[OT]is this one attack?

[Rosario1903]

is [represent] this one attack to my pc? or just i open one page
and it is right that open 108 connections?

Proto Indirizzo locale Indirizzo esterno Stato

TCP 192.168.33.204:49655 207.46.194.1:80 TIME_WAIT
TCP 192.168.33.204:49656 65.54.187.20:443 TIME_WAIT
TCP 192.168.33.204:49662 173.194.35.12:80 ESTABLISHED
TCP 192.168.33.204:49666 173.194.70.191:80 ESTABLISHED
TCP 192.168.33.204:49669 78.46.64.55:80 ESTABLISHED
TCP 192.168.33.204:49671 173.194.35.18:80 ESTABLISHED
TCP 192.168.33.204:49672 173.194.35.18:80 ESTABLISHED
TCP 192.168.33.204:49673 173.194.35.18:80 ESTABLISHED
TCP 192.168.33.204:49674 173.194.35.1:443 ESTABLISHED
TCP 192.168.33.204:49675 173.194.35.1:443 ESTABLISHED
TCP 192.168.33.204:49676 173.194.35.11:80 ESTABLISHED
TCP 192.168.33.204:49677 173.194.35.11:80 ESTABLISHED
TCP 192.168.33.204:49678 173.194.35.11:80 ESTABLISHED
TCP 192.168.33.204:49679 173.194.35.12:80 ESTABLISHED
TCP 192.168.33.204:49680 173.194.35.12:80 ESTABLISHED
TCP 192.168.33.204:49682 173.194.35.10:80 ESTABLISHED
TCP 192.168.33.204:49683 173.194.35.10:80 ESTABLISHED
TCP 192.168.33.204:49684 173.194.35.10:80 ESTABLISHED
TCP 192.168.33.204:49690 50.18.252.211:80 ESTABLISHED
TCP 192.168.33.204:49695 173.194.35.0:80 TIME_WAIT
TCP 192.168.33.204:49700 208.82.204.65:80 ESTABLISHED
TCP 192.168.33.204:49701 173.194.35.0:443 TIME_WAIT
TCP 192.168.33.204:49704 173.194.38.79:80 ESTABLISHED
TCP 192.168.33.204:49705 173.194.35.14:443 ESTABLISHED
TCP 192.168.33.204:49706 173.194.35.14:443 ESTABLISHED
TCP 192.168.33.204:49712 31.13.64.17:80 TIME_WAIT
TCP 192.168.33.204:49717 31.13.64.17:443 ESTABLISHED
TCP 192.168.33.204:49720 85.205.31.16:443 ESTABLISHED
TCP 192.168.33.204:49721 85.205.31.16:443 ESTABLISHED
TCP 192.168.33.204:49722 85.205.31.16:443 ESTABLISHED
TCP 192.168.33.204:49723 85.205.31.16:443 ESTABLISHED
TCP 192.168.33.204:49724 85.205.31.16:443 ESTABLISHED
TCP 192.168.33.204:49725 85.205.31.16:443 ESTABLISHED
TCP 192.168.33.204:49726 173.194.35.3:80 ESTABLISHED
TCP 192.168.33.204:49727 173.194.35.3:80 ESTABLISHED
TCP 192.168.33.204:49732 173.194.35.7:80 ESTABLISHED
TCP 192.168.33.204:49733 173.194.35.7:80 CLOSE_WAIT
TCP 192.168.33.204:49734 173.194.35.11:80 ESTABLISHED
TCP 192.168.33.204:49735 173.194.35.11:80 ESTABLISHED
TCP 192.168.33.204:49737 79.174.225.59:80 CLOSE_WAIT
TCP 192.168.33.204:49738 173.194.70.191:80 ESTABLISHED
TCP 192.168.33.204:49739 173.194.70.191:80 CLOSE_WAIT
TCP 192.168.33.204:49740 173.194.35.12:443 ESTABLISHED
TCP 192.168.33.204:49741 173.194.35.12:443 ESTABLISHED
TCP 192.168.33.204:49742 173.194.35.12:80 ESTABLISHED
TCP 192.168.33.204:49743 173.194.35.12:80 ESTABLISHED
TCP 192.168.33.204:49744 173.194.70.137:443 ESTABLISHED
TCP 192.168.33.204:49745 173.194.70.137:443 ESTABLISHED
TCP 192.168.33.204:49746 173.194.35.12:80 CLOSE_WAIT
TCP 192.168.33.204:49747 173.194.35.12:80 ESTABLISHED
TCP 192.168.33.204:49748 173.194.35.12:80 ESTABLISHED
TCP 192.168.33.204:49749 173.194.35.12:80 ESTABLISHED
TCP 192.168.33.204:49750 173.194.35.18:80 ESTABLISHED
TCP 192.168.33.204:49751 173.194.35.18:80 ESTABLISHED
TCP 192.168.33.204:49752 173.194.35.18:80 ESTABLISHED
TCP 192.168.33.204:49753 173.194.35.10:80 ESTABLISHED
TCP 192.168.33.204:49754 173.194.35.0:443 TIME_WAIT
TCP 192.168.33.204:49755 173.194.70.137:443 ESTABLISHED
TCP 192.168.33.204:49756 173.194.70.137:443 ESTABLISHED
TCP 192.168.33.204:49757 173.194.35.14:80 ESTABLISHED
TCP 192.168.33.204:49758 173.194.35.14:80 ESTABLISHED
TCP 192.168.33.204:49759 173.194.70.95:80 ESTABLISHED
TCP 192.168.33.204:49760 173.194.70.95:80 ESTABLISHED
TCP 192.168.33.204:49761 173.194.70.95:80 ESTABLISHED
TCP 192.168.33.204:49762 72.51.46.230:80 ESTABLISHED
TCP 192.168.33.204:49763 72.51.46.230:80 ESTABLISHED
TCP 192.168.33.204:49764 31.13.64.17:443 ESTABLISHED
TCP 192.168.33.204:49765 31.13.64.17:443 ESTABLISHED
TCP 192.168.33.204:49766 173.194.35.10:80 ESTABLISHED
TCP 192.168.33.204:49767 173.194.35.10:80 ESTABLISHED
TCP 192.168.33.204:49768 68.232.35.139:80 ESTABLISHED
TCP 192.168.33.204:49769 68.232.35.139:80 ESTABLISHED
TCP 192.168.33.204:49770 195.210.96.4:80 ESTABLISHED
TCP 192.168.33.204:49771 195.210.96.4:80 ESTABLISHED
TCP 192.168.33.204:49772 80.237.210.72:80 ESTABLISHED
TCP 192.168.33.204:49773 80.237.210.72:80 ESTABLISHED
TCP 192.168.33.204:49774 173.194.35.12:443 ESTABLISHED
TCP 192.168.33.204:49775 173.194.35.12:443 ESTABLISHED
TCP 192.168.33.204:49776 173.194.35.12:443 ESTABLISHED
TCP 192.168.33.204:49777 173.194.35.10:443 ESTABLISHED
TCP 192.168.33.204:49778 173.194.35.10:443 ESTABLISHED
TCP 192.168.33.204:49779 173.194.35.0:80 TIME_WAIT
TCP 192.168.33.204:49780 173.194.35.0:80 ESTABLISHED
TCP 192.168.33.204:49781 173.194.35.0:443 ESTABLISHED
TCP 192.168.33.204:49782 199.16.156.104:80 ESTABLISHED
TCP 192.168.33.204:49783 199.16.156.104:80 ESTABLISHED
TCP 192.168.33.204:49784 68.232.35.169:80 ESTABLISHED
TCP 192.168.33.204:49785 68.232.35.169:80 ESTABLISHED
TCP 192.168.33.204:49786 195.210.96.25:80 ESTABLISHED
TCP 192.168.33.204:49787 195.210.96.25:80 ESTABLISHED
TCP 192.168.33.204:49788 195.210.112.12:80 ESTABLISHED
TCP 192.168.33.204:49789 195.210.112.12:80 ESTABLISHED
TCP 192.168.33.204:49790 195.210.112.20:80 ESTABLISHED
TCP 192.168.33.204:49791 195.210.112.20:80 ESTABLISHED
TCP 192.168.33.204:49792 80.237.210.72:80 ESTABLISHED
TCP 192.168.33.204:49793 80.237.210.72:80 ESTABLISHED
TCP 192.168.33.204:49794 195.210.112.12:80 ESTABLISHED
TCP 192.168.33.204:49795 195.210.112.12:80 ESTABLISHED
TCP 192.168.33.204:49796 173.194.70.95:80 ESTABLISHED
TCP 192.168.33.204:49797 173.194.70.95:80 ESTABLISHED
TCP 192.168.33.204:49798 195.210.112.12:80 ESTABLISHED
TCP 192.168.33.204:49799 195.210.112.12:80 ESTABLISHED
TCP 192.168.33.204:49800 173.194.35.1:80 ESTABLISHED
TCP 192.168.33.204:49801 173.194.35.1:80 ESTABLISHED
TCP 192.168.33.204:49802 85.205.31.25:80 ESTABLISHED
TCP 192.168.33.204:49803 85.205.31.25:80 ESTABLISHED
TCP 192.168.33.204:49804 95.100.178.110:443 ESTABLISHED
TCP 192.168.33.204:49805 95.100.178.110:443 ESTABLISHED

[Melzzzzz]

On Fri, 26 Apr 2013 22:51:58 +0200
Rosario1903 <Ros...@invalid.invalid> wrote:

>
> is [represent] this one attack to my pc? or just i open one page
> and it is right that open 108 connections?

Google (redirect), facebook, unkown?
What page do you open , what OS?


--
drwx------ 2 bmaxa bmaxa 4096 Apr 26 23:08 .

[Rod Pemberton]

"Rosario1903" <Ros...@invalid.invalid> wrote in message
news:j4qln8h4n7co4qhcc...@4ax.com...

> is [represent] this one attack to my pc? or just i open
> one page and it is right that open 108 connections?
>
> Proto Indirizzo locale Indirizzo esterno Stato

> [snip]

80 is http for html webpages. 443 is for Adobe flash.

So, that looks just like normal web browsing to me... But, I
didn't go through check the IPs. You might want to memorize some
of the commonly used port numbers too, e.g., email, ftp, telnet,
http, nntp, pop3, flash, etc. Then, you can recognize attempts to
connect to non-standard ports, i.e., more likely to be an attack
or port scan.

From the number of connections, it looks like perhaps a few
webpages were opened... Sometimes the connections to IPs stay
"ESTABLISHED" long after you've closed a webpage and even after
you've closed your web browser. I'm not sure what OS you're
using, but instead of displaying the IPs, display the DNS names
for them. Use "netstat -a" instead of "netstat -an". In fact, go
ahead an look the DNS with "nslookup" or others like "dig" or
"host". Your OS should have a command to allow you to look up DNS
names. Some older OSes don't though. You can try the link below
if you don't have a DNS lookup application. If it's web browsing
related, you'll see lots of major sites related to your browsing
activity. E.g., if you go to Yahoo, you'll see a bunch of Yahoo
sites, plus Adobe for Flash, plus a bunch for advertisement
servers, etc. Sometimes, various Yahoo and Google sites link to
Facebook and Twitter too.

http://www.dnsgoodies.com/


Rod Pemberton