Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 2 subscribers
  • Views 3828 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What could this be?

otroean
One of the computers I have on the network i making this trafic. What could it be?

22:53:28  Default DROP  UDP 
192.168.0.101  :  1772
→ 
88.89.4.18  :  62372

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:28  Default DROP  UDP 
192.168.0.101  :  1770
→ 
88.90.9.69  :  63475

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:28  Default DROP  UDP 
192.168.0.101  :  1771
→ 
10.0.0.13  :  65040

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:29  Default DROP  UDP 
192.168.0.101  :  1773
→ 
192.168.2.2  :  54046

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:29  Default DROP  UDP 
192.168.0.101  :  1772
→ 
88.89.4.18  :  62372

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:29  Default DROP  UDP 
192.168.0.101  :  1770
→ 
88.90.9.69  :  63475

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:30  Default DROP  UDP 
192.168.0.101  :  1771
→ 
10.0.0.13  :  65040

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:30  Default DROP  UDP 
192.168.0.101  :  1773
→ 
192.168.2.2  :  54046

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:30  Default DROP  UDP 
192.168.0.101  :  1772
→ 
88.89.4.18  :  62372

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:30  Default DROP  TCP 
192.168.0.101  :  1866
→ 
192.168.1.104  :  1166

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:30  Default DROP  TCP 
192.168.0.101  :  1867
→ 
77.222.197.203  :  1166

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:30  Default DROP  TCP 
192.168.0.101  :  1862
→ 
10.0.0.4  :  64418

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:31  Default DROP  TCP 
192.168.0.101  :  1863
→ 
80.212.123.99  :  49565

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:31  Default DROP  UDP 
192.168.0.101  :  1773
→ 
192.168.2.2  :  54046

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:32  Default DROP  UDP 
192.168.0.101  :  1772
→ 
88.89.4.18  :  62372

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:33  Default DROP  TCP 
192.168.0.101  :  1866
→ 
192.168.1.104  :  1166

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:34  Default DROP  TCP 
192.168.0.101  :  1867
→ 
77.222.197.203  :  1166

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:39  Default DROP  TCP 
192.168.0.101  :  1866
→ 
192.168.1.104  :  1166

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:40  Default DROP  TCP 
192.168.0.101  :  1867
→ 
77.222.197.203  :  1166

[SYN]  len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85
22:53:45  Default DROP  2 
192.168.1.1      
→ 
224.0.0.1      

len=36  ttl=1  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:1a:70:13:cf:a9
22:53:48  Default DROP  UDP 
192.168.0.101  :  1892
→ 
88.90.197.119  :  57261

len=48  ttl=127  tos=0x00  srcmac=00:1a:70:13:cf:a9  dstmac=00:11:43:1a:50:85


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to wingman
    I don't have anything else than the range 192.168.0.1 to 192.168.0.254

    Routers, accesspoints are from 240 to 254.
    Servers and printer are from 1 to 15.
    DHCP range 100-150 (provided by the 2003 server)

    All the other ranges don't exist on my network...

    I don't know where 192.168.2.x and 10.0.0.x comes from...
  • 0 in reply to otroean
    What security do you have on the wireless access point inside your network?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    11 digits WPA2 with, big and small letters, numbers and symbols.

    None of these adresses are in my network, but could it be the computer searching for the computer he has been on network with? The reason i think so is because I know people that use those ranges... And I have used the computer on those networks...
  • 0 in reply to otroean
    Yes, it could be trying to reconnect network shares or printers or whatever, although I don't recognize the port #'s.
    Could also be malware.

    Barry
  • 0 in reply to BarryG
    Yes, ill have to ask her if I can check her computer. We are several houses on the same LAN. Is it possible to use vlans on the free homeversion? I've thought about seperating the houses. Atleast seperate my house from the other houses...
  • 0 in reply to otroean
    Yes, VLANs work fine (see my sig).
    I also posted a thread about Netgear VLAN configuration.

    A separate NIC for your house would be another option.

    Barry
  • 0 in reply to BarryG
    Yes, a seperate NIC would be an good option. Now I just have to find an identical NIC or make a backup and install from scratch with 3 NIC's.
Cookie Information Banner