9 Feb
2014
9 Feb
'14
11:37 a.m.
If you are running your gateway on a Linux box you can just watch
tunnel traffic with following command.
tcpdump -i eth0 ip proto 4 (where "eth0" is your Internet facing interface).
-Neil
On Sun, Feb 9, 2014 at 11:35 AM, Neil Johnson <neil.johnson(a)erudicon.com> wrote:
I saw them too. A whois lookup reveals that it is
coming from a
hosting provider in France.
I see lots of requests for http (port 80), telnet, sip, ping, etc. all
the time. About one every 2-3 seconds.
My guess is they are compromised machines scanning for vulnerable hosts.
-Neil
On Sun, Feb 9, 2014 at 10:10 AM, John Ronan <jpronans(a)gmail.com> wrote:
--
Neil Johnson
http://erudicon.com
(Please trim inclusions from previous messages)
_______________________________________________
Hi All,
I've seeing continuous traffic coming in from amprgw.sysnet.ucsd.edu. from
5.135.135.42 to 44.155.6.1 port 80 over my tunnel. Anyone else seeing the
same?
I've disabled my tunnel for the moment as I don't have the time at the
moment to chase it down.
Regards
John
EI7IG
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
--
Neil Johnson
http://erudicon.com