To me that looks like web traffic, first two http-gets going out then the response. Do a packet capture and we will see. Do you have any toolbars that get updates (weather plugin, time sync, rss), or some automated update tool?
On Wed, Aug 12, 2009 at 5:23 PM, Rick Welykochy <[email protected]> wrote: > Hi sluggers, > > I thought I understood the mechanics of NAT. My modem blocks all incoming > requests to my 192.168.0.* internal network, save a few port forwards, i.e. > about five ports are open. > > During an idle period today I noticed annoying but consistent > traffic of about 100 bytes/sec. Why? > > tcpdump reveals that my local machine on 192.168.0.27 is responding to > what seems to be a port scan from Germany (62.67.50.112) ... > > 17:20:28.677718 IP 192.168.0.27.52262 > 62.67.50.112.80: . ack 1 win 65535 > <nop,nop,timestamp 1078011251 3938531074> > 17:20:28.677842 IP 192.168.0.27.52262 > 62.67.50.112.80: P 1:607(606) ack 1 > win 65535 <nop,nop,timestamp 1078011251 3938531074> > 17:20:29.045173 IP 62.67.50.112.80 > 192.168.0.27.52262: . ack 607 win 55 > <nop,nop,timestamp 3938531166 1078011251> > 17:20:29.055137 IP 62.67.50.112.80 > 192.168.0.27.52262: P 1:306(305) ack > 607 win 55 <nop,nop,timestamp 3938531167 1078011251> > > Their egress port is always 80 (suspicious in itself) and > my ingress port is climbing through all numbers, serially. > > My possible misunderstanding of NAT is that my local machine > on .27 should not even be seeing this traffic since it *should* > be blocked at the modem/router. > > Is it me or is it the modem that is wrong? > > > cheers > rickw > > > -- > _________________________________ > Rick Welykochy || Praxis Services > > Beware of he who would deny you information, > for in his mind he dreams of being your master. > -- message on a computer game > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
