I just ran iptstate and it tells me:
Source Destination Proto State TTL
192.168.0.6:1903 192.168.0.8:22 tcp ESTABLISHED 113:55:38Here's the problem.
192.168.0.8 *does not exist* on my network????192.168.0.6 is the Wi-Fi adapter on this workstation, and from research it looks like port 1903 is a standard port used for outbound http which, in this case, is connecting via ssh to the above non-existent IP.
I'm behind an AP firewall/router, which is refusing ALL INBOUND, but this seems to be starting and finishing *within my local network*.
The only possibility I can think of, is that the router has set this up as some kind of control interface to the Wi-Fi adapter, but this IP is not listed in the "attached devices" section of its web interface.
The router itself is on 192.168.0.1, so I can't think what this can possibly be; whatever it is, it doesn't respond to pings, and I can't trace it (no route to host).
The router is running DHCP, but on each box I've assigned a static address, and I've also used address reservation on the router for each respective device.
I hope this is not a case of an IP spoofing attack, but it doesn't seem likely. It looks more like the router is doing something covertly that just *looks* suspicious.
Any ideas?