Disquieting packets. What could cause them?

Hello,

recently a strange phenomen crept up on one of our mail-servers: Our firewall blocks packets which have a remote http port as destination (DPT=80).
Example:
Jan 20 09:06:45 jason Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=<my-ip> DST=<arbitrary-ip>.
8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=65273 DF PROTO=TCP SPT=34565 DPT=80 WINDOW=5840 RES=0x00
SYN URGP=0

I've searched high and low by utilizing 'netstat' and 'ps' but was not able to find the process causing these packets. Furtheremore, I've scanned all disks with 'clamdscan' without any result.

What can I do to find the culprit? Are there some worms or Trojans which would be likely candidates?

Thanks in advance

MvB

 

 

 

 

Top