ค้นๆดูใน google เขาก็บอกว่าเป็น virus เลยงง
ถ้ามาบ่อยๆก็ Block IP ไปซะ ไม่มีอะไรน่าห่วง
Hmmm, actually searching google gave an answer to this in the very first result. You haven’t looked very hard, have you?
In any case, the short answer is that it looks like someone is spoofing an IP, feigning a connection to your http and pop3 servers, then setting their window size to 0 so your daemon sits there trying to send them the data over and over (for instance, they may start a connection and immediately set their window to 0, so you cannot send back the http or pop3 connection banner message). Interestingly enough, this IP address is from unallocated space and the exact same IP shows up in other posts about the same message. I suspect it’s a DoS tool that is in circulation, or the same attacker (since the IP is often the same).
You’d best set iptables to block all packets from BOGON networks (nets that shouldn’t exist) so you can avoid this type of attack. You may find a list of bogon nets here. Note: unallocated nets change from time to time! Just in November IANA allocated two more blocks to RIPE, so you really need to pay attention if you’re blocking all bogon IPs.