Help with netstat results RRS feed

  • Question

  • Hi,

    This isn't my area of expertise, in fact, it's quite a way off but I'm pretty technical minded so I can kinda work my way around and understand things as I go by following a guide.

    With that in mind, please bear with and forgive me if I don't use the right terminology or confuse anything along the way because I've understood already that there's lot to learn in networking and really too much if you're just looking for a one off answers.

    Anyway, long story short, I received a really odd email recently with an equally odd subject apparently from Steve someone at Alarm bells were already ringing.  When I opened it, which in hindsight was probably a step too far, there was a link followed by the British Airways email disclaimer information at the bottom.

    I clicked the link (I know!) and it took me to a "hotmail" portal where it requested I enter my password. That was my exit point.  And by the way, this was on my phone.

    I'm naturally suspicious anyway and not unwise to phishing scams and things like that and tonight, for whatever reason, I think I read something about someone noticing unusual logins on their email, I decided to check mine on hotmail.

    I was actually quite surprised that in the last month there had been around 15 failed login attempts using an incorrect password and worryingly a coupe of successful ones that I couldn't identify.  I secured my account a bit more than it was and then,

    having the spare time and paranoid mind, I decided to run a few network checks, something I've dipped my toe into before.

    A lot of what I found through netstat results, I've managed to identify and at least half understand. Enough to not be concerned anyway.

    However, as I've read on and tried to learn exactly what bits could possibly be warning signs it seems the more I've learnt and checked, the more I've become confused as to what looks right and what doesn't.

    For example, one guide I just read suggested paying particular attention to "unusual" foreign addresses without giving any examples of what unusual looks like.

    Compared with the foreign addresses I was seeing previously during a check, addresses like these look unusual to me: 9:HTTPS, tag:HTTPS and unknown:HTTPS

    It's not that I've noticed anything unusual with my machine but I have had a warning that my email has been accessed in the past and have an American friend who recently had her entire savings account emptied, really I'm just thinking better safe than sorry.  I guess my question is, is this something not even worth spending on unless my machine has shown some signs of possible compromise or do those foreign address seem unusual?

    Wednesday, February 13, 2019 3:10 PM

All replies