Where is incoming traffic coming from?
drew einhorn
drew.einhorn at gmail.com
Mon Aug 3 02:18:07 UTC 2009
On Sun, Aug 2, 2009 at 5:24 PM, Amedee @ Ubuntu <amedee-ubuntu at amedee.be>wrote:
>
> FYI: after I added 193.190.67.15 to /etc/shorewall/blacklist and restarted
> shorewall, the traffic stopped. To save you a whois: that's Belnet, a very
> reputable Belgian research network that interconnects all Belgian
> universities and that also has a large Linux mirror. They are supposed to
> be "good guys".
>
It could be anything from a completely benign typo in one of their
config files, on up to something much more serious. I've gotten
network management traffic from a site that had a couple digits
transposed from my network number, the admin of the network
it was coming from was probably banging his head against the
wall trying to figure out why things were not working. I tried
sending an email, but don't think it got to the right person.
Wireshark is an amazing tool. I've barely scratched the surface of
its capabilities. You can select just the traffic from 193.190.67.15
and generate statistics on protocols, port numbers, ...
This may tell you whether its is benign or malicious.
While the owner is reputable, they could have a compromised machine
on their network.
>
> --
> Amedee
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
--
Drew Einhorn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090802/36f021c2/attachment.html>
More information about the ubuntu-users
mailing list