Articles

Open Ports

February 11, 2007 at 08:18:53
Specs: Windows XP Pro SP2, AMD Athlon 64 3200+ 2.0GH

I have noticed i have a lot of established connections on various ports when checking with netstat in dos. I used Arin Whois to check the ip address and heres what it showed:

Search results for: 72.247.29.200

OrgName: Akamai Technologies
OrgID: AKAMAI
Address: 8 Cambridge Center
City: Cambridge
StateProv: MA
PostalCode: 02142
Country: US

NetRange: 72.246.0.0 - 72.247.191.255
CIDR: 72.246.0.0/16, 72.247.0.0/17, 72.247.128.0/18
NetName: AKAMAI-ARIN-1
NetHandle: NET-72-246-0-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
NameServer: ACCESS.AKAMAI.COM
NameServer: YA.AKAMAI.COM
Comment:
RegDate: 2005-03-14
Updated: 2006-11-17

RNOCHandle: NF81-ARIN
RNOCName: Freedman, Noam
RNOCPhone: +1-617-938-3130
RNOCEmail: noam+arin@akamai.com

OrgTechHandle: NF81-ARIN
OrgTechName: Freedman, Noam
OrgTechPhone: +1-617-938-3130
OrgTechEmail: noam+arin@akamai.com

# ARIN WHOIS database, last updated 2007-02-10 19:10

It shows I have 15 established connections on port 80.

Search results for: 212.150.236.82

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 212.0.0.0 - 212.255.255.255
CIDR: 212.0.0.0/8
NetName: RIPE-NCC-212
NetHandle: NET-212-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 1997-11-14
Updated: 2005-08-03

# ARIN WHOIS database, last updated 2007-02-10 19:10

I have 1 established connection on port 80.


Search results for: 204.2.35.38

OrgName: NTT America, Inc.
OrgID: NTTAM-1
Address: 8005 South Chester Street
Address: Suite 200
City: Centennial
StateProv: CO
PostalCode: 80112
Country: US

ReferralServer: rwhois://rwhois.gin.ntt.net:4321/

NetRange: 204.0.0.0 - 204.3.255.255
CIDR: 204.0.0.0/14
NetName: NTTA-204
NetHandle: NET-204-0-0-0-1
Parent: NET-204-0-0-0-0
NetType: Direct Allocation
NameServer: NS0.VERIO.NET
NameServer: NS1.VERIO.NET
NameServer: NS2.VERIO.NET
NameServer: NS3.VERIO.NET
NameServer: NS4.VERIO.NET
Comment:
Comment: Reassignment information for this block is
Comment: available at rwhois.gin.ntt.net port 4321
RegDate: 1994-05-04
Updated: 2006-11-10

RTechHandle: VIA4-ORG-ARIN
RTechName: VIPAR
RTechPhone: +1-303-645-1900
RTechEmail: vipar@us.ntt.net

OrgAbuseHandle: NAAC-ARIN
OrgAbuseName: NTT America Abuse Contact
OrgAbusePhone: +1-800-551-1630
OrgAbuseEmail: abuse@ntt.net

OrgNOCHandle: NASC-ARIN
OrgNOCName: NTT America Support Contact
OrgNOCPhone: +1-800-551-1630
OrgNOCEmail: support@us.ntt.net

OrgTechHandle: VIPAR-ARIN
OrgTechName: VIPAR
OrgTechPhone: +1-303-645-1900
OrgTechEmail: vipar@us.ntt.net

# ARIN WHOIS database, last updated 2007-02-10 19:10

I have 5 established connections on port 80.


IP Address 127.0.0.1

54 connections

30 of them are port 12080. The rest are random ports ranging from 1059 to 1283.

I only had google and arin whois open while running this check so I left those off the list since I obviously had a connection to those sites.
I'm running zone alarm pro and it hasn't prompted me with any access alerts. I'm just not sure why I have so many active connections and connections to those companies when I only have 2 web pages open. I ran full virus scans with panda, trend micro and avast and got nada. Any thoughts?

Windows XP Pro SP2
AMD Athlon 64 3200+ 2.0GHZ Venice Core
Gigabyte GA-K8N-SLI Motherboard
1GB Geil DDR400 Dual Channel
ATI Radeon X800 GTO Fireblade Edition 256MB DDR PCIE


See More: Open Ports

Report •


#1
February 11, 2007 at 20:22:07

Do you have a background program, such as an antivirus or firewall that has permission to scan incoming/outgoing data? If so you it may be causing the massive amount of connections.

Report •

#2
February 13, 2007 at 16:06:47

Try running the tests on here:

https://www.grc.com/x/ne.dll?bh0bkyd2

DerekW


Report •

Related Solutions


Ask Question