I noticed a great deal of entries in my IPS log.
They all look like this:
2011:12:28-15:50:29 wahine ulogd[5994]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth0" srcmac="4:c:ce:dc:50:82" dstmac="0:c:29:67:ac:84" srcip="10.1.2.3"[my mac client] dstip="198.153.192.3" proto="17" length="237" tos="0x00" prec="0x00" ttl="64" srcport="55439" dstport="10101"
Note the destination port: 10101
This is the same port that Astaro used for it's "cloud based" log management.
Destination ip: 198.153.192.3 [details below]
The destination IP address is for the following:
NetRange: 198.153.190.0 - 198.153.196.255
CIDR:198.153.190.0/23, 198.153.196.0/24, 198.153.192.0/22
NetType: Direct Assignment
OrgName:Symantec Corporation
Address:20330 Stevens Creek Blvd
City:Cupertino
StateProv:CA
OrgAbuseName:Symantec IP Administrator
OrgAbusePhone:+1-650-527-8000
OrgAbuseEmail:dl-it-ip-admin@symantec.com
I have no Symantec products installed on my machine.
Question: Is there any official relationship between Astaro and Symantec that might explain this traffic?
Can any one assist in identifying this traffic?
Thanks,
Dougga
They all look like this:
2011:12:28-15:50:29 wahine ulogd[5994]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth0" srcmac="4:c:ce:dc:50:82" dstmac="0:c:29:67:ac:84" srcip="10.1.2.3"[my mac client] dstip="198.153.192.3" proto="17" length="237" tos="0x00" prec="0x00" ttl="64" srcport="55439" dstport="10101"
Note the destination port: 10101
This is the same port that Astaro used for it's "cloud based" log management.
Destination ip: 198.153.192.3 [details below]
The destination IP address is for the following:
NetRange: 198.153.190.0 - 198.153.196.255
CIDR:198.153.190.0/23, 198.153.196.0/24, 198.153.192.0/22
NetType: Direct Assignment
OrgName:Symantec Corporation
Address:20330 Stevens Creek Blvd
City:Cupertino
StateProv:CA
OrgAbuseName:Symantec IP Administrator
OrgAbusePhone:+1-650-527-8000
OrgAbuseEmail:dl-it-ip-admin@symantec.com
I have no Symantec products installed on my machine.
Question: Is there any official relationship between Astaro and Symantec that might explain this traffic?
Can any one assist in identifying this traffic?
Thanks,
Dougga