# Suspicious connections in netstat again. Am I being hacked?



## The VCR King (Jun 17, 2016)

Ran netstat for the heck of it today and I noticed some new connections I never seen before,
such as:
"csc-beap"
"bf1onepush"
"ya-in(some number)"
"yv-in(some number)"
"yx-in(some number)"
"chadlv06"
"chadlv07"
"microsoft-ds"

What's these?


----------



## beers (Jun 17, 2016)

Post the actual output


----------



## Darren (Jun 17, 2016)

Friggin' Chad.


----------



## The VCR King (Jun 17, 2016)

So many of these look suspicious...


----------



## Darren (Jun 17, 2016)

I googled a few of those and got this.

https://www.robtex.com/en/advisory/dns/net/1e100/yw-in-f125/
https://www.robtex.com/en/advisory/dns/net/1e100/ya-in-f113/
http://www.ipv6-spider.com/en/host/bf1onepush.vip.bf1.yahoo.com

FBCDN is Facebook and I see Microsoft in there also.

I think you're just paranoid.


----------



## The VCR King (Jun 17, 2016)

Darren said:


> I googled a few of those and got this.
> 
> https://www.robtex.com/en/advisory/dns/net/1e100/yw-in-f125/
> https://www.robtex.com/en/advisory/dns/net/1e100/ya-in-f113/
> ...


Why would there be a Facebook IP connected to my PC?!


----------



## Darren (Jun 17, 2016)

The VCR King said:


> Why would there be a Facebook IP connected to my PC?!


You ever used Facebook before, friend?


----------



## Laquer Head (Jun 17, 2016)

Based on my expert opinion and analysis of the data provided I have determined you are completely screwed!


----------



## beers (Jun 17, 2016)

Those are all HTTP and HTTPS outbound...


----------



## Darren (Jun 17, 2016)

beers said:


> Those are all HTTP and HTTPS outbound...


Was waiting for one of you network engi's to put a stop to this paranoia.


----------



## The VCR King (Jun 17, 2016)

Darren said:


> You ever used Facebook before, friend?


No... Nobody uses Facebook on my computer...



beers said:


> Those are all HTTP and HTTPS outbound...


Idk how... All of those show up in Netstat even with all browsers closed and nothing open.


----------



## Darren (Jun 17, 2016)

The VCR King said:


> No... Nobody uses Facebook on my computer...
> 
> 
> Idk how... All of those show up in Netstat even with all browsers closed and nothing open.



Facebook has integrated itself into a lot of different applications as a profile and a lot of stuff links up with it. Possible something else is latching on to their servers (which probably host a bunch of various crap). Also I'd be surprised if you know absolutely everything that ever goes on with that computer since it's shared with your family.

The internet works.... in the background... Look at your task manager for networking activity with everything closed. You'll probably still see some pings of activity.

You're just paranoid. Chill, nothing to see here. Move along.


----------



## beers (Jun 17, 2016)

The VCR King said:


> Idk how... All of those show up in Netstat even with all browsers closed and nothing open.


There's a tcp half open timeout.  

The Facebook ones are probably the Facebook integration functions found on most websites.

Since it's all just web browsing traffic then nothing to worry about.


----------



## TrainTrackHack (Jun 17, 2016)

That's just Hobbes mucking around on your computer, I wouldn't worry about it.


----------



## Geoff (Jun 17, 2016)

The VCR King said:


> Idk how... All of those show up in Netstat even with all browsers closed and nothing open.


It's not the 90's anymore, even if you close a browser's window, it still runs many processes in the background.  Especially Chrome.


----------

