netstat -a question

I have been trying to figure out why this computer (Jim) has all these
ded.pacbell.net listeners in it. It's my boss's systenm, uses the same
connections I do, same software etc. But mine (w2005) looks more normal.
TIA!

Active Connections (in computer Jim)

Proto Local Address Foreign Address State
TCP jim:epmap ded.pacbell.net:0 LISTENING
TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING
TCP jim:1025 ded.pacbell.net:0 LISTENING
TCP jim:1026 ded.pacbell.net:0 LISTENING
TCP jim:10110 ded.pacbell.net:0 LISTENING
UDP jim:microsoft-ds *:*

Active Connections (in computer w2005)

Proto Local Address Foreign Address State
TCP w2005:epmap w2005:0 LISTENING
TCP w2005:microsoft-ds w2005:0 LISTENING
TCP w2005:1025 w2005:0 LISTENING
TCP w2005:1026 w2005:0 LISTENING
TCP w2005:10110 w2005:0 LISTENING
UDP w2005:microsoft-ds *:*
UDP w2005:isakmp *:*

Patrick

Patrick Sullivan wrote:

> I have been trying to figure out why this computer (Jim) has all these
> ded.pacbell.net listeners in it. It's my boss's systenm, uses the same
> connections I do, same software etc. But mine (w2005) looks more normal.
> TIA!
>
> Active Connections (in computer Jim)
>
> Proto Local Address Foreign Address State
> TCP jim:epmap ded.pacbell.net:0 LISTENING
> TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING
> TCP jim:1025 ded.pacbell.net:0 LISTENING
> TCP jim:1026 ded.pacbell.net:0 LISTENING
> TCP jim:10110 ded.pacbell.net:0 LISTENING
> UDP jim:microsoft-ds *:*
>
> Active Connections (in computer w2005)
>
> Proto Local Address Foreign Address State
> TCP w2005:epmap w2005:0 LISTENING
> TCP w2005:microsoft-ds w2005:0 LISTENING
> TCP w2005:1025 w2005:0 LISTENING
> TCP w2005:1026 w2005:0 LISTENING
> TCP w2005:10110 w2005:0 LISTENING
> UDP w2005:microsoft-ds *:*
> UDP w2005:isakmp *:*
>
> Patrick

try the "-n" flag on the netstat command line. That'll show you the IP
addresses instead of the names, which might give you the clues you need.
My first guess would be that there's some oddiosity with the DNS.

How many network cards does the machine have?

What operating system are you using?

Chris
--
Minimal false-possitive packet matching for complex protocols with Linux
and IpTables .. http://www.lowth.com/rope

Using Win2k on both machines, no NICs, just modems. I'll see what -n says
tomorrow, thanks.


"Wolfman's Brother" <my.address@is.chris.at.lowth.dot.com> wrote in message
news:voNDe.9603$Fx3.6879@newsfe7-gui.ntli.net...
> Patrick Sullivan wrote:
>
> > I have been trying to figure out why this computer (Jim) has all these
> > ded.pacbell.net listeners in it. It's my boss's systenm, uses the same
> > connections I do, same software etc. But mine (w2005) looks more normal.
> > TIA!
> >
> > Active Connections (in computer Jim)
> >
> > Proto Local Address Foreign Address State
> > TCP jim:epmap ded.pacbell.net:0 LISTENING
> > TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING
> > TCP jim:1025 ded.pacbell.net:0 LISTENING
> > TCP jim:1026 ded.pacbell.net:0 LISTENING
> > TCP jim:10110 ded.pacbell.net:0 LISTENING
> > UDP jim:microsoft-ds *:*
> >
> > Active Connections (in computer w2005)
> >
> > Proto Local Address Foreign Address State
> > TCP w2005:epmap w2005:0 LISTENING
> > TCP w2005:microsoft-ds w2005:0 LISTENING
> > TCP w2005:1025 w2005:0 LISTENING
> > TCP w2005:1026 w2005:0 LISTENING
> > TCP w2005:10110 w2005:0 LISTENING
> > UDP w2005:microsoft-ds *:*
> > UDP w2005:isakmp *:*
> >
> > Patrick
>
> try the "-n" flag on the netstat command line. That'll show you the IP
> addresses instead of the names, which might give you the clues you need.
> My first guess would be that there's some oddiosity with the DNS.
>
> How many network cards does the machine have?
>
> What operating system are you using?
>
> Chris
> --
> Minimal false-possitive packet matching for complex protocols with Linux
> and IpTables .. http://www.lowth.com/rope
>

Patrick Sullivan wrote:
> Using Win2k on both machines, no NICs, just modems. I'll see what -n says
> tomorrow, thanks.
>
>
> "Wolfman's Brother" <my.address@is.chris.at.lowth.dot.com> wrote in message
> news:voNDe.9603$Fx3.6879@newsfe7-gui.ntli.net...
>
>>Patrick Sullivan wrote:
>>
>>
>>>I have been trying to figure out why this computer (Jim) has all these
>>>ded.pacbell.net listeners in it. It's my boss's systenm, uses the same
>>>connections I do, same software etc. But mine (w2005) looks more normal.
>>>TIA!
>>>
>>>Active Connections (in computer Jim)
>>>
>>> Proto Local Address Foreign Address State
>>> TCP jim:epmap ded.pacbell.net:0 LISTENING
>>> TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING
>>> TCP jim:1025 ded.pacbell.net:0 LISTENING
>>> TCP jim:1026 ded.pacbell.net:0 LISTENING
>>> TCP jim:10110 ded.pacbell.net:0 LISTENING
>>> UDP jim:microsoft-ds *:*
>>>
>>>Active Connections (in computer w2005)
>>>
>>> Proto Local Address Foreign Address State
>>> TCP w2005:epmap w2005:0 LISTENING
>>> TCP w2005:microsoft-ds w2005:0 LISTENING
>>> TCP w2005:1025 w2005:0 LISTENING
>>> TCP w2005:1026 w2005:0 LISTENING
>>> TCP w2005:10110 w2005:0 LISTENING
>>> UDP w2005:microsoft-ds *:*
>>> UDP w2005:isakmp *:*
>>>
>>>Patrick
>>
>>try the "-n" flag on the netstat command line. That'll show you the IP
>>addresses instead of the names, which might give you the clues you need.
>>My first guess would be that there's some oddiosity with the DNS.
>>
>>How many network cards does the machine have?
>>
>>What operating system are you using?
>>
>>Chris
>>--
>>Minimal false-possitive packet matching for complex protocols with Linux
>>and IpTables .. http://www.lowth.com/rope
>>
>
>
>
I would think of potential ms rpc compromise though i can't be sure from
what's provided. Are these machines going through a common firewall or
is w2005 (your maachine) using boss machine as a network gateway?

I must be tired to ask the question...
winged