[SOLVED] connection made to National Internet Development Agency of Korea for unknown reasons

rhklinux · 02-18-2012, 06:16 AM

I just netstat to see tcp connections.and found some entries that are not intended to be there.I am using ubuntu.I live in india
here is output of netstat:

Code:

tcp        0      1 192.168.1.3:43331       211.239.150.206:80      SYN_SENT

I have connected to internet through a router.
i used network tool to see the host name of destination ip address(211.239.150.206)
this is what i got:

Code:

# ENGLISH

KRNIC is not an ISP but a National Internet Registry similar to APNIC.

[ Network Information ]
IPv4 Address       : 211.239.128.0 - 211.239.191.255 (/18)
Service Name       : SEJONGNET
Organization Name  : SEJONG TELECOM
Organization ID    : ORG110145
Address            : Hyundai B/D, 646-1, Yeoksam-dong, Gangnam-gu
Zip Code           : 135-080
Registration Date  : 20010419

[ Admin Contact Information ]
Name               : IP Administrator
Phone              : +82-2-1688-7380
E-Mail             : ip@sejongtelecom.net

[ Tech Contact Information ]
Name               : IP Manager
Phone              : +82-2-1688-7380
E-Mail             : ip@sejongtelecom.net

[ Network Abuse Contact Information ]
Name               : Network Abuse
Phone              : +82-2-3415-4320
E-Mail             : abuse@sejongtelecom.net

--------------------------------------------------------------------------------

More specific assignment information is as follows.

[ Network Information ]
IPv4 Address       : 211.239.150.0 - 211.239.151.255 (/23)
Network Name       : ENTERPRISENET-IDC-HOSTWAY
Organization Name  : Hostway
Organization ID    : ORG407396
Address            : 343-1 Hostway, Bundang-gu, Seongnam-si, Gyeonggi
Zip Code           : 463-070
Registration Date  : 20040914
Publishes          : Y

[ Technical Contact Information ]
Name               : Cho, Hanjin
Organization Name  : Hostway
Address            : 343-1Hoseuteuwei Bldg., Bundang-gu, Seongnam-si, Gyeonggi
Zip Code           : 463-070
Phone              : +82-70-8630-1461
E-Mail             : abuse@hostway.co.kr


- KISA/KRNIC Whois Service -

I googled about it and found that its National Internet Development Agency of Korea
thanks for reply

unSpawn · 02-18-2012, 06:44 AM

Quote:

Originally Posted by rhklinux

I just netstat to see tcp connections.and found some entries that are not intended to be there.

And why would that be? How else should applications check WHOIS, ASN or other nfo?

Quote:

Originally Posted by rhklinux

here is output of netstat

If next time you run netstat with '-ntulpe' you get more details like the PID of the application.

rhklinux · 02-18-2012, 07:01 AM

Thanks for reply I will look for process.

malekmustaq · 02-18-2012, 07:12 AM

KRNIC is an APNIC register in korea. But why would that korean IP talk directly to your host? I remember another korean IP here.

unSpawn · 02-18-2012, 07:50 AM

Quote:

Originally Posted by malekmustaq

why would that korean IP talk directly to your host?

Note the netstat entry reads SYN_SENT with the non-LAN IP on the right hand. So it is not "KRNIC talking to his host" but his machine contacting 211.239.150.206. And according to ROBTEX db.asia.clamav.net shares the IP address too.

rhklinux · 02-21-2012, 10:17 PM

sory for late replay unSpawn but what does that mean ?

unSpawn · 02-21-2012, 11:56 PM

It means that if you run ClamAV it uses the IP address to check for updates.

rhklinux · 02-24-2012, 03:11 AM

Yeh i have ClamAV running !! that must be the case.thanks !!