intrusion ?

This doesn't

http://67.43.4.157/ A site you use?

Jason

So, what person on your net it trying to connect to a web server on

67.43.4.157? (Actually, it looks like some web forum.) Is your host infected, or are you just trying to autoload some site?

And?

It could be that your router is mis-configured, but any time you see traffic from a "high" port (over 1025) to a "low" port on a remote site, the odds that the traffic did NOT originate on your host are about the same as finding that your neighbor is actually an extra-terrestrial - it's possible, but EXTREMELY unlikely.

[compton ~]$ whois 67.43.4.157 [whois.arin.net] NetRange: 67.43.0.0 - 67.43.15.255 OrgName: Liquid Web OrgID: LQWB Address: 4210 Creyts Rd. City: Lansing StateProv: MI PostalCode: 48917 Country: US [snip] [compton ~]$ rwhois rwhois.liquidweb.com 67.43.4.157 %rwhois V-1.5:003eff:00 rwhois.liquidweb.com (by Network Solutions, Inc. V-1.5.7.4) network:Class-Name:network network:ID:NETBLK-UFOHOSTING.67.43.4.157/32 network:Auth-Area:67.43.0.0/20 network:Network-Name:UFOHOSTING-67.43.4.157 network:IP-Network:67.43.4.157/32 network:IP-Network-Block:67.43.4.157-67.43.4.157 network:Organization;I:UFOHOSTING network:Org-Name:ufo hosting network:Street-Address:116 paterson street birkenhead network:City:merseyside network:State:wirral mer network:Postal-Code:ch414bj network:Country-Code:UK network:Tech-Contact;I: snipped-for-privacy@hotmail.com network:Abuse: snipped-for-privacy@liquidweb.com network:Created:20050503 network:Updated:20050503 network:Updated-By: snipped-for-privacy@liquidweb.com

I'm told that using a 'hotmail' address for business is a violation of hotmail's Acceptable Use Policy. It's rather interesting that the domain information only reached the referral server today.

Old guy

IP belongs to Liquid Web. Installed anything from their site recently?