strange netstat -pl find

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Mon Apr 11, 2022 9:04    Post subject: strange netstat -pl find Reply with quote
i was looking for open ports, and doing some network audit...then ive found the local as well foreign address of my router ware
reported as "0-bitbucket.net.zooplus.de"

netstat -pl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:16 0-bitbucket.net.zooplus.de:* LISTEN 1465/openvpn
tcp 0 0 0-bitbucket.net.zooplus.de:dns 0-bitbucket.net.zooplus.de:* LISTEN 1449/dnsmasq
tcp 0 0 0-bitbucket.net.zooplus.de:https 0-bitbucket.net.zooplus.de:* LISTEN 2210/httpd
tcp 0 0 0-bitbucket.net.zooplus.de:22 0-bitbucket.net.zooplus.de:* LISTEN 1395/dropbear
netstat: /proc/net/tcp6: No such file or directory
udp 0 0 localhost:34954 0-bitbucket.net.zooplus.de:* 2200/nas
udp 0 0 0-bitbucket.net.zooplus.de:37631 0-bitbucket.net.zooplus.de:* 1465/openvpn
udp 0 0 0-bitbucket.net.zooplus.de:dns 0-bitbucket.net.zooplus.de:* 1449/dnsmasq
udp 0 0 0-bitbucket.net.zooplus.de:bootps 0-bitbucket.net.zooplus.de:* 1449/dnsmasq
netstat: /proc/net/udp6: No such file or directory
raw 0 0 0-bitbucket.net.zooplus.de:255 0-bitbucket.net.zooplus.de:* 255 1433/wland
netstat: /proc/net/raw6: No such file or directory

----------------------------------------------
than i checked

Address lookup - 0-bitbucket.net.zooplus.de
canonical name lb1.affex.org.
aliases 0-bitbucket.net.zooplus.de
zooplus-de.affex.org
addresses 35.187.117.15
Domain Whois record

Queried whois.denic.de with "-T ace,dn zooplus.de"...

Domain: zooplus.de
Nserver: ns-1251.awsdns-28.org
Nserver: ns-1870.awsdns-41.co.uk
Nserver: ns-282.awsdns-35.com
Nserver: ns-922.awsdns-51.net
Status: connect
Changed: 2017-10-05T09:23:31+02:00

Network Whois record

Queried whois.arin.net with "n 35.187.117.15"...

NetRange: 35.184.0.0 - 35.191.255.255
CIDR: 35.184.0.0/13
NetName: GOOGLE-CLOUD
NetHandle: NET-35-184-0-0-1
Parent: NET35 (NET-35-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Google LLC (GOOGL-2)
RegDate: 2016-10-11
Updated: 2016-10-17
Ref: https://rdap.arin.net/registry/ip/35.184.0.0

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Mon Apr 11, 2022 13:11; edited 1 time in total
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Mon Apr 11, 2022 12:15    Post subject: Reply with quote
It's a reverse dns lookup of the IP.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Mon Apr 11, 2022 12:52    Post subject: Reply with quote
Per Yngve Berg wrote:
It's a reverse dns lookup of the IP.


well... it comes out on all my routers and non of them is using google DNS or anything related to this IP or canonical name..some of them are on different ISP or using VPN...as well different DNS servers...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Mon Apr 11, 2022 14:28    Post subject: Reply with quote
Must be something to do with the blocklist you're downloading...

it thinks 0.0.0.0 would be 0-bitbucket.net.zooplus.de
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Mon Apr 11, 2022 15:43    Post subject: Reply with quote
ho1Aetoo wrote:
Must be something to do with the blocklist you're downloading...

it thinks 0.0.0.0 would be 0-bitbucket.net.zooplus.de


correct...

first entry...
10x ho1Aetoo good find...Wink

i've seen similar issues with windows hosts..in some other scenarios... ill revise the situation...10x again...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
MesMurized
DD-WRT User


Joined: 08 Aug 2017
Posts: 84

PostPosted: Tue Apr 12, 2022 4:01    Post subject: Reply with quote
Interesting find: see last post
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1173674&sid=3bff9838ff4dde25b7dea72f86bc32d6

_________________
Current: Netgear R9000 DD-WRT v3.0-r55460 std (03/25/24)
Retired: Linksys WRT32X r39296, TP-Link Archer C7 v2, LinkSys WRT54G v5
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum