Weird traffic!

[WebFooL]

Hi,

I am observing some weird traffic on my home Untangle device.

I am running Jnettop and observing how:
195.54.109.58:50000 is talking to 233.33.194.35:10035 at 800 kb/s

But none of those networks are mine!
I can only see this traffic on the external interface if i switch to the internal i can't see anything matching.

the 195.54.109.58 is own by my ISP but it should not talk to my UT.

The only thing i can think of is that someone has hackt my apache and are now using it as a proxy.

What do you guys think?

I will capture the traffic and see whats in it.

[dwasserman]

Maybe 195.54.109.58 is a neighbor and your ISP is working over a sharing device misconfigured and jnettop can view?

[WebFooL]

Quote:

Originally Posted by dwasserman

Maybe 195.54.109.58 is a neighbor and your ISP is working over a sharing device misconfigured and jnettop can view?

Possible.
The traffic is encoded/encrypted so i can't see whats in it

Will have to call them if its still there when i come home.. :P

[WebFooL]

Found it..
I have IPTV and the remote IP is the TV Server.
The IPTV dose not go over the Untangle box but some how it picks up the UDP traffic.

Will have to reconfigure my Switch..

[dwasserman]

Think this: either the origin or destination ip address are your ip.
Or is a sophisticated "man in the middle" attack or when running jnettop the interface go to some type of promiscous mode and view all traffic at next hop.

[dwasserman]

Quote:

Originally Posted by WebFooL

Found it..
I have IPTV and the remote IP is the TV Server.
The IPTV dose not go over the Untangle box but some how it picks up the UDP traffic.

Will have to reconfigure my Switch..

But you own 195.54.109.58?

[WebFooL]

Nopp
I don't know if they have a own VLAN for the TV boxes in that case i might have 195.54.109.58