9 Feb
2014
9 Feb
'14
11:35 a.m.
I saw them too. A whois lookup reveals that it is coming from a
hosting provider in France.
I see lots of requests for http (port 80), telnet, sip, ping, etc. all
the time. About one every 2-3 seconds.
My guess is they are compromised machines scanning for vulnerable hosts.
-Neil
On Sun, Feb 9, 2014 at 10:10 AM, John Ronan <jpronans(a)gmail.com> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Hi All,
I've seeing continuous traffic coming in from amprgw.sysnet.ucsd.edu. from
5.135.135.42 to 44.155.6.1 port 80 over my tunnel. Anyone else seeing the
same?
I've disabled my tunnel for the moment as I don't have the time at the
moment to chase it down.
Regards
John
EI7IG
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
--
Neil Johnson
http://erudicon.com