My Ubuntu 10.04LTS Server has a nearly continuous stream of outgoing attempts to contact IP Addresses belonging to Proxy servers. For example...
HideSmart.com
ByPass.ohbah.com
ProxyWorld.com
ProxyStealth.com
MyPrivatgeProxy.com
ShieldProxy.com
CheapPrivateProxy.com
and many, many others
The port is 123 (NTP).
I have the NTP service disabled. (Actually, it's not installed) so should it still be generating outgoing NTP traffic at all ?
My guess is that a database or web pages(s) have been compromised and something is generating this traffic. But at this point that's just a guess.
Is there something Ubuntu does (such as checks for updates that this could be related to or is this behavior suspicious?
Finally, if this is not normal, how would I best go about tracking down the offending code or database ?
thx
Bookmarks