nmap Xmas scans and unrecognized outcoming connections
Two days ago one of my machines started to receive several nmap Xmas
scans from 184.108.40.206. Later, in another machine which is running under
Debian etch, Firestarter showed me four outcoming connections to the
same ip address with destination ports 80, 44285, 41182 and 43275. Those
connections are not used by any client application and they are not
recognized by netstat. In addition, the target ip address (a comcast
range address) don't seem to be giving http access, and it have all of
its ports filtered.
I don't know how to proceed in order to determine what application is
using those connections or what are they used for. They are still active
since two days ago.
Thanks in advance.