posted on Jul, 14 2009 @ 03:19 PM
Here's an odd one that I can't figure out...
I'm not particularly a paranoid person, but having been a System Administrator for over 25 years I take security of my computer systems very
seriously, even at home. I have all my drives triple-encrypted at boot, I have large IP Ranges rerouted to a loopback address for outgoing and
incoming communication, I keep strong firewalls, both hardware and software based, constantly search for malware, spyware and rootkits, and even
monitor all incoming and outgoing connections to my computer.
I get the usual odd hits against my computers at home from the usual government agencies every once in a while. However, I've never had any of them
try for very long before stopping their port scan.
On the other hand, for the past 2 months I have had non-stop traffic coming in from an IP Range at General Electric to a specific NAT address on my
network, even when that computer is idle or turned off. No outgoing communication has ever been established to that IP Range, but 24/7 those inbound
attempts to communicate have been non-stop.
I've sniffed the packets that are incoming and some look like a typical port scan, however, some of them are clearly encrypted. The ones that are
encrypted are attempting communication on a very specific port.
None of my other computers, or even the 4 Datacenters I manage have similar problems. It's just my main home computer that I use for nothing other
than using VPN to connect to servers from home when there is an emergency, and playing one particular MMORPG. To be on the safe side, I've done a
low-level format of those drives and did a clean install of my OS, even though I already know nothing is phoning home...but just to eliminate every
Has anyone seen this before or experienced the same coming from a Contractor for the DoD or from General Electric specifically? Anyone know what this
non-stop encrypted traffic is or why?