[CLUG-tech] Ports 1026-1028/udp?

Johann Spies jspies at sun.ac.za
Tue Dec 11 10:37:22 SAST 2007


On my mailservers I find the following report by fwanalog (the IP Address
being the external interface of the mail server):


    621:  99.20%: 306.92: Dec/10/07 11:58 PM:   146.232.64.21/udp
    221:  35.30%: 107.56: Dec/10/07 11:58 PM:     146.232.64.21:1026/udp
    197:  31.47%:  98.50: Dec/10/07 11:58 PM:     146.232.64.21:1027/udp
    197:  31.47%:  98.50: Dec/10/07 11:58 PM:     146.232.64.21:1028/udp
      6:   0.96%:   2.37: Dec/10/07  3:47 PM:     146.232.64.21:ms-sql-m (1434)/udp

So far I could not find out what is causing this traffic.

I am running exim, spamassassin (with razor de-activated at this moment),
clamav and postgresql on the servers.

Any idea on what it is?

Netstat -planu did not show anything when I tried to find out which process is
responsible for the traffic - but then I don't know when the traffic is there
beforehand.

Regards
Johann
-- 
Johann Spies          Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch

     "The spirit of the Lord GOD is upon me; because the 
      LORD hath anointed me to preach good tidings unto the 
      meek; he hath sent me to bind up the brokenhearted, to
      proclaim liberty to the captives, and the opening of 
      the prison to them that are bound."                 
                                        Isaiah 61:1 


More information about the clug-tech mailing list