Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

netstat list #173

Open
sosdow opened this issue Jan 27, 2015 · 0 comments
Open

netstat list #173

sosdow opened this issue Jan 27, 2015 · 0 comments

Comments

@sosdow
Copy link

sosdow commented Jan 27, 2015

I've been running Kippo for approx 3 months, getting lots of bot activity and 1 or 2 human interactions. Decided to run netstat and found the attached. I am trawling through the logs to see if I can find a pattern. I'm concerned that some bots 'established' a permanent connection to/through my honeypot. Or is this normal? Thank you. Seamus.
........................................
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:51719 ESTABLISHED
tcp 0 0 192.168.1.2:2222 103.41.124.112:37702 ESTABLISHED
tcp 0 0 192.168.1.2:2222 huzhou.ctc.mx.fun:53293 ESTABLISHED
tcp 0 0 192.168.1.2:2222 c-50-180-233-168.:46462 ESTABLISHED
tcp 0 0 192.168.1.2:2222 ec2-54-215-215-82:51896 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:49458 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:40917 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:45087 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:54248 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:58113 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:45999 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:38547 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:36190 ESTABLISHED
tcp 0 0 192.168.1.2:2222 huzhou.ctc.mx.fun:24507 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:53191 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:51024 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:50864 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:54144 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:52024 ESTABLISHED
tcp 0 0 192.168.1.2:2222 106.39.41.168:44302 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:35846 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:48515 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:51029 ESTABLISHED
tcp 0 0 192.168.1.2:2222 64.123.148.146.bc:43412 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:41262 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:43825 ESTABLISHED
tcp 0 0 192.168.1.2:2222 213.51.174.61.dia:49931 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:43177 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.218:42222 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.214:39992 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:46776 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:36167 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:52252 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:43310 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:58410 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:57111 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:44087 ESTABLISHED
tcp 0 0 192.168.1.2:2222 213.51.174.61.dia:57314 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:39960 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:58627 ESTABLISHED
tcp 0 0 192.168.1.2:2222 229.50.174.61.dia:36186 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:57978 ESTABLISHED
tcp 0 0 192.168.1.2:2222 235.51.174.61.dia:27296 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:43325 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:46109 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:47731 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:58875 ESTABLISHED
tcp 0 0 192.168.1.2:2222 121.12.170.127:4418 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:40821 ESTABLISHED
tcp 0 0 192.168.1.2:2222 219.51.174.61.dial:2656 ESTABLISHED
tcp 0 0 192.168.1.2:2222 222.186.58.205:1089 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:42158 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:52455 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:47760 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:58001 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:53195 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:52414 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:38223 ESTABLISHED
tcp 0 0 192.168.1.2:2222 103.41.124.46:48038 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:56478 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:45839 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:7176 ESTABLISHED
tcp 0 0 192.168.1.2:2222 235.51.174.61.dia:40399 ESTABLISHED
tcp 0 0 192.168.1.2:2222 218.2.0.129:50726 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:38993 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:46772 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:55867 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:54244 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:58273 ESTABLISHED
tcp 0 0 192.168.1.2:2222 222.186.58.205:3237 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:48302 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.117:38990 ESTABLISHED
tcp 0 0 192.168.1.2:2222 221.228.205.196:43365 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.125:6546 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:54826 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:33066 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.98:15375 ESTABLISHED
tcp 0 0 192.168.1.2:2222 103.41.124.13:55745 ESTABLISHED
tcp 0 0 192.168.1.2:2222 1.93.34.237:54002 ESTABLISHED
tcp 0 0 192.168.1.2:2222 219.51.174.61.dial:2657 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:44511 ESTABLISHED
tcp 0 0 192.168.1.2:2222 ec2-54-93-54-143.:56111 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:55322 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.199:14178 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.211:50230 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:50122 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:35145 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:33711 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:55400 ESTABLISHED
tcp 0 0 192.168.1.2:2222 64.123.148.146.bc:34309 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.221:7796 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:34686 ESTABLISHED
tcp 0 0 192.168.1.2:2222 huzhou.ctc.mx.fun:42358 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.203:35303 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:38915 ESTABLISHED
tcp 0 0 192.168.1.2:2222 103.41.124.46:60499 ESTABLISHED
tcp 0 0 192.168.1.2:2222 106.39.41.168:45568 ESTABLISHED
tcp 0 0 192.168.1.2:2222 106.39.41.168:59338 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.203:1723 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:41199 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:52352 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:34407 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.113:58918 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:34327 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:50050 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.97.77:59993 ESTABLISHED
tcp 0 0 192.168.1.2:2222 222.186.34.36:2140 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.219:24614 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:46082 ESTABLISHED
tcp 0 0 192.168.1.2:2222 249.50.174.61.dia:38939 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:57915 ESTABLISHED
tcp 0 0 192.168.1.2:2222 222.186.58.205:1353 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:59864 ESTABLISHED
tcp 0 0 192.168.1.2:2222 121.12.170.127:1675 ESTABLISHED
tcp 0 0 192.168.1.2:2222 226.51.174.61.dia:39660 ESTABLISHED
tcp 0 0 192.168.1.2:2222 122.225.109.109:5747 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:34088 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:43155 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:41829 ESTABLISHED
tcp 0 0 192.168.1.2:2222 124.117.248.12:45946 ESTABLISHED
tcp 0 0 192.168.1.2:2222 ec2-54-67-72-220.:57540 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:52609 ESTABLISHED
tcp 0 0 192.168.1.2:2222 121.12.170.127:62897 ESTABLISHED
tcp 0 0 192.168.1.2:2222 244.50.174.61.dia:10182 ESTABLISHED
tcp 0 0 192.168.1.2:2222 89-248-107-4.rede:59703 ESTABLISHED
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:58796 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 11 [ ] DGRAM 9327 /dev/log
unix 2 [ ] DGRAM 908137
unix 3 [ ] STREAM CONNECTED 8788 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 904283 /var/run/dbus/system_bus_socket
unix 2 [ ] DGRAM 9390
unix 3 [ ] STREAM CONNECTED 908130
unix 2 [ ] DGRAM 905381
unix 3 [ ] STREAM CONNECTED 905390 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 907550 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 880225 /var/run/dbus/system_bus_socket
unix 3 [ ] DGRAM 1763
unix 3 [ ] STREAM CONNECTED 904955
unix 2 [ ] DGRAM 820199
unix 3 [ ] STREAM CONNECTED 904956 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 906390
unix 3 [ ] STREAM CONNECTED 880793
unix 3 [ ] STREAM CONNECTED 880784
unix 2 [ ] DGRAM 9359
unix 3 [ ] STREAM CONNECTED 9409
unix 3 [ ] STREAM CONNECTED 907687 /var/run/dbus/system_bus_socket
unix 2 [ ] DGRAM 906685
unix 3 [ ] STREAM CONNECTED 9361
unix 3 [ ] STREAM CONNECTED 905383
unix 3 [ ] STREAM CONNECTED 905384
unix 3 [ ] STREAM CONNECTED 907078 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 906686
unix 3 [ ] STREAM CONNECTED 905389
unix 3 [ ] STREAM CONNECTED 907081
unix 3 [ ] STREAM CONNECTED 908136 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 903066
unix 2 [ ] DGRAM 904738
unix 3 [ ] STREAM CONNECTED 906197 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 172318
unix 2 [ ] DGRAM 8756
unix 3 [ ] DGRAM 1764
unix 2 [ ] STREAM CONNECTED 906389
unix 3 [ ] STREAM CONNECTED 880795
unix 3 [ ] STREAM CONNECTED 880791
unix 3 [ ] STREAM CONNECTED 172319 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 906587
unix 3 [ ] STREAM CONNECTED 880241 @/com/ubuntu/upstart
unix 3 [ ] STREAM CONNECTED 9360
unix 3 [ ] STREAM CONNECTED 880235 @/com/ubuntu/upstart
unix 2 [ ] DGRAM 904954
unix 3 [ ] STREAM CONNECTED 880240 @/com/ubuntu/upstart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sosdow