Community discussions

MUM Europe 2020
 
jfvelamoscoso
Trainer
Trainer
Topic Author
Posts: 59
Joined: Fri Oct 25, 2013 12:52 am
Location: Arequipa - Peru

IP 31.6.71.253 & 31.6.71.254

Wed May 20, 2015 8:50 pm

I am getting on torch a lot of traffic upload to this ip:

31.6.71.253
31.6.71.254

But there is no user behind this router, looks like the router is uploading this information.

Does anyone know what service is uploading? or Why is this?
----------------------------------------
jfvelamoscoso@gmail.com
Network Engineer Noc Department
MTCNA, MTCTCE

If it helps please give some karma
 
User avatar
pukkita
Trainer
Trainer
Posts: 2997
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: IP 31.6.71.253 & 31.6.71.254

Wed May 20, 2015 9:05 pm

Do you have assigned ips in that range? to which ports does the traffic go? Its probably either network (port) probing or scanning; maybe your ISP has set routing improperly.

BTW there's a typo in your sig, guess you meant MTCTCE :D
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
jfvelamoscoso
Trainer
Trainer
Topic Author
Posts: 59
Joined: Fri Oct 25, 2013 12:52 am
Location: Arequipa - Peru

Re: IP 31.6.71.253 & 31.6.71.254

Wed May 20, 2015 9:06 pm

I found also this IP


103.243.20.43
94.190.193.121
201.34.145.201
209.216.126.207
189.79.40.16
192.185.26.193
194.6.233.17
----------------------------------------
jfvelamoscoso@gmail.com
Network Engineer Noc Department
MTCNA, MTCTCE

If it helps please give some karma
 
jfvelamoscoso
Trainer
Trainer
Topic Author
Posts: 59
Joined: Fri Oct 25, 2013 12:52 am
Location: Arequipa - Peru

Re: IP 31.6.71.253 & 31.6.71.254

Wed May 20, 2015 9:08 pm

This IP are found on Source address, and the destination is the router.

On ip firewall connections.

I can find different source porte but the destination port is always the same 53. This traffic is unexpected because as i said there is no host behind the router. Looks like the router is uploading all of this traffic
----------------------------------------
jfvelamoscoso@gmail.com
Network Engineer Noc Department
MTCNA, MTCTCE

If it helps please give some karma
 
User avatar
pukkita
Trainer
Trainer
Posts: 2997
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: IP 31.6.71.253 & 31.6.71.254

Wed May 20, 2015 9:10 pm

could you post a screenshot from ip > firewall > connections??
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
jfvelamoscoso
Trainer
Trainer
Topic Author
Posts: 59
Joined: Fri Oct 25, 2013 12:52 am
Location: Arequipa - Peru

Re: IP 31.6.71.253 & 31.6.71.254

Wed May 20, 2015 9:11 pm

I forgot to tell the traffic is more than 3 Mbps which is too much for dns
----------------------------------------
jfvelamoscoso@gmail.com
Network Engineer Noc Department
MTCNA, MTCTCE

If it helps please give some karma
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1749
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: IP 31.6.71.253 & 31.6.71.254

Wed May 20, 2015 9:15 pm

research the ip

www.ip2location.com
 
User avatar
pukkita
Trainer
Trainer
Posts: 2997
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: IP 31.6.71.253 & 31.6.71.254

Wed May 20, 2015 9:25 pm

chechito: it varies from day day... this morning were russian ips, right now are turkish, later may be chinese ips...

If your router is really exposed to the Internet (i.e. not an ADSL o FTTH line) a good firewall, that adds "probing" or port scanning source IPs to dynamic address lists for further firewall drop is mandatory.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
jfvelamoscoso
Trainer
Trainer
Topic Author
Posts: 59
Joined: Fri Oct 25, 2013 12:52 am
Location: Arequipa - Peru

Re: IP 31.6.71.253 & 31.6.71.254

Wed May 20, 2015 9:35 pm

I found the problem. My router was been used as a DNS Server and it has allowed request activate.
----------------------------------------
jfvelamoscoso@gmail.com
Network Engineer Noc Department
MTCNA, MTCTCE

If it helps please give some karma
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1749
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: IP 31.6.71.253 & 31.6.71.254

Wed May 20, 2015 9:52 pm

Who is online

Users browsing this forum: dedysobr, KareemAlKhayat, Kraken2k, normis, yngndrw and 145 guests