I got email from ISP saying your machine is scanning some foo network and they provide following netflow details, i don't have netflow so not sure what happened that time so trying to understand what is going on and does anyone notice this in their network?
74.XX.XX.40 is my server and 128.XX.XX is foo network and look like they are targeting 3283 port which is apple xchat i believe. also it could be reflection attack also.
25-Jun-2019 01:46:38 GMT-0400 74.XX.XX.40:3074 -> 128.XX.XX.13:3283 17 30636 25-Jun-2019 01:46:06 GMT-0400 74.XX.XX.40:3074 -> 128.XX.XX.126:3283 17 65090 25-Jun-2019 01:46:06 GMT-0400 74.XX.XX.40:3074 -> 128.XX.XX.59:3283 17 61502 25-Jun-2019 01:46:06 GMT-0400 74.XX.XX.40:3074 -> 128.XX.XX.208:3283 17 61180 25-Jun-2019 01:46:06 GMT-0400 74.XX.XX.40:3074 -> 128.XX.XX.165:3283 17 15180 25-Jun-2019 01:46:14 GMT-0400 74.XX.XX.40:3074 -> 128.XX.XX.49:3283 17 53544 25-Jun-2019 01:46:14 GMT-0400 74.XX.XX.40:3074 -> 209.XX.XX.67:3283 17 45908 25-Jun-2019 01:46:06 GMT-0400 74.XX.XX.40:3074 -> 128.XX.XX.214:3283 17 60214 25-Jun-2019 01:46:14 GMT-0400 74.XX.XX.40:3074 -> 128.XX.XX.172:3283 17 55292 25-Jun-2019 01:46:06 GMT-0400 74.XX.XX.40:3074 -> 209.XX.XX.207:3283 17 63112
No comments:
Post a Comment