DNS question to China?

JardaB · January 2, 2022, 8:22am

part of the statement netstat -t contains links to
dns1.js.chinamobile.com:domain SYN_SENT
dns2.js.chinamobile.com:domain SYN SENT

I know that the Internet is worldwide, but we are surprised which my device “reaches so far” … In LAN I have Korean SAT receiver Kaon-102, media centrum Popcorn Hour C-200, Epson XP-700, Samsung tablets, Google phones, Fujitsu comp, Philips TV, Zyxel GS-108B switch, Synology NAS

# netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State     
..
..
tcp        0      0 10.48.210.230:43776     av4.nstld.com:domain    ESTABLISHED 
tcp        0      0 10.48.210.230:2525      61.177.173.13:32474     ESTABLISHED 
tcp        0      0 10.48.210.230:2525      221.181.185.94:16494    ESTABLISHED 
tcp        0      0 10.48.210.230:56962     sentinel.turris.cz:1883 ESTABLISHED 
tcp        0      1 10.48.210.230:36314     dns1.js.chinamobile.com:domain SYN_SENT    
tcp        0      0 localhost:38265         localhost:43546         ESTABLISHED 
tcp        0      0 10.48.210.230:2525      61.177.173.13:14596     ESTABLISHED 
tcp        0      1 10.48.210.230:53316     dns2.js.chinamobile.com:domain SYN_SENT    
tcp        0      0 10.48.210.230:2525      221.181.185.151:48260   ESTABLISHED 
tcp        0      0 10.48.210.230:2525      222.187.232.39:15710    ESTABLISHED 
tcp        0      0 localhost:48174         localhost:33403         ESTABLISHED

…
…

mazhead · January 2, 2022, 4:40pm

Check this out: PaKon - Turris Documentation

JardaB · January 4, 2022, 5:33pm

I have some concerns about my internal LAN. A little much established connections to China. A total of 23 connections in the range of 221.x.x.x and 222.x.x.x I feel it could be some mobile application? I can’t think of anything else. Here is just a sample - I checked the addresses at www.abuseipdb.com or abongo.com

tcp        0      1 10.48.210.230:56798     dns2.js.chinamobile.com:domain SYN_SENT
tcp        0      1 10.48.210.230:56800     dns2.js.chinamobile.com:domain SYN_SENT
tcp        0      1 10.48.210.230:56796     dns2.js.chinamobile.com:domain SYN_SENT
tcp        0      1 10.48.210.230:56808     dns2.js.chinamobile.com:domain SYN_SENT
tcp        0      1 10.48.210.230:56808     dns2.js.chinamobile.com:domain SYN_SENT
tcp        0      0 ::ffff:10.48.210.230:5873 pencurian.earacheevince.com:63336 TIME_WAIT  
tcp        0      0 10.48.210.230:2525      222.187.232.39:17496    ESTABLISHED  ... chinatelecom.com.cn spamhouse
tcp        0      0 10.48.210.230:2525      221.131.165.75:54966    ESTABLISHED ... chinamobileltd.com spamhouse
tcp        0      0 10.48.210.230:2525      221.181.185.111:44457   ESTABLISHED ... chinamobileltd.com spamhouse
tcp        0      0 10.48.210.230:2525      221.131.165.75:43766    ESTABLISHED  ... chinamobileltd.com spamhouse

Please comment on whether this is problematic, or instructions on how to analyze it

JardaB · January 6, 2022, 6:37pm

1 *** That occurred to me, too. These destination WAN addresses missing in the Pakon records. Not a single numeric IP starting with 221 or 222, or a single domain name containing “china”

2 *** In addition, 10.48.210.230 is my assigned IP in the WAN settings on the router. Is it router or client communication in the LAN? Ask and answer for yourself

3 *** Oh, maybe I’m starting to suspect something, won’t this be RIPE Atlas communication?

4 *** Holy Cow … old (1952) civil engineer remembering Atari XL with character printer and floppy drive, Atari Basic, floppy disk 8", DOS, telephone modems, bulletin board station, old little internet without unnecessary ballast, et cetera … again famously won

5 *** As a reward, I’ll have one bottle of beer from the fridge

6 *** After all, the forum and the question asked will force the individual to turn on their own brain

  tcp  0  0  10.48.210.230:2525  221.131.165.33:17260  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  122.194.229.37:16023  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  221.181.185.94:47855  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  122.194.229.54:26912  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  222.187.254.41:54813  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  122.194.229.54:45879  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  112.85.42.119:56505  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  221.131.165.33:19851  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  122.194.229.37:55554  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  221.181.185.151:62076  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  112.85.42.74:56421  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  221.181.185.151:37757  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  122.194.229.45:64897  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  122.194.229.45:18430  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  222.186.30.112:13546  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  112.85.42.73:24307  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  221.131.165.33:53590  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  221.131.165.75:56157  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  112.85.42.74:20602  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  222.187.254.41:43910  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  112.85.42.28:59093  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  122.194.229.122:35628  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  221.181.185.143:39853  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  112.85.42.88:17894  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  221.181.185.94:44067  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  122.194.229.45:27423  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  122.194.229.45:27423  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  112.85.42.88:39183  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  112.85.42.28:34846  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  221.181.185.94:39431  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  112.85.42.71:32493  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  221.181.185.94:16749  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  221.181.185.143:34534  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  221.131.165.50:27579  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  112.85.42.119:40419  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  122.194.229.54:40943  ESTABLISHED  
  tcp  0  0  10.48.210.230:2525  112.85.42.71:61606  ESTABLISHED

system · January 9, 2022, 6:38pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.