2011-08-12
Still going on a whole week after I firs ... 8 years ago
Still going on a whole week after I first noticed the weird traffic:[2230749.018713] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:9062:b89e:e90e:5a07 DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=72 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=60425 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 [2230751.519582] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:9062:b89e:e90e:5a07 DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=68 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=60425 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 [2230782.825706] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:9062:b89e:e90e:5a07 DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=68 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=60430 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 [2230795.672690] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:9062:b89e:e90e:5a07 DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=72 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=60433 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 [2230796.876014] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:9062:b89e:e90e:5a07 DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=72 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=60433 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 [2230800.794671] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:9062:b89e:e90e:5a07 DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=68 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=60433 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0Still 6to4 behind the same IPv4 address 93.188.145.225 which is funny: according to whois it is a Wimax address range, which would usually mean somewhat dynamic addresses. The variation in IPv6 source address is due to the IPv6 privacy extensions in use.