Ethereal-users: [Ethereal-users] dealing with established connections (netstat -a)
Hi folks. I've probably become a bit complacent using Linux, as Windoze seems
to be attracting most of the blackhat/scriptkiddie/cracker attention. I fired
up up one of my FC2 disros today to check for updates through apt-get for
Fedora legacy and planetccrma music apps. There were only 2. Beast and caps.
I've also got setiathome running on this distro through wine, so I thought
I'd let it run for a while and get a bit more of a data unit done. (never
know I might find ET). Then I saw a lot of incoming traffic on Ksim's eth0
monitor. Fired up Ethereal and saw this was coming from IP 195.92.99.99 .
Whois merely took me back to Energis.com, who I presume is the ISP asigned
the block of addresses including this one. Netstat -a was more usefull.
Showing my machine IP address the port ( a high numbered one) then Under
(Foreign Address) opal.spod.org:http (State) ESTABLISHED. A quick look at
Jeeves showed opal.spod.org is the server for www.uberworld.org , with a very
strong disclaimer on the page. I mean this looks a bit dodgy for a start,
likes looks like they are getting a lot of stick from disgruntled folks. I've
never used IRC, or any sort of chat room like this apart from MSN and AIM
through Gaim. As far as I know have never visited this site (www.uberworld
.com). How this has arrived on the machine I don't know. Without wishing to
ramble on. Can somebody let me know where I have to blacklist this
(opal.spod.org), or if not a suggestion as to where to ask.
Main firewall: Smoothwall Express 2 (Totally Stealthed and confirmed by Steve
Gibsons Shields Up)
I've just re-booted this machine and the foreign entry (opal.spod.org) is not
present, but obviously I'm not happy with this situation.
Many thanks in advance for any help with this. Nigel.
