Who's calling home?

My logs are full of this dude trying to get out. Anyone know what or who it is? Should I be concerned?

Any help appreciated.

Kansai

 

ff ff ff ff ff ff is a broadcast address in Ethernet (i.e. it reaches every other node in your local network). This is most likely to be DHCP (Dynamic Host Configuration Protocol - used to acquire an IP address and therefore both legitimate and necessary) but you would need to check the packet contents to be certain.

 

Thanks for the reply.
How do I check the packet content?

Kansai

 

Use a packet sniffer like Ethereal or the Socket Spy function of Port Explorer.

Edit: Socket Spy will only work with IP packets - you will probably need Ethereal. That broadcast packet could also have been an ARP request (see Address Resolution Protocol (arp) for more details).

 

MSSQL server.exe

Must have been a leftover when I was using TrackIT (help desk software) in my diploma course at tech.
Port explorer highlighted all the connections, I deleted the software and all is quiet in the logs again.

Thanx for your time. Cheers.

Kansai