Hi,
I am noticing a lot of traffic hitting our smoothwall box here.
It seems to be mainly hitting ports:
1062 - Veracity
1065 - SYSCOLMAN
1068 - Installation Bootstrap Proto Client
1086 - CPL Scrambler Logging
1103 - ADOBE Server 2
1117 - ARDUS Multicase Transfer
1433 - Microsoft SQL Server
1662 - netview-aix-2
1774 - global-dtserv
2011 - raid
2016 - ?
2579 - mpfoncl
3542 - HA Cluster Monitor
3620 - Epson Projector Control Port
With src ports being:
5190 - AIM
5050 - multimedia conference control tool
4431 - ???
The ips these are coming from are either American DSL connections or
from Korean address ranges.
It looks like some sort of worm scanning our system but should I be
worried? Its all only started up in the last couple of days but the
amount going on each day is getting worse. Today it seems to be slightly
slowing down the external internet access.
Keith
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
