help! Strange traffic
Karan Gupta
kgupta at edgefocus.com
Fri Jun 10 02:19:20 GMT 2005
Hi
Im running a fBSD T1 router(a gatewat with a sangoma 514 csu/dsu card)
that performs dhcp, nat, ipfw firewall.
FreeBSD rtr-eee.eeee.com 4.8-RELEASE FreeBSD 4.8-RELEASE #4: Thu Jul 31
04:47:04 PDT 2003 root@:/usr/src/sys/compile/GENERIC i386
Im seeing the following traffic on doing tcpdump on the external interface
01:12:15.875308 201.93.36.43.1913 > web.visp.ashosting.nl.http: S
1396310016:1396310016(0) win 16384
01:12:15.876288 201.93.36.41.1587 > web.visp.ashosting.nl.http: S
802357248:802357248(0) win 16384
01:12:15.885340 201.93.37.127.cuillamartin > web.visp.ashosting.nl.http:
S 1656750080:1656750080(0) win 16384
01:12:15.886056 201.93.36.250.1194 > web.visp.ashosting.nl.http: S
1188954112:1188954112(0) win 16384
01:12:15.886794 201.93.36.118.1613 > web.visp.ashosting.nl.http: S
474546176:474546176(0) win 16384
01:12:15.887628 201.93.36.120.1135 > web.visp.ashosting.nl.http: S
224526336:224526336(0) win 16384
01:12:15.895344 201.93.37.129.1073 > web.visp.ashosting.nl.http: S
5767168:5767168(0) win 16384
01:12:15.896286 201.93.37.131.timbuktu-srv3 >
web.visp.ashosting.nl.http: S 2056323072:2056323072(0) win 16384
01:12:15.905302 201.93.37.225.1341 > web.visp.ashosting.nl.http: S
2125070336:2125070336(0) win 16384
01:12:15.906042 201.93.37.223.docstor > web.visp.ashosting.nl.http: S
1558642688:1558642688(0) win 16384
01:12:15.915253 201.93.38.91.1842 > web.visp.ashosting.nl.http: S
1312751616:1312751616(0) win 16384
01:12:15.916105 201.93.38.89.1326 > web.visp.ashosting.nl.http: S
1620377600:1620377600(0) win 16384
The 201.x.x.x is NOT from my local network. That would mean that
web.visp.ashosting.nl is being hosted on my network(weird!!)) ???? This
name doesnt resolve to any IP address either. How do i block this. I
tried blocking 201.93.0.0/16 but then the traffic started coming from
195.x.x.x
Help!!!!!!
More information about the freebsd-questions
mailing list