Re: Possible security issue

On Sat, 2010-05-01 at 08:49 -0700, MJang wrote:
> On Sat, 2010-05-01 at 08:30 -0700, MJang wrote:
> > Folks, 
> > 
> > Been experimenting a bit with nc. As such, I've been seeing how it
> > connects from system to system. To that end, I started an Apache server
> > on my laptop (on Hardy Heron). After a bit, I ran the following command
> > to see if the nc from another system would show up.
> > 
> > netstat -atun 
> > 
> > Well, it didn't, but I soon got a bunch of entries similar to 
> > 
> > tcp  0  0 10.168.0.111:44535    xxx.yyy.zzz.aaa:80   ESTABLISHED
> > 
> > Where xxx.yyy.zzz.aaa are public addresses from places like FL and MA.
> > It's not like I have anything but the standard "It works" page on that
> > Apache server. 
> > 
> > And I have a pretty standard (though old) firewall on the router, with
> > port forwarding set up (for the most part) to some non-existent systems
> > on my local private IP net. My laptop is not one of them. 
> > 
> > So there's a weakness somewhere. I don't have MS running anywhere (at
> > the moment) Any suggestions on where I should look?
> 
> Just to follow-up, I tried some of the IP addresses from the remote
> sites in my browser, and most of them go to fake Google home pages. I'm
> guessing they're looking for other places for their phishes. The fake
> Googles are pretty slick, even error pages from their IP addresses are