Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is it hacking?

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 4 Posters 796 Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ Offline
      johnpoz LAYER 8 Global Moderator @Antibiotic
      last edited by johnpoz

      @Antibiotic take a look at netstat to see what process is doing it.. Could be some addon in your browser as well.

      as admin in a cmd prompt run netstat -anb

        TCP    192.168.9.100:18958    208.123.73.77:443      ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:20572    34.107.243.93:443      ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21258    146.75.77.91:443       ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21274    178.162.173.120:443    ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21326    151.101.193.188:443    ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21329    146.75.77.188:443      ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21340    23.33.29.88:443        ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21381    142.250.191.164:443    ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21384    104.18.17.97:443       ESTABLISHED

      Or you could use tcpview
      https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview

      btw - I tried talking to that IP on both 443 and 80 and nothing answers anyway.

      noanswer.jpg

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 25.07 | Lab VMs 2.8, 25.07

      A 1 Reply Last reply Reply Quote 0
      • A Offline
        Antibiotic @johnpoz
        last edited by

        @johnpoz said in Is it hacking?:

        as admin in a cmd prompt run netstat -anb

        I did, but for this moment no connections with those IP's

        pfSense plus 24.11 on Topton mini PC
        CPU: Intel N100
        NIC: Intel i-226v 4 pcs
        RAM : 16 GB DDR5
        Disk: 128 GB NVMe
        Brgds, Archi

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator @Antibiotic
          last edited by

          @Antibiotic I see a 6881 port in there - you running torrents? Also that 6900 port also common torrent port.. So yeah I would expect IPs from all over.. I mean all over!!

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07 | Lab VMs 2.8, 25.07

          A 1 Reply Last reply Reply Quote 0
          • A Offline
            Antibiotic @johnpoz
            last edited by

            @johnpoz I'm also start think about torrent client))))

            pfSense plus 24.11 on Topton mini PC
            CPU: Intel N100
            NIC: Intel i-226v 4 pcs
            RAM : 16 GB DDR5
            Disk: 128 GB NVMe
            Brgds, Archi

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator @Antibiotic
              last edited by

              @Antibiotic blocking outbound while your running a torrents going to drastically reduce the overall capability for it to function at its peak.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07 | Lab VMs 2.8, 25.07

              1 Reply Last reply Reply Quote 0
              • JonathanLeeJ Offline
                JonathanLee
                last edited by JonathanLee

                It looks like bit-torrents, Azure, Limewire, something like that. If you use snort you could activate openAppID and see what it is in a second

                Make sure to upvote

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG Offline
                  Gertjan @JonathanLee
                  last edited by

                  @JonathanLee said in Is it hacking?:

                  If you use snort

                  Or clean up the PC ?!

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  johnpozJ A 2 Replies Last reply Reply Quote 0
                  • johnpozJ Offline
                    johnpoz LAYER 8 Global Moderator @Gertjan
                    last edited by

                    Maybe he is running torrents on purpose? He did say it was his laptop.. How would torrent just show up without the user knowing they were running torrents?

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 25.07 | Lab VMs 2.8, 25.07

                    A 1 Reply Last reply Reply Quote 0
                    • A Offline
                      Antibiotic @Gertjan
                      last edited by

                      @Gertjan said in Is it hacking?:

                      Or clean up the PC ?!

                      Funny)))

                      pfSense plus 24.11 on Topton mini PC
                      CPU: Intel N100
                      NIC: Intel i-226v 4 pcs
                      RAM : 16 GB DDR5
                      Disk: 128 GB NVMe
                      Brgds, Archi

                      1 Reply Last reply Reply Quote 0
                      • A Offline
                        Antibiotic @johnpoz
                        last edited by

                        @johnpoz said in Is it hacking?:

                        Maybe he is running torrents on purpose? He did say it was his laptop.. How would torrent just show up without the user knowing they were running torrents?

                        It was my torrent client on laptop.

                        pfSense plus 24.11 on Topton mini PC
                        CPU: Intel N100
                        NIC: Intel i-226v 4 pcs
                        RAM : 16 GB DDR5
                        Disk: 128 GB NVMe
                        Brgds, Archi

                        JonathanLeeJ 1 Reply Last reply Reply Quote 0
                        • JonathanLeeJ Offline
                          JonathanLee @Antibiotic
                          last edited by

                          @Antibiotic get rid of that torrent client eventually it’s gonna break stuff if you keep using it. Trust me. Stop using it, think about how many ports you need open. It just takes one bad download

                          Make sure to upvote

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.