Using RPI3 Raspbian Jessie with PIXEL connected to Internet via LAN (ADSL)
Using also fail2ban to protect SSH access....
With iptraf and/or 'netstat -plant' I see:
myRPI:58234 connected to 220.127.116.11:6667 TCP (Student housing networks Sweden)
myRPI:58246 connected to 18.104.22.168:6667 TCP (Student housing networks Sweden)
myRPI:55924 SYN_SENT to 22.214.171.124:6667 TCP (dsl.telesp.net-br)
myRPI:45562 to 126.96.36.199:6667 TCP (dsl.net.metronet.hr)
myRPI:41702 to 188.8.131.52:6667 (QTEL-ADSL-POOL)
And many more connections always with port 6667, and a few bytes of exchange (normally a maximum of 240 bytes with 4 packets from RPI3 and zero bytes from the remote IP).
It therefore seems to be my RPI3 to take the initiative to connect the remote station .... but not sure ...
6667 is IRC port (Internet Relay Chat) !
WIKIPEDIA says: "Internet Relay Chat (IRC) is an application layer protocol that facilitates communication in the form of text. The chat process works on a client/server networking model. IRC clients are computer programs that a user can install on their system. These clients communicate with chat servers to transfer messages to other clients."
I do not understand what's going on ....
Can someone help me ?
Besides fail2ban it is best to install some other protection?
There are other linux commands to better analyze the situation (... for example to identify the app generates the connection) ?
with netstat -n I see connections unix2 and unix3 STRAM or DGRAM with path @/tmp/..... or /run/..... or /var/.....
What are ?
should be deleted?