Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Idle Process TCP connections


  • Please log in to reply
6 replies to this topic

#1 keyes528

keyes528

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 02 January 2015 - 09:05 PM

If I understand the system idle process "connections" are other processes connections that are closing. They're all listed as time_wait.

Im trying to investigate a pair of IP addresses, which were utilising port 80.


146.255.39.1

23.239.16.243


I noticed these appear after running geforce experience. I believe they are related to nvidia, as nvstreamsvc utilises port 80, and some logs in search results for this show nvsteamsvc interacting with the 23.239 address.

However, im confused about the 146 address. A traceroute (which im not very sure of what the results mean) refer to secureserver.net, which I believe is part of akamai or something. Virustotal seems to have a page on it, with it being linked with odd websites.

My question is how can I find what process system idle process is refferring to, and is this a legitimate conection? Im pretty sure its nvidia, as it only appears when I mess with geforcr experience, it does not appear when doing anything else.
Thank you.

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:35 AM

Posted 04 January 2015 - 10:59 AM

Hi according to who.is:

The 1st IP address (146.255.39.1) is hosted by GoDaddy, and is allocated to an individual in Amsterdam, Netherlands.

The 2nd IP address (23.239.16.243) is hosted by Linode in New Jersey, USA. A hostname for the IP is ipinfo.io

I've also come across information that a company called Digital Ocean may be behind both of these 2 mentioned since according to wikipedia they lease from data centres in New York and Amsterdam among others.

Edited by dev00790, 04 January 2015 - 11:00 AM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 04 January 2015 - 11:14 AM

I am more concerned with the 146.255.36.1 address (by the way, I made a mistake, it is 36, not 39)

It seems to have a virustotal page with phishing websites. I have scanned with malwarebytes and it seems clean, so it must be some program using digital ocean although I cant hardly find reference to digital ocean and this ip unless I google search

146.255.36.1 "digital ocean"

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:35 AM

Posted 04 January 2015 - 11:27 AM

 

It seems to have a virustotal page with phishing websites.

Please provide the virustotal link for this?


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 04 January 2015 - 11:45 AM

https://www.virustotal.com/en/ip-address/146.255.36.1/information/

#6 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 04 January 2015 - 11:51 AM

http://speccy.piriform.com/results/TLPitQ7NsnsRJu74VH358vu


Speccy is from Piriform, the developers of ccleaner, and in this log some user posted, it seems they also have that 146 address as time wait under system idle.

#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:35 AM

Posted 05 January 2015 - 01:39 PM

It's possible that there could be bad and good sites hosted under that IP. I don't know. I would seek further advice.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users