SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012 TENABLE NETWORK SECURITY, INC. Netstat Active Connections April 29, 2012 at 2:11pm CDT Dave Breslin [dbreslin3] Confidential: The following report contains confidential information. Do not distribute, email, fax, or transfer via any electronic mechanism unless it has been approved by the recipient company's security policy. All copies and backups of this document should be saved on protected storage at all times. Do not share any of the information contained within this report with anyone unless they are authorized to view the information. Violating any of the previous instructions is grounds for termination. Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012 Table of Contents Netstat Connections - 192.168.1.4 ................................................................................... 1 10.100.15.5 ..................................................................................................................................................................2 10.100.15.8 ..................................................................................................................................................................4 10.100.20.3 ..................................................................................................................................................................6 10.100.20.25 ................................................................................................................................................................8 10.100.20.27 ..............................................................................................................................................................10 10.100.20.28 ..............................................................................................................................................................12 10.100.20.40 ..............................................................................................................................................................14 10.100.30.23 ..............................................................................................................................................................16 10.100.30.34 ..............................................................................................................................................................17 Table of Contents Tenable Network Security i Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012 Netstat Connections - 192.168.1.4 Host Count for Last 5 Days Current Host Count by Subnet IP Address Total 10.100.30.0/24 2 10.100.20.0/24 5 10.100.15.0/24 2 Netstat Connections - 192.168.1.4 Tenable Network Security 1 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012 10.100.15.5 NetBIOS Name: UNKNOWN\MAC0014 Crit.: 0 High: 1 Med.: 1 Low: 0 MAC Address: 60:c5:47:22:2e:1a DNS Name: mac0014.itsdept.com Last Scan: Apr 29, 2012 @ 1:37PM Host Netstat Details Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' command. Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections. Solution: n/a Risk Factor: None CVSS Base Score: CVSS Vector: Plugin Output: Netstat output : Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 44 10.100.15.5.22 10.0.0.61.50001 ESTABLISHED tcp4 0 0 10.100.15.5.49438 192.168.1.4.445 ESTABLISHED tcp4 0 0 10.100.15.5.49428 17.149.36.178.5223 ESTABLISHED tcp4 0 0 *.22 *.* LISTEN tcp6 0 0 *.22 *.* LISTEN tcp4 0 0 127.0.0.1.631 *.* LISTEN tcp6 0 0 ::1.631 *.* LISTEN udp4 0 0 10.100.15.5.123 *.* udp6 0 0 *.56597 *.* udp4 0 0 *.56597 *.* udp6 0 0 *.60190 *.* udp4 0 0 *.60190 *.* udp6 0 0 *.63881 *.* udp4 0 0 *.63881 *.* udp6 0 0 *.57959 *.* udp4 0 0 *.57959 *.* udp6 0 0 *.60482 *.* udp4 0 0 *.60482 *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* Netstat Connections - 192.168.1.4 Tenable Network Security 2 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012 udp6 0 0 fe80::62c5:47ff:.123 *.* udp6 0 0 ::1.123 *.* udp4 0 0 127.0.0.1.123 *.* udp6 0 0 fe80::1%lo0.123 *.* udp6 0 0 *.123 *.* udp4 0 0 *.123 *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp6 0 0 *.5353 *.* udp4 0 0 *.5353 *.* udp4 0 0 *.* *.* udp46 0 0 *.* *.* udp4 0 0 *.138 *.* udp4 0 0 *.137 *.* icm6 0 0 *.* *.* Netstat Connections - 192.168.1.4 Tenable Network Security 3 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012 10.100.15.8 NetBIOS Name: UNKNOWN\MAC0007 Crit.: 0 High: 14 Med.: 2 Low: 0 MAC Address: 60:c5:47:22:a2:08 DNS Name: mac0007.itsdept.com Last Scan: Apr 29, 2012 @ 1:38PM Host Netstat Details Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' command. Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections. Solution: n/a Risk Factor: None CVSS Base Score: CVSS Vector: Plugin Output: Netstat output : Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 44 10.100.15.8.22 10.0.0.61.55874 ESTABLISHED tcp4 0 0 10.100.15.8.49194 192.168.1.4.445 ESTABLISHED tcp4 0 0 10.100.15.8.49188 10.0.0.95.445 ESTABLISHED tcp4 0 0 10.100.15.8.49178 192.168.1.4.445 ESTABLISHED tcp4 0 0 10.100.15.8.49155 17.172.232.201.5223 ESTABLISHED tcp6 0 0 *.3689 *.* LISTEN tcp4 0 0 *.3689 *.* LISTEN tcp4 0 0 *.22 *.* LISTEN tcp6 0 0 *.22 *.* LISTEN tcp4 0 0 127.0.0.1.631 *.* LISTEN tcp6 0 0 ::1.631 *.* LISTEN udp6 0 0 *.52818 *.* udp4 0 0 *.52818 *.* udp6 0 0 *.57051 *.* udp4 0 0 *.57051 *.* udp6 0 0 *.55799 *.* udp4 0 0 *.55799 *.* udp6 0 0 *.61325 *.* udp4 0 0 *.61325 *.* udp6 0 0 *.62779 *.* udp4 0 0 *.62779 *.* Netstat Connections - 192.168.1.4 Tenable Network Security 4 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012 udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 10.100.15.8.123 *.* udp6 0 0 fe80::62c5:47ff:.123 *.* udp6 0 0 ::1.123 *.* udp4 0 0 127.0.0.1.123 *.* udp6 0 0 fe80::1%lo0.123 *.* udp6 0 0 *.123 *.* udp4 0 0 *.123 *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp46 0 0 *.* *.* udp6 0 0 *.5353 *.* udp4 0 0 *.5353 *.* udp4 0 0 *.138 *.* udp4 0 0 *.137 *.* icm6 0 0 *.* *.* Netstat Connections - 192.168.1.4 Tenable Network Security 5 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012 10.100.20.3 NetBIOS Name: ITSDEPT\DT0020 Crit.: 9 High: 163 Med.: 43 Low: 2 MAC Address: 52:54:00:ab:3e:bb DNS Name: dt0020.itsdept.com Last Scan: Apr 29, 2012 @ 1:38PM Host Netstat Details Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' command. Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections. Solution: n/a Risk Factor: None CVSS Base Score: CVSS Vector: Plugin Output: Netstat output : Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 764 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1059 0.0.0.0:0 LISTENING 832 TCP 0.0.0.0:1241 0.0.0.0:0 LISTENING 944 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 720 TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING 1384 TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING 1384 TCP 0.0.0.0:8834 0.0.0.0:0 LISTENING 944 TCP 10.100.20.3:135 10.0.0.61:37546 ESTABLISHED 764 TCP 10.100.20.3:139 0.0.0.0:0 LISTENING 4 TCP 10.100.20.3:445 10.0.0.61:60142 ESTABLISHED 4 TCP 10.100.20.3:1059 10.0.0.61:60846 ESTABLISHED 832 TCP 10.100.20.3:3396 192.168.1.4:445 ESTABLISHED 4 TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING 1644 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 544 UDP 0.0.0.0:1063 *:* 900 UDP 0.0.0.0:1070 *:* 900 UDP 0.0.0.0:1119 *:* 900 Netstat Connections - 192.168.1.4 Tenable Network Security 6 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012 UDP 0.0.0.0:4500 *:* 544 UDP 10.100.20.3:123 *:* 832 UDP 10.100.20.3:137 *:* 4 UDP 10.100.20.3:138 *:* 4 UDP 10.100.20.3:1900 *:* 964 UDP 127.0.0.1:123 *:* 832 UDP 127.0.0.1:1900 *:* 964 Netstat Connections - 192.168.1.4 Tenable Network Security 7 Netstat Active Connections SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012 10.100.20.25 NetBIOS Name: ITSDEPT\DT0030 Crit.: 8 High: 130 Med.: 41 Low: 2 MAC Address: 52:54:00:10:c1:5b DNS Name: dt0030.itsdept.com Last Scan: Apr 29, 2012 @ 1:38PM Host Netstat Details Plugin Plugin Name Family 58651 Netstat Active Connections Misc. Synopsis: Active connections are enumerated via the 'netstat' command. Description: This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections. Solution: n/a Risk Factor: None CVSS Base Score: CVSS Vector: Plugin Output: Netstat output : Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 768 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1086 0.0.0.0:0 LISTENING 836 TCP 0.0.0.0:1241 0.0.0.0:0 LISTENING 1500 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 964 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 724 TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING 1476