Self

May 25, 2015

today listed open files "lsof" , found many strange connections connecting squid server

squid 8912 proxy 7r ipv4 6806316 udp *:50755
squid 8912 proxy 9w ipv4 6806319 tcp server.something:2222 (listen)
squid 8912 proxy 10w ipv4 6806320 udp *:icpv2
squid 8912 proxy 13u ipv4 6822211 tcp server.something:48249->208.99.83.44:www (established)
squid 8912 proxy 14u ipv4 6821998 tcp server.something:50798->a72-246-25-40.deploy.akamaitechnologies.com:www (established)
squid 8912 proxy 16u ipv4 6822177 tcp server.something:59176->a72-246-25-9.deploy.akamaitechnologies.com:www (established)
squid 8912 proxy 20u ipv4 6821966 tcp server.something:50076->a72-246-25-9.deploy.akamaitechnologies.com:www (established)
squid 8912 proxy 21u ipv4 6821967 tcp server.something:38532->a72-246-25-9.deploy.akamaitechnologies.com:www (established)
squid 8912 proxy 22u ipv4 6821968 tcp server.something:51559->a72-246-25-9.deploy.akamaitechnologies.com:www (established)
squid 8912 proxy 23u ipv4 6822001 tcp server.something:49299->yi-in-f101.1e100.net:www (established)
squid 8912 proxy 24u ipv4 6822256 tcp server.something:33461->8.12.130.30:www (established)
squid 8912 proxy 25u ipv4 6821976 tcp server.something:44044->a72-246-25-40.deploy.akamaitechnologies.com:www (established)
squid 8912 proxy 27u ipv4 6821979 tcp server.something:57653->a72-246-25-40.deploy.akamaitechnologies.com:www (established)
squid 8912 proxy 28u ipv4 6822127 tcp server.something:34493->a96-17-106-107.deploy.akamaitechnologies.com:www (established)
squid 8912 proxy 29u ipv4 6821987 tcp server.something:48602->208.88.176.118:www (established)
squid 8912 proxy 30u ipv4 6822212 tcp server.something:44381->208.99.83.44:www (established)
squid 8912 proxy 31u ipv4 6822213 tcp server.something:35419->208.99.83.44:www (established)
squid 8912 proxy 36u ipv4 6822012 tcp server.something:51649->a72-246-25-9.deploy.akamaitechnologies.com:www (established)
squid 8912 proxy 37u ipv4 6822095 tcp server.something:41088->a72-246-25-40.deploy.akamaitechnologies.com:www (established)
squid 8912 proxy 38u ipv4 6822251 tcp server.something:43708->208.88.176.118:www (established)
squid 8912 proxy 39u ipv4 6822226 tcp server.something:45909->208.99.83.44:www (established)
squid 8912 proxy 50u ipv4 6822170 tcp server.something:55075->a72-246-25-40.deploy.akamaitechnologies.com:www (established)

can please explain r these connections doing ? r using proxy server ? although listened on 2222 ports r using r weird , , :www @ end of host means?

the akamai connections microsoft, have , windows systems on network? other connections can whois lookup see are. whois in repositories. once installed, open terminal , type:

code:

whois 208.88.176.118

i got following result 1 of ip addresses in listing:

code:

whois  208.88.176.118 # # query terms ambiguous.  query assumed be: #     "n 208.88.176.118" # # use "?" help. #  # # following results may obtained via: # http://whois.arin.net/rest/nets;q=208.88.176.118?showdetails=true&showarin=false #  netrange:       208.88.176.0 - 208.88.183.255 cidr:           208.88.176.0/21 originas:       as32527 netname:        pmgi nethandle:      net-208-88-176-0-1 parent:         net-208-0-0-0-0 nettype:        direct assignment nameserver:     dns2.friendfinderinc.com nameserver:     dns1.friendfinderinc.com regdate:        2008-03-24 updated:        2008-12-22 ref:            http://whois.arin.net/rest/net/net-208-88-176-0-1   orgname:        friendfinder networks inc orgid:          frien-11 address:        220 humboldt ct city:           sunnyvale stateprov:      ca postalcode:     94089 country:        regdate:        2008-07-18 updated:        2009-07-07 ref:            http://whois.arin.net/rest/org/frien-11  orgtechhandle: cwu4-arin orgtechname:   wu, catherine  orgtechphone:  +1-408-745-5598  orgtechemail:  cwu@ffn.com orgtechref:    http://whois.arin.net/rest/poc/cwu4-arin  # # arin whois data , services subject terms of use # available at: https://www.arin.net/whois_tou.html

Forum The Ubuntu Forum Community Ubuntu Specialised Support Security [ubuntu] something weird in squid

Ubuntu

Search This Blog

Self

Thread: something weird in squid

Comments

Post a Comment

Popular posts from this blog

CS5 Adobe Media Encoder: Encode failed because the source duration is nil.

cf_sql_integer vs cf_sql_bigint vs cf_sql_int??

localhost/joomla15/administrator doesnt work - Joomla! Forum - community, help and support