Hi Managers,
SYS: Dec Alpha 3000, Tru64 4.0D.
I have the above old machine that runs an MTA exim 3 plus a BIND
server. I have noticed over the last few days some unusual activity
on our router during the evenings. The activity was incoming and at
first I suspected a Windows users was downloading something over-
night. On one has confessed. I was also aware of a large increase in
spam but again this might be explained by other means.
What does concern me is there is some activity on the above server
that I can not explain and is not from my local network.
tcp 0 0 helios.1025 S010600485481094.63321
ESTABLISHED
tcp 0 0 helios.1025 S010600485481094.65021
ESTABLISHED
tcp 0 0 helios.1025 61.177.84.69.4011
ESTABLISHED
tcp 0 0 helios.1025 218.90.130.48.3167
ESTABLISHED
tcp 0 0 helios.1025 194.135.56.235.3876
ESTABLISHED
tcp 0 0 helios.1025 adsl39-107.globa.3681
ESTABLISHED
tcp 0 0 localhost.1025 *.*
LISTEN
tcp 0 0 helios.1025 *.*
LISTEN
I have disabled all non-essential services on the server and still
there is the above activity. I fear I have a virus or someone is
planted something on my server.
Can anyone advise?
Thanx.
Dp.
~~
Dermot Paikkos * dermot_at_sciencephoto.com
Network Administrator _at_ Science Photo Library
Phone: 0207 432 1100 * Fax: 0207 286 8668
Received on Tue Aug 24 2004 - 08:16:54 NZST