yo, netstat question

I did the command nestat -a and I www.paypal.com:443 came up on a bunch, but I wasn't on a paypal site? Is something up there?

Hey - its all good

it was just a secure socket layer connection to paypal.

TCP 443 SSL

TCP 445 MS RPC port

I always get these confused....

you did have a page with a Paypal Icon on or a web session paying for something via Paypal, right?

goddamnit Jimmy, you've give me a fucking complex!!!!

;)

don't forget I was reading Commadore 64 magazine when I was a kid.

I was and remain a computer geek since I was a little kid.

you know a hell of a lot for someone who came into the game later.

That's just it. I was on MMA. DOeas that stuff linger awhile? I don't think I was on any site with a paypal reference. That's why I asked. But maybe it was just hanging around. I havn't done no shopping in a couple weeks.

that's weird....

any shopping/product pages on any sites?

the connection should have timed out if you hadn't been using it.... but maybe the connection is keep-alived for some odd reason. SSL connections over HTTP can do that....

what about your wife, kids, etc... have they been using anything?

what programs does your Task Manager display as you running right now?

what websites have you checked lately?

what browser are you using?

try closing all instances of your browser from the Task Manager and restarting it. Note any instances you don't remember.

do you have Paypal in any of your cookies?

could you have Paypal running in a browser frame?

why were you running netstat? suspecting any suspicious behavior?

run a virus scan.

(note-don't do this yet) could you possibly mount your harddrive on this machine from the network and check it with a virus/malware scanner?

if you are absolutely positive you are not connected to any paypal sites,
you should most definitely resolve paypal.com with nslookup. If the
name server that is being used is not an official ISP name server, or if it
is reolving hostnames from 127.0.0.1, you may have a trojan horse
that is resolving paypal.com locally and using SSL to encrypt a tunnel
back to the hacker (since encrypted, your IDS will not catch it) who is
controlling your box. You should also try connecting directly to the IP
that is resolved with nslookup to see if its a legitimate server (and to
see how much detail the hacker is putting into 'spoofing' paypal if that
is the case, and do a whois on the IP to make sure its really owned by
Paypal (chances are, the hacker isn't spoofing whois servers):

Domain Name: PAYPAL.COM
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS1.NIX.PAYPAL.COM
Name Server: NS2.NIX.PAYPAL.COM
Name Server: NS2.SC5.PAYPAL.COM
Name Server: NS1.SC5.PAYPAL.COM
Status: ACTIVE
Updated Date: 09-sep-2003
Creation Date: 15-jul-1999
Expiration Date: 15-jul-2011



any shopping/product pages on any sites?

I don't think I was.

the connection should have timed out if you hadn't been using it.... but maybe the connection is keep-alived for some odd reason. SSL connections over HTTP can do that....


what about your wife, kids, etc... have they been using anything?

Single hermit.

what programs does your Task Manager display as you running right now?

Just the normal.

what websites have you checked lately?

AT the time, not sure, but think I was just on the OG, and somehting else, but can't remember now

what browser are you using?

AOL's

try closing all instances of your browser from the Task Manager and restarting it. Note any instances you don't remember.

do you have Paypal in any of your cookies?
I would imagine

could you have Paypal running in a browser frame?

I didn't

why were you running netstat? suspecting any suspicious behavior?

I do that every once in awhile, not sure why. usually if it starts running slow, paranoid I guess

run a virus scan.

(note-don't do this yet) could you possibly mount your harddrive on this machine from the network and check it with a virus/malware scanner?


Sorry, warez, I only got about 1/2 that... Must just been lingering, havn't seen it since