unexpected outgoing traffic

2025-04-14

I have a dedicated CentOS box at layeredtech, and I'm seeing a lot of outgoing traffic blocked by my firewall (APF). I can't for the life of me think of what this traffic might be -- and it looks suspicious to me (traffic to different IP addresses on lots of different high number ports). I have a firewall installed, I've ran rkhunter and chkrootkit, neither of which turn anything up. I've checked /tmp for any executable files, and I don't see anything out of the ordinary. Is there anything else I can / should do to figure out what's going on?

From the logwatch email that the server generates:

From XX.XX.XX.XXX - 458 packets
To 24.90.133.36 - 99 packets
Service: 35609 (tcp/35609) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 35635 (tcp/35635) (** OUT_TCP DROP **,none,eth0) - 10 packets
Service: 35641 (tcp/35641) (** OUT_TCP DROP **,none,eth0) - 10 packets
Service: 35701 (tcp/35701) (** OUT_TCP DROP **,none,eth0) - 10 packets
Service: 35713 (tcp/35713) (** OUT_TCP DROP **,none,eth0) - 9 packets
Service: 35715 (tcp/35715) (** OUT_TCP DROP **,none,eth0) - 9 packets
Service: 35765 (tcp/35765) (** OUT_TCP DROP **,none,eth0) - 10 packets
Service: 35777 (tcp/35777) (** OUT_TCP DROP **,none,eth0) - 10 packets
Service: 36064 (tcp/36064) (** OUT_TCP DROP **,none,eth0) - 10 packets
Service: 36074 (tcp/36074) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 36076 (tcp/36076) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 24.193.39.51 - 48 packets
Service: 1976 (tcp/1976) (** OUT_TCP DROP **,none,eth0) - 10 packets
Service: 1993 (tcp/1993) (** OUT_TCP DROP **,none,eth0) - 10 packets
Service: 54482 (tcp/54482) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 54497 (tcp/54497) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 54519 (tcp/54519) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 54524 (tcp/54524) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 65.100.37.52 - 56 packets
Service: 34431 (tcp/34431) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 34433 (tcp/34433) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 34444 (tcp/34444) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 34447 (tcp/34447) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 34454 (tcp/34454) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 34478 (tcp/34478) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 34479 (tcp/34479) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 34480 (tcp/34480) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 66.59.184.70 - 12 packets
Service: 3386 (tcp/3386) (** OUT_TCP DROP **,none,eth0) - 12 packets
To 66.179.81.244 - 7 packets
Service: 22692 (tcp/22692) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 66.196.101.88 - 7 packets
Service: 57069 (tcp/57069) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 66.218.65.52 - 16 packets
Service: 25023 (tcp/25023) (** OUT_TCP DROP **,none,eth0) - 9 packets
Service: 42417 (tcp/42417) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 66.218.65.53 - 42 packets
Service: 23774 (tcp/23774) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 30453 (tcp/30453) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 30813 (tcp/30813) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 39443 (tcp/39443) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 41508 (tcp/41508) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 47583 (tcp/47583) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 68.165.58.125 - 7 packets
Service: 1514 (tcp/1514) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 69.90.250.19 - 14 packets
Service: 50809 (tcp/50809) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 60368 (tcp/60368) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 69.108.127.128 - 31 packets
Service: 1231 (tcp/1231) (** OUT_TCP DROP **,none,eth0) - 10 packets
Service: 1232 (tcp/1232) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: bvcontrol (tcp/1236) (** OUT_TCP DROP **,none,eth0) - 7 packets
Service: 1267 (tcp/1267) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 81.172.116.34 - 1 packet
Service: 1611 (tcp/1611) (** OUT_TCP DROP **,none,eth0) - 1 packet
To 141.151.81.26 - 9 packets
Service: 3139 (tcp/3139) (** OUT_TCP DROP **,none,eth0) - 9 packets
To 148.244.150.58 - 7 packets
Service: 37660 (tcp/37660) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 151.197.37.200 - 7 packets
Service: 4429 (tcp/4429) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 201.133.200.42 - 7 packets
Service: 61576 (tcp/61576) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 206.196.125.85 - 7 packets
Service: 46345 (tcp/46345) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 207.46.98.34 - 7 packets
Service: 53821 (tcp/53821) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 211.179.213.251 - 10 packets
Service: 2844 (tcp/2844) (** OUT_TCP DROP **,none,eth0) - 10 packets
To 212.95.252.16 - 7 packets
Service: 3077 (tcp/3077) (** OUT_TCP DROP **,none,eth0) - 7 packets
To 218.38.242.68 - 8 packets
Service: 1264 (tcp/1264) (** OUT_TCP DROP **,none,eth0) - 8 packets
To 218.64.132.131 - 2 packets
Service: 4244 (tcp/4244) (** OUT_TCP DROP **,none,eth0) - 1 packet
Service: 4252 (tcp/4252) (** OUT_TCP DROP **,none,eth0) - 1 packet
To 218.80.164.126 - 3 packets
Service: 1978 (tcp/1978) (** OUT_TCP DROP **,none,eth0) - 3 packets
To 218.81.162.164 - 1 packet
Service: 1589 (tcp/1589) (** OUT_TCP DROP **,none,eth0) - 1 packet
To 218.237.62.205 - 10 packets
Service: 1297 (tcp/1297) (** OUT_TCP DROP **,none,eth0) - 10 packets
To 220.170.176.49 - 1 packet
Service: 3791 (tcp/3791) (** OUT_TCP DROP **,none,eth0) - 1 packet
To 220.175.201.82 - 2 packets
Service: 3027 (tcp/3027) (** OUT_TCP DROP **,none,eth0) - 1 packet
Service: 3028 (tcp/3028) (** OUT_TCP DROP **,none,eth0) - 1 packet
To 221.139.67.152 - 9 packets
Service: zephyr-srv (tcp/2102) (** OUT_TCP DROP **,none,eth0) - 9 packets
To 221.143.188.224 - 10 packets
Service: 4133 (tcp/4133) (** OUT_TCP DROP **,none,eth0) - 10 packets
To 221.163.211.71 - 11 packets
Service: 3100 (tcp/3100) (** OUT_TCP DROP **,none,eth0) - 11 packets

thanks for your help!

BR