What does localhost on netstat mean?

65 pts.
Tags:
Hacking
Localhost
Netstat
I was told by a tech support person that if I type netstat and get anything that says localhost I have been hacked.  Is this true?  I hadn't seen it for a couple weeks after they cleaned up the hacking, but it's back tonight (and everything is REALLY slow tonight).  And once tonight, in the column I was told should only be my IP address, 20 entries in a row read auth.impulse.com.##### instead of an ip at all... Thanks for your help!

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 6  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    LOCALHOST is a host name that usually refers to one specific IP address, but can be others. Usually, it refers to a LOOPBACK address. This is defined as an address in the range 127.0.0.0 through 127.255.255.255. As always, the first and last address in that range are reserved.   The address range is used to refer to the 'local host'. That is, it's used by a program to talk to another program on the same system. It can be used for testing TCP/IP functions when you only have one computer to work with for example. It allows all of the network communication to work, but none of the signals go out the adapter. All communication stays inside the system.   Although any (non-reserved) address in the range can be used, the 127.0.0.1 address is almost always the one that people (and programs) choose to use. The LOOPBACK host name essentially always goes to 127.0.0.1 by default.   But the LOCALHOST host name usually must be defined on Windows. (It might be a default definition in Unix/Linux systems.) On Windows, you should see an an entry for LOCALHOST in your system's HOSTS table.   Be aware that if your system is configured to search remote DNS first, a LOCALHOST entry in the DNS server table can take precedence over the system's HOSTS table entry. It's a good idea to ping the LOCALHOST name to see if it resolves to 127.0.0.1 or at least another 127.x.x.x address. (I had real difficulty trying to explain to one customer why they had so much trouble using LOCALHOST while giving remote DNS priority. They couldn't understand why one application kept trying to connect to some foreign system when they wanted to connect to their local database server, i.e., the database system on LOCALHOST.)   In short, a connection to LOCALHOST rarely means anything related to "hacking". It could, though it's not clear how/why it would.   It's common for LOCALHOST to be used by security functions, e-mail scanners for one example. The function might connect to an e-mail server on one port to receive e-mails, the e-mails are scanned, and then the function passes them to the e-mail program through a different port. That second port would likely have a LOCALHOST address. The LOCALHOST name would show in NETSTAT if LOCALHOST was listed in the HOSTS table (or the address otherwise resolved to the name.)   If you can get your support person to explain why there is concern about "hacking", it would be interesting to read. It's possible that your organization's configurations makes LOCALHOST an unlikely name to see, or some other reason might exist, I suppose.   Tom
    125,585 pointsBadges:
    report
  • TomLiotta
    BTW, the impulse.com address would seem to be perfectly valid. One of your network administrators should be able to verify that. -- Tom
    125,585 pointsBadges:
    report
  • carlosdl
    You might want to download and run Sysinternals' TcpView , which is similar to netstat but provides additional details/options.
    68,365 pointsBadges:
    report
  • greenmusic23f
    I will now further display my ignorance by posting a follow up question: Does any part of your answer change if I am at home and on a Mac? Thanks, Chris
    65 pointsBadges:
    report
  • TomLiotta
    Does any part of your answer change if I am at home and on a Mac?   My answer doesn't change.   TCP/IP necessarily works the same (in terms of your question) regardless of platform or location. Current OS X now uses common BSD-licensed sockets. Previously, the TCP/IP was Open Transport, a STREAMS implementation. If your Mac is even older (pre-1996), it would use 'MacTCP', but it still needed to conform to general TCP/IP standards in order to communicate successfully with other systems.   Regardless, if netstat is run and LOCALHOST is seen, the meanings will be the same.   Carlosdl might have a minor proposed change for a Mac version of the Sysinternals TcpView utility. I'm not aware of one, but I have little familiarity with utilities for a Mac environment. There shouldn't be much need for a similar Mac utility except for developers of TCP/IP programming.   Tom
    125,585 pointsBadges:
    report
  • greenmusic23f
    Good to know, thanks for your help.  Hopefully I just misunderstood the other guy. But again, thanks for your time and patience! Chris
    65 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following