They looked like real traceroutes, but it seems to have diminished quite recently; a packet capture a moment or so ago didn't see any. I noticed it because amprgw logs all 'time exceeded' packets it sends, and there were suddenly a LOT of these.
However, there's quite a bit more insidious kind of traffic. The Nagra people (Kudelski Switzerland) are probing our network with false NTP packets from the subnet 185.35.62.0/23. The comment in the RIPE database is
inetnum: 185.35.62.0 - 185.35.63.255 descr: This IP network is used for Internet security research. Internet-scale port scanning activities are launched from this network. Don't hesitate to contact portscan@nagra.com would you have any question.
I've added that subnet to the "security research" blocking list here.
Seems it's a never-ending battle. - Brian
On Mon, Jul 03, 2017 at 10:08:19AM +0200, Rob Janssen wrote:
Interesting... is it real traceroute traffic (to UDP port 33434 and higher) or is it different?
I have had this rule (with TTL limit 16 and only for UDP 33434-33499) on our gateway for quite some time and I do not see many hits on it.
Maybe the traffic is different. I do not observe increased input traffic.
Rob