16 Jan
2021
16 Jan
'21
11:51 a.m.
On 1/16/21 12:35 PM, Jann Traschewski via 44Net wrote:
On 16.01.2021 11:50, Rob PE1CHL via 44Net wrote:
And why is (s)he portscanning for SSH servers?
It is hacked and is looking for other targets.
I already notified Igor, 9A6NVI, to take it offline.
I was starting to suspect that. But still I think that people should register their allocations in DNS (and have their own DNS servers only when the also make the reverse working), because I see no way to find the owner of that address right now. The traffic was not even incoming directly, it arrived via an IPIP tunnel (probably DB0FHN) and there is no tunnel route back to that address.
Rob