Project

General

Profile

Bug #5788

Updated by Fred Tacoberger 12 months ago

I've been monitoring this for a while now.    I use an application firewall to allow/deny outgoing traffic to just things I expect. So for adiirc, that's just the IPs and ports of irc servers I am connecting to. I don't make use of DCC.   

 Strangely I see these random alerts pop up trying to connect to an IP and high port. It seems like mostly IP ranges belonging to ISPs. Here's my log so far: 

 <pre> ~~~ 
 2023-11-27 19:37 65.21.140.20 54002 HetznerOnline 
 2023-11-28 20:39 185.149.91.161    23423 Seedboxes 
 2023-11-29 02:31 96.2.31.181 64949 MidcontinentCommunications 
 2023-11-29 15:34 76.35.33.115 37800 CharterCommunications 
 2023-11-29 21:29 169.150.223.202 64911 datacamp.co.uk 
 2023-11-30 17:34 162.231.203.192 8999 AT&T 
 2023-12-01 13:02 203.214.75.104 51413 iinet.net.au 
 </pre> 


 ~~~ 

 This has been going on a lot longer than the last 5 days. I just decided to start documenting it.    What could possibly explain these outbound requests? It's making me paranoid. I ran several different AV scans and a root kit scanner.    Nothing seems wrong.    I also uploaded the latest adiirc installer to virustotal.    I only see a couple false positives.   

 It would put my mind at ease to know what these are.    I did capture one request with wireshark, but it was just scrambled -- nothing obvious like http or something else plaintext.

Back