Typically those ports are registered to IRC servers, so on initial blush I would say yes, it's possible it is an exploit, but I don't really have more information than that off the top of my head. On Fri, Oct 3, 2008 at 10:57 AM, Alex H. Vandenham <ahv [ at ] avantel [ dot ] ca> wrote: > I'm seeing tcp traffic originating from my server going from the > 'Registered' > ports to the port range of 6660-7000. I do not see a pattern to the > destination addresses but there are many. I run 'netstat' fairly regularly > and can't recall seeing this before. > > I've temporarily blocked outgoing traffic to those ports so they are all in > the 'SYN_SENT' state. It does not appear to be causing my known apps to > suffer?? > > The server is old - running FC5 with incoming traffic limited to smtp and > http > by a dedicated firewall/router. The sw is as up-to-date as the FC5 > repositories (ie. outdated) > > I've searched google for known vulnerabilities but have not found anything > that matches what I'm seeing. Is it just something I've missed all this > time > or a true change/problem? If it's a problem, I suppose it's time for an > update to something more recent . . . > > Any ideas / suggestions / help appreciated. > > Thanks; > > Alex V. > ==== > > -- > This message has been scanned for viruses and > dangerous content by Avantel Systems, and is > believed to be clean. > > _______________________________________________ > Linux mailing list > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > http://oclug.on.ca/mailman/listinfo/linux >