** Lisi <hantslug@???> [2010-02-17 11:42]:
> On Tuesday 16 February 2010 14:23:31 Kelly Dunlop wrote:
> [snip]
> Tux:/home/lisi# netstat -atn
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 0.0.0.0:59782 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:1004 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:7741 0.0.0.0:* LISTEN
> tcp 0 0 192.168.0.2:43311 92.122.211.37:1935
> ESTABLISHED
> tcp6 0 0 :::22 :::* LISTEN
> tcp6 0 0 ::1:631 :::* LISTEN
> Tux:/home/lisi# ps -ef | grep sshd
> root 2341 1 0 06:38 ? 00:00:00 /usr/sbin/sshd
> root 15602 15392 0 11:08 pts/1 00:00:00 grep sshd
> Tux:/home/lisi#
>
> If I have understood correctly, that is a bit worrying. (The ESTABLISHED
> one.) So have I understood? I hope that I have not. ;-0.
>
> If it _is_ ominous, I can block that IP. But I presumably need to close some
> open ports as well?
** end quote [Lisi]
Given the IP address involved looks to be owned by Akamai, and the port number
is related to the Flash Communications server, I would speculate that you have
(or possible have had in a recent session) a web page open owned by a sizeable
organisation that utilises Flash. That's pure guesswork though :)
--
Paul Tansom | Aptanet Ltd. |
http://www.aptanet.com/ | 023 9238 0001
======================================================================
Registered in England | Company No: 4905028 | Registered Office:
Crawford House, Hambledon Road, Denmead, Waterlooville, Hants, PO7 6NU
