Community discussions

MikroTik App
  4. RouterOS
  5. General

strange connections on my MT router !!! please look at this!

Post Reply
 
spavkov
newbie
Topic Author
Posts: 39
Joined: Mon Sep 06, 2004 11:23 am

strange connections on my MT router !!! please look at this!

Sat Nov 27, 2004 5:55 pm

Hi

Recently i noticed some strange connections inside of my router...
when i go to ip>firewall>connections i can see something like this:

Flags: U - unreplied, A - assured
# SRC-ADDRESS DST-ADDRESS PR.. TCP-STATE TIMEOUT
0 U 10.5.50.1:3987 10.5.50.45:1060 tcp established 10h15m24s
1 A 10.5.50.4:4021 216.155.193.157:5050 tcp time-wait 40s
2 A 10.5.50.4:4006 216.155.193.187:37 tcp time-wait 10s
3 A 10.5.50.5:1293 66.207.205.15:80 tcp established 4d16h1m57s
4 A 10.5.50.5:1294 66.207.205.15:80 tcp established 4d16h1m57s
5 A 10.5.50.5:1285 209.146.217.32:80 tcp established 4d16h1m56s
6 A 10.5.50.5:1339 209.146.217.32:80 tcp established 4d16h1m58s
7 A 10.5.50.8:3010 10.5.50.1:53 udp 27s
8 A 10.5.50.12:2802 64.14.58.81:80 tcp established 4d21h31m44s
9 A 10.5.50.15:1047 10.5.50.1:3987 tcp established 4d1h52m44s
10 A 10.5.50.15:2321 10.5.50.1:3987 tcp established 3d7h19m39s
11 A 10.5.50.15:3273 10.5.50.1:3987 tcp established 4d23h59m59s
12 A 10.5.50.15:3321 63.88.172.66:80 tcp fin-wait 54s
13 A 10.5.50.15:3322 63.88.172.66:80 tcp fin-wait 1m44s
14 A 10.5.50.15:3328 63.88.172.66:80 tcp fin-wait 1m46s
15 A 10.5.50.15:3311 64.154.80.250:80 tcp established 4d23h56m32s
16 A 10.5.50.15:3323 64.179.4.149:80 tcp time-wait 4s
17 A 10.5.50.15:3325 64.179.4.149:80 tcp time-wait 5s
18 A 10.5.50.15:3327 64.179.4.149:80 tcp time-wait 9s
19 A 10.5.50.15:3305 64.233.161.104:80 tcp established 4d23h57m36s
20 A 10.5.50.15:3276 131.161.247.66:80 tcp time-wait 1m55s
21 A 10.5.50.15:1032 195.252.123.12:53 udp 1m5s
22 A 10.5.50.15:3324 195.252.123.18:80 tcp time-wait 4s
23 A 10.5.50.15:3326 207.44.183.182:80 tcp time-wait 8s
24 A 10.5.50.15:3315 216.239.39.99:80 tcp established 4d23h58m7s
25 A 10.5.50.21:2114 81.13.20.10:554 tcp established 3d16h43m25s
26 A 10.5.50.25:27007 207.173.177.42:1200 udp 1m27s
27 A 10.5.50.40:1181 63.210.193.12:21 tcp established 4d3h11m41s
28 A 10.5.50.45:2054 10.5.50.1:80 tcp time-wait 1m3s
29 A 10.5.50.45:2055 10.5.50.1:80 tcp time-wait 1m3s
30 A 10.5.50.45:2057 10.5.50.1:80 tcp time-wait 1m18s
31 A 10.5.50.45:2066 66.163.175.128:80 tcp time-wait 1m32s
32 A 10.5.50.45:2067 68.142.231.252:80 tcp time-wait 1m31s
33 A 10.5.50.45:2062 193.45.3.15:80 tcp time-wait 1m29s
34 A 10.5.50.45:2058 194.106.162.22:80 tcp established 4d23h59m58s
35 A 10.5.50.45:2059 194.106.162.22:80 tcp established 4d23h59m34s
36 A 10.5.50.45:2068 195.49.93.240:80 tcp established 4d23h59m34s
37 A 10.5.50.45:2070 195.49.93.240:80 tcp established 4d23h59m34s
38 A 10.5.50.45:2071 195.49.93.240:80 tcp established 4d23h59m34s
39 A 10.5.50.45:2072 195.49.93.240:80 tcp established 4d23h59m33s
40 A 10.5.50.45:2073 195.49.93.240:80 tcp established 4d23h59m33s
41 A 10.5.50.45:2061 204.71.200.37:80 tcp time-wait 1m29s
42 A 10.5.50.45:2063 204.71.200.37:80 tcp time-wait 1m30s
43 A 10.5.50.45:2074 216.109.125.112:80 tcp time-wait 1m34s
44 A 10.5.50.45:2065 216.136.227.14:80 tcp time-wait 1m32s
45 A 10.5.50.45:2050 216.136.227.77:20 tcp time-wait 27s
46 A 10.5.50.45:2051 216.136.227.77:37 tcp time-wait 57s
47 A 10.5.50.45:2060 216.155.193.164:80 tcp established 4d23h59m31s
48 A 10.5.50.80:3064 213.240.53.162:80 tcp established 1d20h3m55s
49 A 10.5.50.80:3165 217.26.64.148:80 tcp established 1d20h26m42s
50 A 10.5.50.89:2645 194.106.188.10:110 tcp established 2d16h41m37s
51 A 10.5.50.112:1767 207.46.107.23:1863 tcp established 4d8h57m59s
52 A 10.5.50.112:2524 209.225.0.6:80 tcp established 4d10h28m20s
53 A 10.5.50.124:1058 192.168.1.2:80 tcp time-wait 6s
54 A 10.5.50.124:1060 192.168.1.2:80 tcp time-wait 6s
55 A 10.5.50.124:1062 192.168.1.2:80 tcp time-wait 32s
56 A 10.5.50.124:1064 192.168.1.2:80 tcp time-wait 1m6s
57 A 10.5.50.124:1066 192.168.1.2:80 tcp time-wait 1m6s
58 A 10.5.50.124:1067 192.168.1.2:80 tcp time-wait 1m36s
59 A 10.5.50.127:2576 62.108.96.182:80 tcp time-wait 4s
60 A 10.5.50.127:2597 62.108.96.182:80 tcp time-wait 10s
61 A 10.5.50.127:2843 62.108.96.182:80 tcp established 4d23h59m54s
62 A 10.5.50.127:2850 62.108.96.182:80 tcp established 4d23h59m54s
63 A 10.5.50.127:2755 62.108.118.9:80 tcp established 4d23h59m54s
64 A 10.5.50.127:2859 62.193.128.167:80 tcp time-wait 24s
65 A 10.5.50.127:2918 62.193.128.167:80 tcp time-wait 1m34s
66 A 10.5.50.127:2836 64.58.229.165:80 tcp time-wait 5s
67 A 10.5.50.127:2845 64.58.229.165:80 tcp time-wait 10s
68 A 10.5.50.127:2848 64.58.229.165:80 tcp time-wait 12s
69 A 10.5.50.127:2855 64.58.229.165:80 tcp time-wait 23s
70 A 10.5.50.127:2863 64.58.229.165:80 tcp time-wait 31s
71 A 10.5.50.127:2871 64.58.229.165:80 tcp time-wait 38s
72 A 10.5.50.127:2874 64.58.229.165:80 tcp time-wait 40s
73 A 10.5.50.127:2878 64.58.229.165:80 tcp time-wait 49s
74 A 10.5.50.127:2881 64.58.229.165:80 tcp time-wait 50s
75 A 10.5.50.127:2885 64.58.229.165:80 tcp time-wait 55s
76 A 10.5.50.127:2888 64.58.229.165:80 tcp time-wait 58s
77 A 10.5.50.127:2892 64.58.229.165:80 tcp time-wait 1m

...

etc etc...

some of my clients are making connections with some machines on the web but on too many ports....

is this normal? are my users having some viruses???
it looks strange to me and i dont remember having this kind of things before....

any ideas???
Top
 
User avatar
marksx
Member Candidate
Member Candidate
Posts: 109
Joined: Sat Jun 26, 2004 9:56 pm
Location: POLAND

Sat Nov 27, 2004 10:07 pm

just p2p
example ? emule(on these ports is propably mule) ,kazza, bittorrent
Top
 
User avatar
[ASM]
Member Candidate
Member Candidate
Posts: 284
Joined: Sun Jun 06, 2004 12:59 am
Location: Sofia, Bulgaria
Contact:
Contact [ASM]

Sun Nov 28, 2004 5:47 am

in conntrack settings set time-wait to lower value...
time-wait comes when clent recieves all the data from the server...

to get the real number of active connections watch for status equal to "established"
Top
 
spavkov
newbie
Topic Author
Posts: 39
Joined: Mon Sep 06, 2004 11:23 am

Sun Nov 28, 2004 10:16 pm

Tnx alot guys, your answers were helpfull !!!
Top
Post Reply

Who is online

Users browsing this forum: baragoon, k6ccc, karhill, Lupin, maldridge, ramin110 and 114 guests
  4. RouterOS
  5. General