[Freedombox-discuss] Large amount of traffic apparently related to ntp.
Sunil Mohan Adapa
sunil at medhas.org
Thu Oct 3 21:44:26 BST 2024
Hi,
The address seems to belong to a customer of Verizon in New Jersey. I
doubt if this related to NTP (pool- is the way Verizon gives names to
each of the IP they own).
To understand what the traffic is about, it would help to know the
endpoint of the connection on the FreedomBox side. You can get this by
running 'ss -n | grep <ip_address>'. Also check 'journalctl -f' to see
if these are attempts for a brute-force login (which are common on
internet facing servers, for which we have protections).
--
Sunil
On 02/10/24 16:25, A. F. Cano via Freedombox-discuss wrote:
> Hi,
>
> This has been happening for months or possibly even years. It seemed to
> have stopped recently, but it's back.
>
> I see continous traffic (about 38Kb/s out, 25 Kb/s in, per iftop) from
>
> pool-108-50-237-254.nwrknj.fios.verizon.net:50035
>
> and most recently
>
> pool-108-50-237-254.nwrknj.fios.verizon.net:55943
>
> These high ports seem to be random and searching for them has returned
> nothing.
>
> I have found this:
>
> https://community.ntppool.org/t/what-is-city-state-fios-verizon-net/1604
>
> That seems to indicate this is related to ntp.
>
> This traffic, while it goes on, seems to go on for hours or days. The
> above page seems to indicate that this is misbehavior by verizon, but it
> doesn't explain exactly what is going on and why the FreedomBox is
> establishing this high volume of traffic with this site at verizon.
>
> Does anyone have any idea what's going on here?
>
> Thanks.
>
> Augustine
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
More information about the Freedombox-discuss
mailing list