[SWLUG] Odd traffic. What is going on here?
Jonathan Wright
jonathan at netwrker.co.uk
Tue May 8 14:49:14 UTC 2007
Neil Jones wrote:
> The modem is flashing like mad and sometimes there is disk activity.
> This has occurred when I have come back to my computer after being out
> of the room for a while so I cannot be doing it.
If your computer is directly connected to the Internet and has a public
IP address then sporadic busts of traffic (and the hard-drive activity
that comes with it) are not unusual.
Pretty much every possible IP address will be regulary tested for holes,
exploits or just plain brute-force attacks.
In your case, it looks like someone is trying a brute-force attach on
the SSH port of your system trying to see if there's an account with a
weak password.
This will bring with it hard-drive activity as each failed login attempt
will be written to the log files.
Same goes with the firewall - if you have a log request at the end of
any of the rules (which is usually the case before your drop packets),
if anyone's scanning your system for open ports that can bring alot of
activity for both the modem and the hard drive.
Personally, I don't think it's that much to worry about. So long as you
have a firewall enabled and a minimum amount of ports, etc. open to the
Internet as is necessary then there's little change of any 'script
kiddies' from getting access.
--
Jonathan Wright jonathan at netwrker.co.uk
http://netwrker.co.uk
cat /dev/random (you never know, you may see something you like!)
2.6.20-gentoo-r7-netwrker-b3 AMD Athlon(tm) XP 2100+
up 1 day, 22:48, 1 user, load average: 0.76, 0.96, 0.97
More information about the Swlug
mailing list