64 time=0.149 ms 64 bytes from 172.168.1.2: icmp_seq=2 ttl=64 time=0.149 ms ^C --- ACA80102.ipt.aol.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.120/0.139/0.149/0.014 ms [jorn@www] ~> Which is my internal IP adress. If I ping ACA80104, it goes to 172.168.1.4. If I ping ACA80100, it says 172.168.1.100 and ACA801FF is the 172.168.1.255 address (the broadcast address, if I recall my Cisco classes correctly). The 192.168.1.105 address is rather strange as well, because I'm not using that range on the router's DHCP server (Netgear FVS318, in case you want to know) So my question is, what are these? My firewall log (on the router) is showing some major blocking on port 445 and 135. It's not like one IP address is doing all the bad stuff; most of them are just random grabs from virus infected machines. Thanks in advance, Jorn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041108100954.M66265>