18 May
2017
18 May
'17
7:17 a.m.
To be more specific:
Most of the bogus traffic I had on the gw interface where stray fragments of TCP connections and UDP packets to random ports, alien DNS requests and bogus ICMP replies from hosts as if there where some requests originating on my ampr subnet (unused addresses) to external hosts.
At this moment, all I see are ICMP ping messages from some Argentinian and Chinese IPs and some ssh and port 19 (chargen) attempts to the gateway IP, no stray traffic.
On 18.05.2017 09:11, Marius Petrescu wrote:
(Please trim inclusions from previous messages) _______________________________________________ Maybe some botnet blacklisted 44.0.0.0/8?