Netstat returns strange looking foreign address

0

I am trying to understand what this foreign address means in a netstat listing:

195.sub-174-227-0.myv

When I run netstat, some foreign address don't look like normal IP addresses. Are these IPv6 addresses, proxy, what...?

...
tcp     1231      0 ::ffff:192.168.1.18:https   164.sub-70-192-197.my:34669 CLOSE_WAIT  
tcp        1      0 ::ffff:192.168.1.18:https   83.sub-70-192-196.myv:43300 CLOSE_WAIT  
...

I don't know what to make of these. Please advise

Roy Hinkley

Posted 2015-06-17T16:46:01.533

Reputation: 318

they are IPv6 connections yes. the '195.sub-174-227-0.myv' is just a DNS host name. I can't say I've ever seen a .myv tld, but .my is Malaysia. ISPs usually use strings like this for automatic DNS registration. – Frank Thomas – 2015-06-17T16:56:21.937

@FrankThomas You say Malaysia, but the only connections should be in US. Does this have any security implications? – Roy Hinkley – 2015-06-17T17:09:20.493

Answers

0

::ffff:192.168.1.18 is an IPv6 Address.

164.sub-70-192-197.my is a hostname for one of the systems you are connected to. Somewhere between me and Microsoft.com is dalsbprj01-ae1.0.rd.dl.cox.net which you can surmise is a Cox owned device, presumably located in Dallas.

kazoni

Posted 2015-06-17T16:46:01.533

Reputation: 633

Asked: 2015-06-17T16:46:01.533

Viewed: 829 times

Active: 2015-06-17T17:01:50.127