Help me with this netstat

Status
Not open for further replies.
T

theguywillwin

New member
Sep 25, 2007
48
0
0
Please help me with this thing, I think my system has a fucking rootkit. I used to work with a ton of hackers at a hosting company and I think they're after my ideas.

This is my netstat[-an] after just logging on and opening FireFox

C:\Documents and Settings\>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 127.0.0.1:1027 ESTABLISHED
TCP 127.0.0.1:1027 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1030 127.0.0.1:1031 ESTABLISHED
TCP 127.0.0.1:1031 127.0.0.1:1030 ESTABLISHED
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1028 *:*
UDP 0.0.0.0:1044 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 172.16.1.33:123 *:*

Isn't this odd? Help me out here, I need to get to the bottom of this.
 


This is a pic from TCPView with nothing else going then Internet and FireFox
23rtico.gif


Please help me out with this, driving me fuckin nuts.
 
Do you have a bunch of plugins in firefox? Seams od it would have that many connections
Im not really familiar with firefox packets though
 
If you have a firewall you don't need to worry about incoming connections (LISTENING). But if you have a root kit you have to worry about outgoing connections. Nothing stands out in that screenshot.
 
Thanks for your replies, I have the Windows firewall running I used to run Comodo but had to stop running it after a while. I've got a pretty good firewall on the router but whats to say the router hasn't been compromised.

I have Google notebook and Google toolbar going in Firefox. That's it.
 
nothing looks really unusual to me. anything else behaving weird with your machine to make you think you are rooted?
 
audax said:
If you have a firewall you don't need to worry about incoming connections (LISTENING). But if you have a root kit you have to worry about outgoing connections.
Click to expand...

rofl who the fuck told you that? :D
you need to worry about connections in both directions whether you got a firewall or not cos if i hacked your box the first thing i would do is reconfigure your firewall to allow whatever i want.
rootkits dont connect out either their job is to hide all traces of the stuff the hacker has installed like files, folders, services, processes, registry entries, ports in use etc...
 
theguywillwin, heres a handy tool that can help track down rootkits and other hidden malware on your machine.
it lists running processes, active ports, drivers, startup registry entries, services etc...
any hidden items will be displayed in red.

IceSword1.18en.rar
 
Thanks for the help but WTF is that thing. I'll go ahead and do some Google searching. As for your comment on rootkits, I don't think you can be more right.

TheFEAR said:
theguywillwin, heres a handy tool that can help track down rootkits and other hidden malware on your machine.
it lists running processes, active ports, drivers, startup registry entries, services etc...
any hidden items will be displayed in red.

IceSword1.18en.rar
Click to expand...
 
Alright if this isn't weird then I don't know what is.

Note - You should also check this if you're running Win XP.

I checked my LAN connection status on two separate computers after doing nearly identical surfing.
(I visited a few of the same sites and played a few of the same YouTube videos)

The final results came down to nearly identical received packets but one computer sent a very large number of packets
(very close to packets received) and another only sent about 2k. WTF

Can anyone explain why this would happen? Why would one computer sent so many more packets and they're both not running any crazy software.

Please check your LAN connection status and let me know what your sent/received packet ratio is like.

 
Status
Not open for further replies.
Top Bottom