Strange connections to/from my server

Hi there, i can see this type of connections frequently on my server:

tcp 0 1 mydomain.com:47601 61.103.119.7:auth SYN_SENT
tcp 0 1 mydomain.com:47602 61.103.119.7:auth SYN_SENT
tcp 0 1 mydomain.com:47596 61.103.119.7:auth SYN_SENT
tcp 0 1 mydomain.com:47597 61.103.119.7:auth SYN_SENT
tcp 0 1 mydomain.com:47598 61.103.119.7:auth SYN_SENT
tcp 0 1 mydomain.com:47599 61.103.119.7:auth SYN_SENT
tcp 0 1 mydomain.com:47592 61.103.119.7:auth SYN_SENT
tcp 0 1 mydomain.com:47594 61.103.119.7:auth SYN_SENT
tcp 0 1 mydomain.com:47595 61.103.119.7:auth SYN_SENT
tcp 0 1 mydomain.com:47588 61.103.119.7:auth SYN_SENT
tc

tcp 0 59 mydomain.comStrange connections to/from my servermtp 61.103.119.7:2087 ESTABLISHED
tcp 0 56 mydomain.comStrange connections to/from my servermtp 61.103.119.7:2086 ESTABLISHED
tcp 0 175 mydomain.comStrange connections to/from my servermtp 61.103.119.7:2085 ESTABLISHED
tcp 0 175 mydomain.comStrange connections to/from my servermtp 61.103.119.7:2084 ESTABLISHED
tcp 0 175 mydomain.comStrange connections to/from my servermtp 61.103.119.7:2083 ESTABLISHED
tcp 0 56 mydomain.comStrange connections to/from my servermtp 61.103.119.7:2082 ESTABLISHED
tc
tcp 0 33 mydomain.comStrange connections to/from my servermtp 61.103.119.7:2090 ESTABLISHED
tcp 0 33 mydomain.comStrange connections to/from my servermtp 61.103.119.7:2089 ESTABLISHED
tcp 0 0 mydomain.comStrange connections to/from my servermtp 61.103.119.7:zephyr-clt ESTABLISHED
tcp 0 0 mydomain.comStrange connections to/from my servermtp 61.103.119.7:zephyr-srv ESTABLISHED
tcp 0 0 mydomain.comStrange connections to/from my servermtp 61.103.119.7:zephyr-hm ESTABLISHED
u

It seems that my server is establishing connections to the other server, sometimes i found the connections the other way around: the remote server port being smtp

This seems to be a korean site.

Does anybody have an idea of what could this mean? Should i better block this ip?

I think it might be a spammer, how can i detect what he is trying to do so i can prevent it?

Regards Strange connections to/from my server

 

 

 

 

Top