PBX is flooding out UDP on PORT 10992 to PORT 8000 on several workstations, my Wireshark show it as an OICQ protocol. Also, this is a Asterisk box only, nothing else is running on it. Any help is greatly appreciated.
You may want to check the process status on your asterisk system to see what other processes are running.
Here is a view of the full process list.
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1476 512 ? Ss Mar18 0:01 init [3]
root 2 0.0 0.0 0 0 ? S< Mar18 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S< Mar18 0:01 [migration/0]
root 4 0.0 0.0 0 0 ? SN Mar18 6:38 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< Mar18 0:00 [watchdog/0]
root 6 0.0 0.0 0 0 ? S< Mar18 0:00 [migration/1]
root 7 0.0 0.0 0 0 ? SN Mar18 5:52 [ksoftirqd/1]
root 8 0.0 0.0 0 0 ? S< Mar18 0:00 [watchdog/1]
root 9 0.0 0.0 0 0 ? S< Mar18 0:00 [events/0]
root 10 0.0 0.0 0 0 ? S< Mar18 0:00 [events/1]
root 11 0.0 0.0 0 0 ? S< Mar18 0:00 [khelper]
root 42 0.0 0.0 0 0 ? S< Mar18 0:00 [kblockd/0]
root 43 0.0 0.0 0 0 ? S< Mar18 0:00 [kblockd/1]
root 44 0.0 0.0 0 0 ? S< Mar18 0:00 [kacpid]
root 45 0.0 0.0 0 0 ? S< Mar18 0:00 [kacpi_notify]
root 174 0.0 0.0 0 0 ? S< Mar18 0:00 [ksuspend_usbd]
root 177 0.0 0.0 0 0 ? S< Mar18 0:00 [khubd]
root 179 0.0 0.0 0 0 ? S< Mar18 0:00 [kseriod]
root 205 0.0 0.0 0 0 ? S Mar18 0:00 [pdflush]
root 206 0.0 0.0 0 0 ? S Mar18 0:00 [pdflush]
root 207 0.0 0.0 0 0 ? S< Mar18 0:00 [kswapd0]
root 208 0.0 0.0 0 0 ? S< Mar18 0:00 [aio/0]
root 209 0.0 0.0 0 0 ? S< Mar18 0:00 [aio/1]
root 373 0.0 0.0 0 0 ? S< Mar18 0:00 [kpsmoused]
root 379 0.0 0.0 0 0 ? S< Mar18 0:00 [kirqd]
root 406 0.0 0.0 0 0 ? S< Mar18 0:00 [scsi_eh_0]
root 416 0.0 0.0 0 0 ? S< Mar18 0:00 [ata/0]
root 417 0.0 0.0 0 0 ? S< Mar18 0:00 [ata/1]
root 418 0.0 0.0 0 0 ? S< Mar18 0:00 [ata_aux]
root 424 0.0 0.0 0 0 ? S< Mar18 0:00 [scsi_eh_1]
root 427 0.0 0.0 0 0 ? S< Mar18 0:00 [scsi_eh_2]
root 453 0.0 0.0 0 0 ? S< Mar18 6:29 [kjournald]
root 910 0.0 0.0 1484 508 ? S<s Mar18 0:00 udevd
root 2628 0.0 0.0 0 0 ? S< Mar18 0:00 [kjournald]
rpc 3193 0.0 0.0 1600 592 ? Ss Mar18 0:00 portmap
root 3201 0.0 0.0 1520 532 ? Ss Mar18 0:02 syslogd -m 0
root 3204 0.0 0.0 1480 376 ? Ss Mar18 0:00 klogd -c 2 -x
rpcuser 3222 0.0 0.0 1648 692 ? Ss Mar18 0:00 rpc.statd
root 3354 0.0 0.0 0 0 ? S< Mar18 0:00 [ib_addr]
root 3367 0.0 0.0 0 0 ? S< Mar18 0:00 [ib_mcast]
root 3372 0.0 0.0 0 0 ? S< Mar18 0:00 [iw_cm_wq]
root 3377 0.0 0.0 0 0 ? S< Mar18 0:00 [ib_cm/0]
root 3378 0.0 0.0 0 0 ? S< Mar18 0:00 [ib_cm/1]
root 3383 0.0 0.0 0 0 ? S< Mar18 0:00 [rdma_cm]
root 3391 0.0 0.0 1632 432 ? Ss Mar18 0:33 iscsid
root 3392 0.0 0.1 1668 1668 ? S<Ls Mar18 0:00 iscsid
root 3410 0.0 0.1 4112 1020 ? Ss Mar18 0:00 /usr/sbin/sshd
root 3610 0.0 1.8 72840 17984 ? Ssl Mar18 14:20 /usr/bin/python
root 3656 0.0 0.3 3688 3688 ? SLs Mar18 0:00 ntpd -p /var/ru
root 3700 0.0 0.0 0 0 ? S< Mar18 0:00 [nfsd4]
root 3701 0.0 0.0 0 0 ? S Mar18 0:00 [lockd]
root 3702 0.0 0.0 0 0 ? S< Mar18 0:00 [rpciod/0]
root 3703 0.0 0.0 0 0 ? S< Mar18 0:00 [rpciod/1]
root 3704 0.0 0.0 0 0 ? S Mar18 0:00 [nfsd]
root 3705 0.0 0.0 0 0 ? S Mar18 0:00 [nfsd]
root 3706 0.0 0.0 0 0 ? S Mar18 0:00 [nfsd]
root 3707 0.0 0.0 0 0 ? S Mar18 0:00 [nfsd]
root 3708 0.0 0.0 0 0 ? S Mar18 0:00 [nfsd]
root 3709 0.0 0.0 0 0 ? S Mar18 0:00 [nfsd]
root 3710 0.0 0.0 0 0 ? S Mar18 0:00 [nfsd]
root 3711 0.0 0.0 0 0 ? S Mar18 0:00 [nfsd]
root 3714 0.0 0.0 1684 296 ? Ss Mar18 0:00 rpc.mountd
root 3769 0.0 0.1 3316 1388 ? S Mar18 0:00 /bin/sh /usr/bi
mysql 3804 0.0 1.8 118220 17844 ? Sl Mar18 0:00 /usr/sbin/mysql
root 3876 0.0 0.1 5192 1588 ? Ss Mar18 0:00 /usr/libexec/po
postfix 3885 0.0 0.1 5268 1652 ? S Mar18 0:00 qmgr -l -t fifo
root 3886 0.0 0.0 1676 444 ? Ss Mar18 0:00 gpm -m /dev/inp
root 3910 0.0 0.1 3332 1024 ? S Mar18 0:00 /bin/bash /usr/
root 3967 0.0 0.0 3384 940 ? Ss Mar18 0:02 crond
root 3978 0.0 0.0 1480 472 ? S Mar18 12:57 /usr/sbin/udhcp
root 3985 0.0 0.1 3344 1424 ? Ss Mar18 0:00 /bin/sh /etc/as
root 3986 0.0 0.0 1464 436 tty2 Ss+ Mar18 0:00 /sbin/mingetty
root 3987 0.0 0.0 1468 444 tty3 Ss+ Mar18 0:00 /sbin/mingetty
root 3988 0.0 0.0 1464 436 tty4 Ss+ Mar18 0:00 /sbin/mingetty
root 3989 0.0 0.0 1464 440 tty5 Ss+ Mar18 0:00 /sbin/mingetty
root 3990 0.0 0.0 1464 436 tty6 Ss+ Mar18 0:00 /sbin/mingetty
root 4264 0.0 0.1 3360 1336 ? S Mar18 0:00 dialog --title
root 4513 0.3 2.0 47172 20140 ? Sl Mar18 184:51 /usr/sbin/aster
raa-web 8301 0.0 2.2 43960 22044 ? Ssl Apr23 0:01 /usr/bin/python
raa-web 8305 0.3 2.3 44592 22492 ? S Apr23 6:40 /usr/bin/python
raa-web 8329 0.3 0.2 4620 2096 ? S Apr23 6:40 /usr/sbin/light
raa-web 8465 0.0 2.2 44336 21544 ? S Apr23 0:00 /usr/bin/python
root 9251 0.0 0.2 6964 2104 ? Ss 11:53 0:00 sshd: admin [pr
admin 9253 0.0 0.2 7660 2140 ? S 11:53 0:00 sshd: admin@pts
admin 9254 0.0 0.1 3964 1892 pts/0 Ss 11:53 0:00 -bash
root 9398 0.0 0.1 3352 1116 pts/0 S 12:05 0:00 su
root 9399 0.0 0.1 3468 1640 pts/0 S+ 12:05 0:00 bash
postfix 9544 0.0 0.1 5228 1572 ? S 13:46 0:00 pickup -l -t fi
root 9548 0.2 0.2 6964 2108 ? Ss 13:48 0:00 sshd: admin [pr
admin 9550 0.0 0.1 6964 1448 ? S 13:48 0:00 sshd: admin@pts
admin 9551 0.1 0.1 3964 1896 pts/1 Ss 13:48 0:00 -bash
root 9628 0.0 0.1 3356 1120 pts/1 S 13:48 0:00 su root
root 9629 0.0 0.1 3460 1616 pts/1 S 13:48 0:00 bash
root 9630 0.0 0.0 2140 928 pts/1 R+ 13:48 0:00 ps -aux