[SWLUG] Odd traffic. What is going on here?

Jonathan Wright jonathan at netwrker.co.uk
Tue May 8 14:49:14 UTC 2007


Neil Jones wrote:
> The modem is flashing like mad and sometimes there is disk activity. 
> This has occurred when I have come back to my computer after being out
> of the room for a while so I cannot be doing it.

If your computer is directly connected to the Internet and has a public 
IP address then sporadic busts of traffic (and the hard-drive activity 
that comes with it) are not unusual.

Pretty much every possible IP address will be regulary tested for holes, 
exploits or just plain brute-force attacks.

In your case, it looks like someone is trying a brute-force attach on 
the SSH port of your system trying to see if there's an account with a 
weak password.

This will bring with it hard-drive activity as each failed login attempt 
will be written to the log files.

Same goes with the firewall - if you have a log request at the end of 
any of the rules (which is usually the case before your drop packets), 
if anyone's scanning your system for open ports that can bring alot of 
activity for both the modem and the hard drive.

Personally, I don't think it's that much to worry about. So long as you 
have a firewall enabled and a minimum amount of ports, etc. open to the 
Internet as is necessary then there's little change of any 'script 
kiddies' from getting access.

-- 
  Jonathan Wright                           jonathan at netwrker.co.uk
                                              http://netwrker.co.uk

  cat /dev/random (you never know, you may see something you like!)

  2.6.20-gentoo-r7-netwrker-b3 AMD Athlon(tm) XP 2100+
  up 1 day, 22:48, 1 user, load average: 0.76, 0.96, 0.97



More information about the Swlug mailing list