[Tfug] Uninitiated connection

eric christian ericdanc at alice-dsl.net
Tue Jun 3 22:46:51 MST 2008 

> Date: Tue, 03 Jun 2008 08:13:10 -0700
> From: erich <erich1 at copper.net>
> Subject: [Tfug] Uninitiated connection
> To: Tucson Free Unix Group <tfug at tfug.org>
> Message-ID: <48455F86.1080808 at copper.net>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> OK,
>       I monitor the traffic going in and out of my machine to
> the internet, and this has started since I installed Firefox/
> Thunderbird.
>
>       I see spontaneous incoming traffic. When I do a netstat -t
> I see:
>
>
> Proto Recv-Q Send-Q Local Address           Foreign Address         State
> tcp        0      0 node46.248.100.20:38385 mu-in-f91.google.c:http 
> ESTABLISHED
>
>
> Does anybody else see this on their machine?
>
>                                                                      Erich
>   
No, but, i see someone, mx.tvin.com.ua, for example,  trying - blocked 
by firestarter - to telnet me :

> localhost:/home/eric# whois 85.90.218.3
> % This is the RIPE Whois query server #3.
> % The objects are in RPSL format.
> %
> % Rights restricted by copyright.
> % See http://www.ripe.net/db/copyright.html
>
> % Note: This output has been filtered.
> %       To receive output for a database update, use the "-B" flag.
>
> % Information related to '85.90.218.0 - 85.90.218.255'
>
> inetnum:        85.90.218.0 - 85.90.218.255
> netname:        VELTON-TC-ZP-NET
> descr:          TC "Velton.Telecom" ADSL customer network
> country:        UA
> admin-c:        BDV19-RIPE
> tech-c:         BDV19-RIPE
> tech-c:         VR1-RIPE
> status:         ASSIGNED PA
> remarks:        INFRA-AW
> mnt-by:         VELTON-TC-MNT
> mnt-lower:      VELTON-TC-MNT
> mnt-routes:     VELTON-TC-MNT
> source:         RIPE # Filtered
>
> person:       Dmitriy V.Bezrodny
> address:      Velton.Telecom TC Ltd
> address:      50, Sumskaya Street
> address:      Kharkov, Ukraine
> phone:        +380 577 7597503
> e-mail:       bdv at velton.ua
> nic-hdl:      BDV19-RIPE
> source:       RIPE # Filtered
>
> person:         Valery Rudich
> address:        1, Ak. Proskury st.
> address:        Kharkov, 61070
> address:        Ukraine
> phone:          +380 57 7603708
> phone:          +380 57 7170641
> e-mail:         rvv at rocket.kharkov.ua
> nic-hdl:        VR1-RIPE
> source:         RIPE # Filtered
>
> % Information related to '85.90.192.0/19AS34248'
>
> route:        85.90.192.0/19
> descr:        Company group "Velton.Telecom"
> descr:        Kharkov, Ukraine
> origin:       AS34248
> mnt-by:       VELTON-TC-MNT
> source:       RIPE # Filtered
In your case, i'd be worried about the "Estabished" State...
Eric

More information about the tfug mailing list