I recently ran netstat, and noticed a large amount of established connections to my computer. Please take in mind, that I am running a webserver, so some of that I can expect, but some of them are a little odd...One of the ip addresses links to some servotron host site...http://63.226.156.33/ and the message is a little unsettling. My question is, am I under some danger? Or is this just a common network situation? I was a little curious because the connections made were from odd port numbers, i.e. 3000's 5000's (not exactly in that precision (5326 for example)) and I was wondering why this would be. Any ideas? Thanks alot.

Well when you connect to a Web server, you send a connection out from your computer too port 80 on the remote machine. The connection originates from some random high-numbered port on your machine. So it's not unusual to see connection FROM random, high number ports. If they're coming in TO random ports then it's significantly more worrisome. In any case, it's always a good idea to do some investigation of what's going on. You may be being DOSed if there is a very large number of connections. But in any case, check the usual suspects, i.e. look for strange log entries, run chkrootkit and rkhunter, etc. This isn't a foolproof method of detecting an intrusion but it will maybe give you some things to look at.

in your netstat can you map ip request to 80 and it's response on random port? That way you differentiate between legitimate traffic versus some other scenario.

Thanks for the replies...Is something like this of worry?
There are a lot less connections now then last night...thanks.

This might be old, but found this from here: