LinuxQuestions.org - [SOLVED] connection made to National Internet Development Agency of Korea for unknown reasons

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - connection made to National Internet Development Agency of Korea for unknown reasons (https://www.linuxquestions.org/questions/linux-networking-3/connection-made-to-national-internet-development-agency-of-korea-for-unknown-reasons-930040/)

connection made to National Internet Development Agency of Korea for unknown reasons

I just netstat to see tcp connections.and found some entries that are not intended to be there.I am using ubuntu.I live in india
here is output of netstat:

Code:

tcp 0 1 192.168.1.3:43331 211.239.150.206:80 SYN_SENT

I have connected to internet through a router.
i used network tool to see the host name of destination ip address(211.239.150.206)
this is what i got:

Code:

# ENGLISH



KRNIC is not an ISP but a National Internet Registry similar to APNIC.



[ Network Information ]

IPv4 Address      : 211.239.128.0 - 211.239.191.255 (/18)

Service Name      : SEJONGNET

Organization Name  : SEJONG TELECOM

Organization ID    : ORG110145

Address            : Hyundai B/D, 646-1, Yeoksam-dong, Gangnam-gu

Zip Code          : 135-080

Registration Date  : 20010419



[ Admin Contact Information ]

Name              : IP Administrator

Phone              : +82-2-1688-7380

E-Mail            : ip@sejongtelecom.net



[ Tech Contact Information ]

Name              : IP Manager

Phone              : +82-2-1688-7380

E-Mail            : ip@sejongtelecom.net



[ Network Abuse Contact Information ]

Name              : Network Abuse

Phone              : +82-2-3415-4320

E-Mail            : abuse@sejongtelecom.net



--------------------------------------------------------------------------------



More specific assignment information is as follows.



[ Network Information ]

IPv4 Address      : 211.239.150.0 - 211.239.151.255 (/23)

Network Name      : ENTERPRISENET-IDC-HOSTWAY

Organization Name  : Hostway

Organization ID    : ORG407396

Address            : 343-1 Hostway, Bundang-gu, Seongnam-si, Gyeonggi

Zip Code          : 463-070

Registration Date  : 20040914

Publishes          : Y



[ Technical Contact Information ]

Name              : Cho, Hanjin

Organization Name  : Hostway

Address            : 343-1Hoseuteuwei Bldg., Bundang-gu, Seongnam-si, Gyeonggi

Zip Code          : 463-070

Phone              : +82-70-8630-1461

E-Mail            : abuse@hostway.co.kr





- KISA/KRNIC Whois Service -

I googled about it and found that its National Internet Development Agency of Korea
thanks for reply

Quote:

Originally Posted by rhklinux (Post 4605769)

I just netstat to see tcp connections.and found some entries that are not intended to be there.

And why would that be? How else should applications check WHOIS, ASN or other nfo?

Quote:

Originally Posted by rhklinux (Post 4605769)

here is output of netstat

If next time you run netstat with '-ntulpe' you get more details like the PID of the application.

Thanks for reply I will look for process.

KRNIC is an APNIC register in korea. But why would that korean IP talk directly to your host? I remember another korean IP here.

Quote:

Originally Posted by malekmustaq (Post 4605807)

why would that korean IP talk directly to your host?

Note the netstat entry reads SYN_SENT with the non-LAN IP on the right hand. So it is not "KRNIC talking to his host" but his machine contacting 211.239.150.206. And according to ROBTEX db.asia.clamav.net shares the IP address too.

sory for late replay unSpawn but what does that mean ?

It means that if you run ClamAV it uses the IP address to check for updates.

Yeh i have ClamAV running !! that must be the case.thanks !!