Hi,
The address seems to belong to a customer of Verizon in New Jersey. I
doubt if this related to NTP (pool- is the way Verizon gives names to
each of the IP they own).
To understand what the traffic is about, it would help to know the
endpoint of the connection on the FreedomBox side. You can get this by
running 'ss -n | grep <ip_address>'. Also check 'journalctl -f' to see
if these are attempts for a brute-force login (which are common on
internet facing servers, for which we have protections).
--
Sunil
On 02/10/24 16:25, A. F. Cano via Freedombox-discuss wrote:
Hi,
This has been happening for months or possibly even years. It seemed to
have stopped recently, but it's back.
I see continous traffic (about 38Kb/s out, 25 Kb/s in, per iftop) from
pool-108-50-237-254.nwrknj.fios.verizon.net:50035
and most recently
pool-108-50-237-254.nwrknj.fios.verizon.net:55943
These high ports seem to be random and searching for them has returned
nothing.
I have found this:
https://community.ntppool.org/t/what-is-city-state-fios-verizon-net/1604
That seems to indicate this is related to ntp.
This traffic, while it goes on, seems to go on for hours or days. The
above page seems to indicate that this is misbehavior by verizon, but it
doesn't explain exactly what is going on and why the FreedomBox is
establishing this high volume of traffic with this site at verizon.
Does anyone have any idea what's going on here?
Thanks.
Augustine
_______________________________________________
Freedombox-discuss mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
_______________________________________________
Freedombox-discuss mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
