From: Dermot Paikkos (dermot@sciencephoto.com)
Date: Tue Aug 24 2004 - 04:14:31 EDT
Hi Managers,
SYS: Dec Alpha 3000, Tru64 4.0D.
I have the above old machine that runs an MTA exim 3 plus a BIND
server. I have noticed over the last few days some unusual activity
on our router during the evenings. The activity was incoming and at
first I suspected a Windows users was downloading something over-
night. On one has confessed. I was also aware of a large increase in
spam but again this might be explained by other means.
What does concern me is there is some activity on the above server
that I can not explain and is not from my local network.
tcp 0 0 helios.1025 S010600485481094.63321
ESTABLISHED
tcp 0 0 helios.1025 S010600485481094.65021
ESTABLISHED
tcp 0 0 helios.1025 61.177.84.69.4011
ESTABLISHED
tcp 0 0 helios.1025 218.90.130.48.3167
ESTABLISHED
tcp 0 0 helios.1025 194.135.56.235.3876
ESTABLISHED
tcp 0 0 helios.1025 adsl39-107.globa.3681
ESTABLISHED
tcp 0 0 localhost.1025 *.*
LISTEN
tcp 0 0 helios.1025 *.*
LISTEN
I have disabled all non-essential services on the server and still
there is the above activity. I fear I have a virus or someone is
planted something on my server.
Can anyone advise?
Thanx.
Dp.
~~
Dermot Paikkos * dermot@sciencephoto.com
Network Administrator @ Science Photo Library
Phone: 0207 432 1100 * Fax: 0207 286 8668
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:06 EDT