Левая сетевая активность 1645 <=> 10.66.77.169 63925

Linux, безопасность, сети и все что с этим связано
QuAzI
Заглянувший
Сообщения: 2
Зарегистрирован: 11 окт 2009, 13:06

Левая сетевая активность 1645 <=> 10.66.77.169 63925

Сообщение QuAzI »

Может кто подсказать, что за левая активность в сети?

Код: Выделить всё

$ sudo tcpdump not host 87.252.123.123 and port not http and port not domain
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:48:21.550653 IP Debian-60-squeeze-64-ISPLite.datametrics > m.1admin.by.63925: RADIUS, Unknown Command (66), id: 0x53 length: 76
11:48:21.550678 IP Debian-60-squeeze-64-ISPLite.datametrics > relay-01.utorrent.com.3000: RADIUS, Unknown Command (66), id: 0x53 length: 96
11:48:21.550688 IP Debian-60-squeeze-64-ISPLite.datametrics > 10.66.77.169.63925: RADIUS, Unknown Command (66), id: 0x53 length: 76
11:48:21.726218 IP relay-01.utorrent.com > Debian-60-squeeze-64-ISPLite: ICMP relay-01.utorrent.com udp port 3000 unreachable, length 132
11:48:21.852188 IP m.1admin.by.63925 > Debian-60-squeeze-64-ISPLite.54984: UDP, length 76
11:48:21.852219 IP Debian-60-squeeze-64-ISPLite > m.1admin.by: ICMP Debian-60-squeeze-64-ISPLite udp port 54984 unreachable, length 112
11:48:21.988675 ARP, Request who-has clos181.com tell static.161.63.76.144.clients.your-server.de, length 46
11:48:22.550720 IP Debian-60-squeeze-64-ISPLite.datametrics > m.1admin.by.63925: RADIUS, Unknown Command (66), id: 0x53 length: 76
11:48:22.550742 IP Debian-60-squeeze-64-ISPLite.datametrics > relay-01.utorrent.com.3000: RADIUS, Unknown Command (66), id: 0x53 length: 96
11:48:22.550753 IP Debian-60-squeeze-64-ISPLite.datametrics > 10.66.77.169.63925: RADIUS, Unknown Command (66), id: 0x53 length: 76
11:48:22.725933 IP relay-01.utorrent.com > Debian-60-squeeze-64-ISPLite: ICMP relay-01.utorrent.com udp port 3000 unreachable, length 132
11:48:22.788603 ARP, Request who-has clos181.com tell static.161.63.76.144.clients.your-server.de, length 46
11:48:22.986148 IP m.1admin.by.63925 > Debian-60-squeeze-64-ISPLite.54984: UDP, length 76
11:48:22.986190 IP Debian-60-squeeze-64-ISPLite > m.1admin.by: ICMP Debian-60-squeeze-64-ISPLite udp port 54984 unreachable, length 112
11:48:23.391440 ARP, Request who-has clos181.com tell static.161.63.76.144.clients.your-server.de, length 46
11:48:23.550586 IP Debian-60-squeeze-64-ISPLite.datametrics > m.1admin.by.63925: RADIUS, Unknown Command (66), id: 0x53 length: 76
11:48:23.550653 IP Debian-60-squeeze-64-ISPLite.datametrics > relay-01.utorrent.com.3000: RADIUS, Unknown Command (66), id: 0x53 length: 96
11:48:23.550684 IP Debian-60-squeeze-64-ISPLite.datametrics > 10.66.77.169.63925: RADIUS, Unknown Command (66), id: 0x53 length: 76
11:48:23.726085 IP relay-01.utorrent.com > Debian-60-squeeze-64-ISPLite: ICMP relay-01.utorrent.com udp port 3000 unreachable, length 132
11:48:23.897138 IP Debian-60-squeeze-64-ISPLite.datametrics > c151-177-34-9.bredband.comhem.se.55051: RADIUS, Unknown Command (100), id: 0x31 length: 103
11:48:23.985745 IP m.1admin.by.63925 > Debian-60-squeeze-64-ISPLite.54984: UDP, length 76
11:48:23.985780 IP Debian-60-squeeze-64-ISPLite > m.1admin.by: ICMP Debian-60-squeeze-64-ISPLite udp port 54984 unreachable, length 112
11:48:24.091475 ARP, Request who-has clos181.com tell static.161.63.76.144.clients.your-server.de, length 46
11:48:24.550704 IP Debian-60-squeeze-64-ISPLite.datametrics > m.1admin.by.63925: RADIUS, Unknown Command (66), id: 0x53 length: 76
11:48:24.550717 IP Debian-60-squeeze-64-ISPLite.datametrics > relay-01.utorrent.com.3000: RADIUS, Unknown Command (66), id: 0x53 length: 96
11:48:24.550746 IP Debian-60-squeeze-64-ISPLite.datametrics > 10.66.77.169.63925: RADIUS, Unknown Command (66), id: 0x53 length: 76
11:48:24.725934 IP relay-01.utorrent.com > Debian-60-squeeze-64-ISPLite: ICMP relay-01.utorrent.com udp port 3000 unreachable, length 132
11:48:24.985100 IP m.1admin.by.63925 > Debian-60-squeeze-64-ISPLite.54984: UDP, length 76
11:48:24.985138 IP Debian-60-squeeze-64-ISPLite > m.1admin.by: ICMP Debian-60-squeeze-64-ISPLite udp port 54984 unreachable, length 112
При этом хостер жалуется что наш сервер его сканит

Код: Выделить всё

Wed Oct 14 08:16:03 2015 UDP OUR_SERVER_IP 1645 => 10.66.77.169 63925
Wed Oct 14 08:16:04 2015 UDP OUR_SERVER_IP 1645 => 10.66.77.169 63925
Wed Oct 14 08:16:05 2015 UDP OUR_SERVER_IP 1645 => 10.66.77.169 63925
Wed Oct 14 08:16:06 2015 UDP OUR_SERVER_IP 1645 => 10.66.77.169 63925
Wed Oct 14 08:16:07 2015 UDP OUR_SERVER_IP 1645 => 10.66.77.169 63925
Wed Oct 14 08:16:08 2015 UDP OUR_SERVER_IP 1645 => 10.66.77.169 63925
Wed Oct 14 08:16:09 2015 UDP OUR_SERVER_IP 1645 => 10.66.77.169 63925
а на нашем сервере все левые порты закрыты (в т.ч. те по которым эта хрень стучится)
rkhunter ничего не нашёл