[svlug] IP added to my fire wall (on its own)

[Ron Jackson]

I noticed this IP address: 202.99.11.99 It looks like it is from China. 

I have only one account that can log in and it has a cryptic name and password. Therefore I think it was some code I compiled and ran for a financial application. 

I grepped many if these messages from the log file. Can anyone tell me what these are?

messages:Feb 14 07:49:54 spinoza kernel: Inbound IN=eth0 OUT= MAC=00:14:c1:0e:c8:b0:00:90:1a:40:aa:4d:08:00 SRC=65.118.127.41 DST=72.1.149.249 LEN=56 TOS=0x00 PREC=0x20 TTL=252 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=72.1.149.249 DST=202.99.11.99 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=11334 PROTO=UDP SPT=64006 DPT=33440 LEN=48 ]
messages:Feb 14 07:49:54 spinoza kernel: Inbound IN=eth0 OUT= MAC=00:14:c1:0e:c8:b0:00:90:1a:40:aa:4d:08:00 SRC=65.118.127.41 DST=72.1.149.249 LEN=56 TOS=0x00 PREC=0x20 TTL=252 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=72.1.149.249 DST=202.99.11.99 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=11335 PROTO=UDP SPT=64007 DPT=33441 LEN=48 ]
messages:Feb 14 07:49:54 spinoza kernel: Inbound IN=eth0 OUT= MAC=00:14:c1:0e:c8:b0:00:90:1a:40:aa:4d:08:00 SRC=65.118.127.41 DST=72.1.149.249 LEN=56 TOS=0x00 PREC=0x20 TTL=252 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=72.1.149.249 DST=202.99.11.99 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=11336 PROTO=UDP SPT=64008 DPT=33442 LEN=48 ]
messages:Feb 14 07:49:54 spinoza kernel: Inbound IN=eth0 OUT= MAC=00:14:c1:0e:c8:b0:00:90:1a:40:aa:4d:08:00 SRC=205.171.214.33 DST=72.1.149.249 LEN=56 TOS=0x00 PREC=0x20 TTL=251 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=72.1.149.249 DST=202.99.11.99 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=11337 PROTO=UDP SPT=64009 DPT=33443 LEN=48 ]


       
---------------------------------
Looking for last minute shopping deals?  Find them fast with Yahoo! Search.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.svlug.org/archives/svlug/attachments/20080214/d53ebc91/attachment.htm