Bug #5788
Updated by Fred Tacoberger 6 months ago
I've been monitoring this for a while now. I use an application firewall to allow/deny outgoing traffic to just things I expect. So for adiirc, that's just the IPs and ports of irc servers I am connecting to. I don't make use of DCC. Strangely I see these random alerts pop up trying to connect to an IP and high port. It seems like mostly IP ranges belonging to ISPs. Here's my log so far: <pre> ~~~ 2023-11-27 19:37 65.21.140.20 54002 HetznerOnline 2023-11-28 20:39 185.149.91.161 23423 Seedboxes 2023-11-29 02:31 96.2.31.181 64949 MidcontinentCommunications 2023-11-29 15:34 76.35.33.115 37800 CharterCommunications 2023-11-29 21:29 169.150.223.202 64911 datacamp.co.uk 2023-11-30 17:34 162.231.203.192 8999 AT&T 2023-12-01 13:02 203.214.75.104 51413 iinet.net.au </pre> ~~~ This has been going on a lot longer than the last 5 days. I just decided to start documenting it. What could possibly explain these outbound requests? It's making me paranoid. I ran several different AV scans and a root kit scanner. Nothing seems wrong. I also uploaded the latest adiirc installer to virustotal. I only see a couple false positives. It would put my mind at ease to know what these are. I did capture one request with wireshark, but it was just scrambled -- nothing obvious like http or something else plaintext.