15 May
2019
15 May
'19
7:41 p.m.
Thank you Rob, I have just blocked that ip on our gateway and notified the user.
73 Igor 9A6NVI
On Wed, May 15, 2019, 20:17 Rob Janssen pe1chl@amsat.org wrote:
To whom it may concern: It looks like the system at 44.170.109.92, DNS name 9a5c-webcam.ampr.org, has been affected by a worm of some kind. It is scanning the IP space to find new victims.
Another thing is that the routing to here is strange. It appears to be on BGP routed space, but the traffic is received via IPIP tunnel. (so it is being rejected anyway, but that is how I encountered it in the logs)
Rob
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net