I found the following ports had been added to my small business’ router port forwarding section today. Are these valid ports or have we been hacked by some software?
RTSP_841653 on 2688-2689 pointing to .106
SP_640349 on 2972-2973 pointing to .106
.106 is the wireless connection to a laptop computer in the office
Hijackthis and Norton haven’t found anything running on the machine.
One google result I found (the only one) had a link to something about Squid Server – something I had heard of before from the owner of the company when talking about his “dream” of blocking all internet sites except the ones he designates (our vendors)
I’m the IT guy, but if he installed this software it might be done without my involvement as only he wants to have the ability to allow/disallow sites.