On Mon, Mar 17, 2014 at 7:10 AM, ybed0 wrote: > I had nothing running (eg browsers or other clients). What could it be?
Looking at the wireshark Statistics -> Protocol Hierarchy tool, it appears that random machines on the Internet are attempting to connect to TCP and UDP ports 54424 and 59520. Linux on your computer is responding to these packets saying that the ports are closed. The data in the UDP packets is one of these lengths: 20 30 67 101 103. The longer packets are more interesting. The have some strings like ping1 and find_node1. A web search for them turns up this page where some folks are discussing a similar issue. It appears that this is to do with the Kademlia distributed hash table. If the IP you are now using has ever used any of the peer-to-peer networks listed in the implementations section of the Wikipedia page about Kademlia, you will probably see these connections/packets. I guess they will gradually reduce over time as your IP address gets dropped by clients. http://es.comp.hackers.narkive.com/jcAAu5K5/puerto-13406 https://en.wikipedia.org/wiki/Kademlia https://en.wikipedia.org/wiki/Kademlia#Implementations -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAKTje6F8GM9LLX5t=s_pxvxdmxv0jrmawpcv_j8u4z5tcr_...@mail.gmail.com
