Hello,
I recently ran a network monitor called iptraf on my Ubuntu
machine and I noticed a couple of suspicious entries as follows:
address:port packets bytes flags interface
68.186.206.6:2381 = 1 48 S--- eth0
└202.88.246.50:radmin-por = 0 0 ---- eth0
┌202.88.240.108:3023 = 2 96 S--- eth0
└202.88.246.50:ms-sql-s = 0 0 ---- eth0
┌202.88.240.108:1975 = 1 48 S--- eth0
└202.88.246.50:ms-sql-s = 0 0 ---- eth0
What made me take note of it was that not one of them is my machine's
IP. Also the 'S' signifies they are initiating connection. I have all
the ports closed by default as I ran nmap and checked. I do not have
mysql or apache running. But the listing above shows that one of the
port is ms-sql-s though not my IP.
Could some one please tell what is going on here ? And what is this
radmin-port? Another question I have is that is it possible for some
one to gain access to my machine if ipv6 is enabled ? It is enabled by
default on my machine. And if I decide to run a firewall will it also
cover ipv6 or just the ipv4 ones?
Thanks in advance
Ravi
