18 May
2017
18 May
'17
2:41 a.m.
Interesting. I've not analyzed the crud to that level of detail as there
is simply too much of it for manual inspection and I haven't written
any automation to do it.
However, the accepted/rejected ratio didn't change much around that
moment, so I don't think we're suddenly exempt from inbound crud.
There's no sudden large change in the graph.
It's interesting that you're not seeing as much as usual, but I think
that amprgw is.
- Brian
On Thu, May 18, 2017 at 09:17:58AM +0300, Marius Petrescu wrote:
To be more specific:
Most of the bogus traffic I had on the gw interface where stray fragments of
TCP connections and UDP packets to random ports, alien DNS requests and
bogus ICMP replies from hosts as if there where some requests originating on
my ampr subnet (unused addresses) to external hosts.
At this moment, all I see are ICMP ping messages from some Argentinian and
Chinese IPs and some ssh and port 19 (chargen) attempts to the gateway IP,
no stray traffic.