18 May
2017
18 May
'17
2:17 a.m.
To be more specific:
Most of the bogus traffic I had on the gw interface where stray
fragments of TCP connections and UDP packets to random ports, alien DNS
requests and bogus ICMP replies from hosts as if there where some
requests originating on my ampr subnet (unused addresses) to external hosts.
At this moment, all I see are ICMP ping messages from some Argentinian
and Chinese IPs and some ssh and port 19 (chargen) attempts to the
gateway IP, no stray traffic.
On 18.05.2017 09:11, Marius Petrescu wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Maybe some botnet blacklisted 44.0.0.0/8?