72.14.207.104
From: Newsbox (nospam_for_me_please_at_thanks.invalid)
Date: 06/14/05
- Next message: Newsbox: "Is google.com down, or..."
- Previous message: dale_at_edgehp.invalid: "Re: Suggestion for wireless router"
- Next in thread: Angela Kahealani: "Re: 72.14.207.104"
- Reply:(deleted message) Angela Kahealani: "Re: 72.14.207.104"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Jun 2005 04:18:03 -0400
I'm getting a lot of (unsolicited?) traffic from this address, while my
own IP address changes due to DHCP IP address change obscurity. It is on
multiple high ports. There is no reverse DNS showing. It all looks like
tcp traffic. So far as I know it is all bouncing off my firewall, and
could be ignored. There's no indication of intrusion or unexpected
outbound network traffic.
I'll institute additional egress logging rules to log and re-validate my
belief that this is not requested traffic. And I'll capture and
examine some of this traffic.
Before I do, I would ask for any information about this address or
unsolicited traffic from it. Since it has been pounding on my boxen at
various IP addresses, I have taken a look at it and have found very little
info.
Appreciation.
This is the kind of thing I am seeing now (or a few minutes ago.) It's
all inbound traffic.
Mon Jun 13 23:15:44 EDT 2005
# grep -c "72.14.207.104" /var/log/messages*
/var/log/messages:57
/var/log/messages.1:30
/var/log/messages.2:0
/var/log/messages.3:0
/var/log/messages.4:0
Tue Jun 14 03:38:17 EDT 2005
# grep -c "72.14.207.104" /var/log/messages*
/var/log/messages:150
/var/log/messages.1:30 /var/log/messages.2:0 /var/log/messages.3:0
/var/log/messages.4:0
- Next message: Newsbox: "Is google.com down, or..."
- Previous message: dale_at_edgehp.invalid: "Re: Suggestion for wireless router"
- Next in thread: Angela Kahealani: "Re: 72.14.207.104"
- Reply:(deleted message) Angela Kahealani: "Re: 72.14.207.104"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
