I've noticed some weird unexpected traffic in MT firewall logs:
Code: Select all
192.168.2.4:47306->192.168.0.6:57274, len 60
192.168.2.4:39230->192.168.0.101:12394, len 60
192.168.2.4:35307->192.168.0.16:24874, len 60
192.168.2.4:48951->192.168.0.5:39748, len 60
192.168.1.3:50595->192.168.0.101:7611, len 60
192.168.1.3:50596->192.168.0.101:7611, len 60
192.168.2.4:54503->192.168.0.14:50014, len 60
192.168.2.4:51997->192.168.0.9:45682, len 60
192.168.2.4:39661->192.168.0.101:80, len 60
192.168.2.4:32931->192.168.0.107:14496, len 60
192.168.2.4:58863->192.168.0.10:62348, len 60
192.168.2.4:37398->192.168.0.10:62348, len 60
192.168.2.4:40110->192.168.0.10:62348, len 60
192.168.2.4:47362->192.168.0.10:62348, len 60
192.168.2.4:58904->192.168.0.10:62348, len 60
192.168.2.4:50967->192.168.0.10:62348, len 60
192.168.2.4:44147->192.168.0.10:62348, len 60
192.168.2.4:38873->192.168.0.6:24874, len 60
192.168.2.4:53818->192.168.0.8:51902, len 60
192.168.2.4:57779->192.168.0.8:51902, len 60
192.168.2.4:43269->192.168.0.113:12743, len 60
192.168.2.4:56523->192.168.0.20:43611, len 60
192.168.2.4:38612->192.168.0.4:50321, len 60
192.168.2.4:47274->192.168.0.108:43611, len 60
192.168.2.4:39380->192.168.0.113:12743, len 60
192.168.2.4:49999->192.168.0.108:43611, len 60
192.168.2.4:54267->192.168.0.108:43611, len 60
192.168.2.4:36526->192.168.0.108:43611, len 60
192.168.2.4:50535->192.168.0.108:43611, len 60
192.168.2.4:52579->192.168.0.108:43611, len 60
192.168.2.4:47929->192.168.0.5:26554, len 60
192.168.2.4:44269->192.168.0.12:20433, len 60
192.168.2.4:40253->192.168.0.8:35885, len 60
192.168.2.4:35074->192.168.0.3:43896, len 60
192.168.2.4:44583->192.168.0.3:26085, len 60
192.168.2.4:43013->192.168.0.123:8598, len 60
192.168.2.4:44811->192.168.0.102:24874, len 60
192.168.2.4:57019->192.168.0.12:49548, len 60
192.168.2.4:41150->192.168.0.3:22029, len 60
192.168.2.4:50993->192.168.0.12:20433, len 60
192.168.2.4:34978->192.168.0.6:25522, len 60
192.168.2.4:54048->192.168.0.12:20433, len 60
192.168.2.4:32949->192.168.0.12:20433, len 60
192.168.2.4:44551->192.168.0.12:20433, len 60
192.168.2.4:58439->192.168.0.12:20433, len 60
192.168.2.4:60260->192.168.0.103:8316, len 60
192.168.2.4:56349->192.168.0.12:20433, len 60
192.168.2.4:40051->192.168.0.12:20433, len 60
192.168.2.4:33629->192.168.0.12:20433, len 60
192.168.2.4:52024->192.168.0.3:44822, len 60
192.168.2.4:49533->192.168.0.8:51902, len 60
192.168.2.4:56473->192.168.0.8:51902, len 60
192.168.2.4:39449->192.168.0.8:51902, len 60
192.168.2.4:49914->192.168.0.8:51902, len 60
192.168.2.4:55597->192.168.0.8:51902, len 60
192.168.2.4:60496->192.168.0.8:51902, len 60
192.168.2.4:34218->192.168.0.8:51902, len 60
192.168.1.6:53902->192.168.0.100:7712, len 60
192.168.1.6:53903->192.168.0.100:7712, len 60
192.168.1.6:55010->192.168.0.100:7712, len 60
192.168.1.6:55013->192.168.0.100:7712, len 60
How should I react to such incident properly? I'm using linux OpenSUSE on all machines.
