On Tuesday, May 13, 2014, Amit Kulkarni <amitk...@gmail.com> wrote: > On Tue, May 13, 2014 at 3:27 PM, Johan Ryberg <jo...@securit.se<javascript:;>> > wrote: > > > Hi, > > > > Please forgive my ignorance. > > > > I have a small lab and I noticed this IP in the routing table: > > 61.174.51.232, resolves to > > 232.51.174.61.dial.wz.zj.dynamic.163data.com.cn > > > > # route -n show > > Routing tables > > > > Internet: > > Destination Gateway Flags Refs Use Mtu Prio > > Iface > > default 192.168.66.1 UGS 7 39270 - 8 > em0 > > 61.174.51.232 192.168.66.1 UGHD 1 38722 - L 56 > em0 > > 127/8 127.0.0.1 UGRS 0 0 33144 8 > lo0 > > 127.0.0.1 127.0.0.1 UH 4 1244 33144 4 > lo0 > > 192.168.66/24 link#1 UC 1 0 - 4 > em0 > > 192.168.66.1 00:1b:17:bd:8d:11 UHLc 2 0 - 4 > em0 > > 224/4 127.0.0.1 URS 0 0 33144 8 > lo0 > > > > > > > > It came and disappeared quite fast. > > > > The box are a more or less stock OpenBSD 5.5 > > > > Is it normal that entries like this comes and goes? > > > > > > > Labs are prime targets for scanning for vulnerable machines. > > And, 163data.com.cn is a large source of shady activity.
-- J. Stuart McMurray
