Ralf Hildebrandt <[email protected]> schrieb am Mo., 17. Okt. 2016 um 10:58 Uhr:
> > time protocol src_ip src_port dest_ip dest_port > > > --------------------------------------------------------------------------- > > Sun Oct 16 23:26:18 2016 UDP 213.239.204.119 123 => 49.9.253.77 > 48943 > > Sun Oct 16 23:25:07 2016 UDP 213.239.204.119 123 => 49.9.173.110 > 53789 > > Sun Oct 16 23:26:16 2016 UDP 213.239.204.119 123 => 49.9.236.63 > 41332 > Hi, I got two of these this morning (same dest. net). The real problem is, these addresses are not reachable (no route, testet on hetzner, telekom, netcologne). That means the request, that causes the answers, most likely came from another source. As it already had stopped, I was not able to log the traffic. Any ideas? Oliver Domke Example: > ########################################################################## > # Portscan detected from host 5.9.122.148 # > ########################################################################## > > time protocol src_ip src_port dest_ip dest_port > ------------------------------------------------------------ --------------- > Mon Oct 17 02:03:19 2016 UDP 5.9.122.148 123 => 49.9.171.108 40742 > Mon Oct 17 02:04:06 2016 UDP 5.9.122.148 123 => 49.9.203.32 58853 > Mon Oct 17 02:01:59 2016 UDP 5.9.122.148 123 => 49.9.158.167 58447 > Mon Oct 17 02:03:21 2016 UDP 5.9.122.148 123 => 49.9.182.146 59820 > Mon Oct 17 02:02:54 2016 UDP 5.9.122.148 123 => 49.9.225.69 44483 > Mon Oct 17 02:03:22 2016 UDP 5.9.122.148 123 => 49.9.191.70 53892 _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
