Weirdness:
I don't have a DNS entry for 44.92.21.1.80, as it is non existant on the network I feed. So how is it that I get constant activity from it?
Does anyone else get a lot of traffic from that IP address?
tcpdump -vvv -s0 -n proto ipencap
9515068, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 195.146.144.9.80 > 44.92.21.1.80: Flags [S], cksum 0x0a01 (correct), seq 186
tcpdump -i eth0 -vvv host amprgw.sysnet.ucsd.edu or ip proto \icmp
amprgw.sysnet.ucsd.edu > CPE-75-87-213-229.new.res.rr.com: IP (tos 0x0, ttl 81, id 33817, offset 0, flags [DF], proto TCP (6), length 52) sme.sk.http > hsmm-gw.kb9mwr.ampr.org.http: Flags [S], cksum 0xdff7 (correct), seq 1415087399, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0