Strange netstat output
Jorn Argelo
jorn at wcborstel.nl
Mon Nov 8 02:20:05 PST 2004
Hi folks,
Recently I took notice about a strange netstat output within my LAN:
[jorn at www] ~> netstat -ra
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default ACA80101.ipt.aol.c UGS 0 156153 rl0
localhost localhost UH 2 539754 lo0
ACA80100.ipt.aol.c link#1 UC 0 0 rl0
ACA80101.ipt.aol.c 00:09:5b:a7:a4:3e UHLW 1 3918 rl0 790
ACA80102.ipt.aol.c 00:10:a7:0d:6f:7f UHLW 0 325 rl0 1193
ACA80104.ipt.aol.c localhost UGHS 0 0 lo0
ACA801FF.ipt.aol.c ff:ff:ff:ff:ff:ff UHLWb 0 1091 rl0
192.168.2.105 localhost UGHS 0 0 lo0
The ipt.aol.com is the one that's the problem. If I ping it, it returns this:
PING ACA80102.ipt.aol.com (172.168.1.2): 56 data bytes
64 bytes from 172.168.1.2: icmp_seq=0 ttl=64 time=0.120 ms
64 bytes from 172.168.1.2: icmp_seq=1 ttl=64 time=0.149 ms
64 bytes from 172.168.1.2: icmp_seq=2 ttl=64 time=0.149 ms
^C
--- ACA80102.ipt.aol.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.120/0.139/0.149/0.014 ms
[jorn at www] ~>
Which is my internal IP adress. If I ping ACA80104, it goes to 172.168.1.4. If
I ping ACA80100, it says 172.168.1.100 and ACA801FF is the 172.168.1.255
address (the broadcast address, if I recall my Cisco classes correctly).
The 192.168.1.105 address is rather strange as well, because I'm not using
that range on the router's DHCP server (Netgear FVS318, in case you want to know)
So my question is, what are these? My firewall log (on the router) is showing
some major blocking on port 445 and 135. It's not like one IP address is doing
all the bad stuff; most of them are just random grabs from virus infected
machines.
Thanks in advance,
Jorn
More information about the freebsd-questions
mailing list