I noticed a great deal of entries in my IPS log.
They all look like this:
2011:12:28-15:50:29 wahine ulogd[5994]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth0" srcmac="4:c:ce[:D]c:50:82" dstmac="0:c:29:67:ac:84" srcip="10.1.2.3"[my mac client] dstip="198.153.192.3" proto="17" length="237" tos="0x00" prec="0x00" ttl="64" srcport="55439" dstport="10101"
Note the destination port: 10101
This is the same port that Astaro used for it's "cloud based" log management.
Destination ip: 198.153.192.3 [details below]
The destination IP address is for the following:
NetRange: 198.153.190.0 - 198.153.196.255
CIDR:198.153.190.0/23, 198.153.196.0/24, 198.153.192.0/22
NetType: Direct Assignment
OrgName:Symantec Corporation
Address:20330 Stevens Creek Blvd
City:Cupertino
StateProv:CA
OrgAbuseName:Symantec IP Administrator
OrgAbusePhone:+1-650-527-8000
OrgAbuseEmail[:D]l-it-ip-admin@symantec.com
I have no Symantec products installed on my machine.
Question: Is there any official relationship between Astaro and Symantec that might explain this traffic?
Can any one assist in identifying this traffic?
Thanks,
Dougga
This thread was automatically locked due to age.
