Windows 7: <non-existant> connection.

  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

I recently installed Windows 7, I'm usually pretty good security wise. However I was playing a game of mine and it started lagging, so I minimized...

I use TCPView and it keeps showing a "<non-existant>" connection which is ESTABLISHED to different IP addresses. There is also one listening on local address 127.0.0.1:63586. Just a few minutes ago I had a "<non-existant>" connection to 206.16.13.71, if you view it on the web it's an apache server: http://206.16.13.71/

I do use a software firewall and a router firewall. However, I'm temporarily hosting my web server via my Windows 7 computer, so I have port 80 & 443 open to httpd.exe and forwarded on my router to this computer. Anybody know of a way I can verify that address is legit or know if windows randomly connects to apache servers?
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

That IP address belongs to:

$ whois 206.16.13.71

OrgName: CERFnet
OrgID: CERF
Address: 5738 Pacific Center Blvd
City: San Diego
StateProv: CA
PostalCode: 92121
Country: US

NetRange: 206.16.0.0 - 206.19.255.255
CIDR: 206.16.0.0/14
NetName: CERFNET-BLK-206
NetHandle: NET-206-16-0-0-1
Parent: NET-206-0-0-0-0
NetType: Direct Allocation
NameServer: DBRU.BR.NS.ELS-GMS.ATT.NET

snipped to save space.

I wouldn't host a web page locally.
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

Yeah I did a whois lookup. I was just wondering if that was legit or something.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

There must have been something looking for that IP address, & it never connected. I would run netstat -an to see all the connections. Pay attention to the foreign address column for unwanted connections.
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

I read somewhere that when a connection is running from a <non-existent> process the parent thread is not active anymore. So could it be that in Windows 7, if you run Apache and for example a spider connects to the web server, it may leave left over connections?

Now I have 2...
206.16.13.71 (same one) [ http://96.17.73.9/ ]
96.17.73.9 (akamai technologies) [ http://206.16.13.71/ ]
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

That makes sense which is why I suggest that you move your web page to a hosting company. I have seen things that I wasn't supposed to see because people had their data too close to their web space.
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

Aye, good suggestion.

Post Information

  • Total Posts in this topic: 7 posts
  • Users browsing this forum: No registered users and 51 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.