If you are running your gateway on a Linux box you can just watch tunnel traffic with following command.
tcpdump -i eth0 ip proto 4 (where "eth0" is your Internet facing interface).
-Neil
On Sun, Feb 9, 2014 at 11:35 AM, Neil Johnson neil.johnson@erudicon.com wrote:
I saw them too. A whois lookup reveals that it is coming from a hosting provider in France.
I see lots of requests for http (port 80), telnet, sip, ping, etc. all the time. About one every 2-3 seconds.
My guess is they are compromised machines scanning for vulnerable hosts.
-Neil
On Sun, Feb 9, 2014 at 10:10 AM, John Ronan jpronans@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hi All,
I've seeing continuous traffic coming in from amprgw.sysnet.ucsd.edu. from 5.135.135.42 to 44.155.6.1 port 80 over my tunnel. Anyone else seeing the same?
I've disabled my tunnel for the moment as I don't have the time at the moment to chase it down.
Regards John EI7IG
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
-- Neil Johnson http://erudicon.com