I saw them too. A whois lookup reveals that it is coming from a hosting provider in France.
I see lots of requests for http (port 80), telnet, sip, ping, etc. all the time. About one every 2-3 seconds.
My guess is they are compromised machines scanning for vulnerable hosts.
-Neil
On Sun, Feb 9, 2014 at 10:10 AM, John Ronan jpronans@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hi All,
I've seeing continuous traffic coming in from amprgw.sysnet.ucsd.edu. from 5.135.135.42 to 44.155.6.1 port 80 over my tunnel. Anyone else seeing the same?
I've disabled my tunnel for the moment as I don't have the time at the moment to chase it down.
Regards John EI7IG
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net