Good morning everyone,
yesterday I realized that I am facing a problem in network since I installed CUPS and SAMBA in Raspberry Pi. B4A-Bridge stopped seeing my Samsung A41. I tried to recheck and the same happened. When I inserted the address manually it was connected but it could not discover it otherwise.
I thought something is wrong so I opened a command terminal as an administrator and I checked with "netstat -b" for any suspicious connections. There were 4 records that reported:
"Can not obtain ownership information"
I googled to find how can I check them and find which procedures use this connections. It appears that the ipv6 that uses these connections is local as can be seen in the following link since it started with fe80: . Here is the relevant wikipedia page :
en.wikipedia.org
Google showed me how to check the procedures that run this unreported applications. The way is to run "netstat -ano" and right click on start menu and select "Task Manager". When it will open select to show you full details and then go to "Details" tab and click on the PID header to sort them ascending in order to find easier the PID that corresponds to the ipv4/ipv6 + Port. Mine procedures were svchost and System. The problem was that the ports were the 445 and 1524. Port 445 is less suspicious but port 1524 google reports that it maybe a "trinoo" malware for coordinated DDoS attacks. It also says that it is not for sure like that, because some legitimate windows services and SAMBA (installed in raspberry PI) also use this port. The local ipbv6 that the connection were coming form were connected to ingreslock and microsoft-ds.
So my questions are 3:
1) Does anyone of you have any advanced experience on how to restore the "seeing" of each other between the devices that are currently not visible (in explorer) because otherwise they communicate correctly. I tried all the things I know and googled and none of them seems to work. They keep staying not visible in explorer (also other computers in my home lab).
2) Does anyone of you again have any advanced knowledge on how to check quickly if malware "trinoo" is apparent because I had the antivirus performing full scan for straight 8 hours and it only proceeded up to 27 percent. Please also if you have any security tips that can be useful do not hesitate to mention them.
3) Port 445 of the this local ipv6 was connecting to port 1524 in my computer and port 1524 of the this local ipv6 was connecting to port microsoft-ds in my computer. Since when I restarted the computer the port 1524 changed but the scheme remains. Does this tell anything to anyone on the nature of these connections?
Thanks in advance
yesterday I realized that I am facing a problem in network since I installed CUPS and SAMBA in Raspberry Pi. B4A-Bridge stopped seeing my Samsung A41. I tried to recheck and the same happened. When I inserted the address manually it was connected but it could not discover it otherwise.
I thought something is wrong so I opened a command terminal as an administrator and I checked with "netstat -b" for any suspicious connections. There were 4 records that reported:
"Can not obtain ownership information"
I googled to find how can I check them and find which procedures use this connections. It appears that the ipv6 that uses these connections is local as can be seen in the following link since it started with fe80: . Here is the relevant wikipedia page :
Reserved IP addresses - Wikipedia
Google showed me how to check the procedures that run this unreported applications. The way is to run "netstat -ano" and right click on start menu and select "Task Manager". When it will open select to show you full details and then go to "Details" tab and click on the PID header to sort them ascending in order to find easier the PID that corresponds to the ipv4/ipv6 + Port. Mine procedures were svchost and System. The problem was that the ports were the 445 and 1524. Port 445 is less suspicious but port 1524 google reports that it maybe a "trinoo" malware for coordinated DDoS attacks. It also says that it is not for sure like that, because some legitimate windows services and SAMBA (installed in raspberry PI) also use this port. The local ipbv6 that the connection were coming form were connected to ingreslock and microsoft-ds.
So my questions are 3:
1) Does anyone of you have any advanced experience on how to restore the "seeing" of each other between the devices that are currently not visible (in explorer) because otherwise they communicate correctly. I tried all the things I know and googled and none of them seems to work. They keep staying not visible in explorer (also other computers in my home lab).
2) Does anyone of you again have any advanced knowledge on how to check quickly if malware "trinoo" is apparent because I had the antivirus performing full scan for straight 8 hours and it only proceeded up to 27 percent. Please also if you have any security tips that can be useful do not hesitate to mention them.
3) Port 445 of the this local ipv6 was connecting to port 1524 in my computer and port 1524 of the this local ipv6 was connecting to port microsoft-ds in my computer. Since when I restarted the computer the port 1524 changed but the scheme remains. Does this tell anything to anyone on the nature of these connections?
Thanks in advance
