Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running IPFS on VPS providers triggers netscan detection, risking account termination #4343

Closed
hmage opened this issue Oct 26, 2017 · 14 comments
Closed

Running IPFS on VPS providers triggers netscan detection, risking account termination #4343

hmage opened this issue Oct 26, 2017 · 14 comments

Comments

@hmage
Copy link

hmage commented Oct 26, 2017
edited
Loading

Version information:

go-ipfs version: 0.4.11-
Repo version: 6
System version: amd64/linux
Golang version: go1.9

Type: Bug

Severity: High

Description:

Right after launching ipfs daemon, I've received an automated email:

Dear Mr Eugene Bujak,

We have indications that there was an attack from your server.
Please take all necessary measures to avoid this in the future and to solve the issue.

We also request that you send a short response to us. This response should contain information about how this could have happened and what you intend to do about it.
In the event that the following steps are not completed successfully, your server can be blocked at any time after the 2017-10-26 12:57:20 +0200.

How to proceed:
- Solve the issue
- Test if the issue still exists by using the following link: http://abuse.hetzner.de/retries/?token=beacc8c25bab9c5934a29cde4ad3928f
- After successfully testing that the issue is resolved, send us a statement by using the following link: http://abuse.hetzner.de/statements/?token=beacc8c25bab9c5934a29cde4ad3928f

Important note:
When replying to us, please leave the abuse ID [AbuseID:42A7D9:21] unchanged in the subject line. Manual replies will only be handled in the event of a lock down. Should you have any questions relating to this, please contact our support staff at support@hetzner.de.
Please note that we do not provide telephone support in our department.
If you have any questions, please send them to us by responding to this email.

Kind regards

Network department

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen / Germany
Tel: +49 9831 505-0
Fax: +49 9831 505-3
abuse@hetzner.de
www.hetzner.com

Register Court: Registergericht Ansbach, HRB 6089
CEO: Martin Hetzner

##########################################################################
#               Netscan detected from host    88.99.195.96               #
##########################################################################

time                protocol src_ip src_port          dest_ip dest_port
---------------------------------------------------------------------------
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>        10.0.1.6 64995
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>    192.168.1.64 43108
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>    192.168.1.64 43108
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>    192.168.1.64 43108
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>    192.168.1.64 43108
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.1.100 64333
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   100.80.115.66 10145
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   100.80.115.66 10145
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.1.174 52271
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.1.100 29677
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>    192.168.43.4 42727
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>        10.0.1.6 30063
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>     10.95.7.190 28035
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>  172.19.196.218 56630
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>  172.19.196.218 56630
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>        10.0.1.6 38832
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>        10.0.1.6 28718
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>        10.0.0.2 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>        10.0.0.2 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>        10.0.0.2 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>        10.0.0.2 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>     10.6.31.187 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>     10.8.104.57 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>     10.8.104.57 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>     10.8.104.57 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>     10.8.104.57 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>     10.45.6.177 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>  10.203.225.202 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>  10.203.225.202 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>  10.203.225.202 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>  10.203.225.202 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   10.203.232.48 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   10.203.232.48 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   10.203.232.48 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>  10.203.239.106 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>  10.203.239.106 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>  10.203.239.106 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>  10.203.239.106 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>  10.203.248.202 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>  10.203.248.202 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>  10.203.248.202 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>  10.203.248.202 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   169.254.3.113 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   169.254.5.129 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   169.254.7.115 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   169.254.11.48 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   169.254.11.48 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>  169.254.14.151 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>  169.254.14.151 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>  169.254.14.151 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>  169.254.14.151 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   169.254.18.43 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   169.254.18.43 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   169.254.18.43 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   169.254.18.43 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>  169.254.18.131 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>  169.254.18.131 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>  169.254.18.131 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>  169.254.18.131 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>  169.254.24.161 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>  169.254.26.204 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>  169.254.26.204 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>  169.254.26.204 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>  169.254.26.204 3001 
Wed Oct 25 23:56:46 2017 TCP    88.99.195.96 4001  =>   169.254.32.51 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   169.254.32.51 3001 
Wed Oct 25 23:56:49 2017 TCP    88.99.195.96 4001  =>   169.254.32.51 3001 
Wed Oct 25 23:56:53 2017 TCP    88.99.195.96 4001  =>   169.254.32.51 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>  169.254.38.195 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  169.254.43.240 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  169.254.46.156 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>  169.254.46.156 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  169.254.52.100 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   169.254.59.20 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   169.254.65.55 3001 
Wed Oct 25 23:56:46 2017 TCP    88.99.195.96 4001  =>  169.254.68.159 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>  169.254.68.159 3001 
Wed Oct 25 23:56:49 2017 TCP    88.99.195.96 4001  =>  169.254.68.159 3001 
Wed Oct 25 23:56:53 2017 TCP    88.99.195.96 4001  =>  169.254.68.159 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   169.254.70.36 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   169.254.70.36 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   169.254.70.36 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   169.254.76.83 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>  169.254.77.162 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>  169.254.78.250 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>  169.254.78.250 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>  169.254.78.250 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>  169.254.78.250 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   169.254.91.72 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  169.254.94.191 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  169.254.95.121 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>  169.254.95.121 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>    169.254.97.7 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>    169.254.97.7 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>    169.254.97.7 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>    169.254.97.7 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 169.254.107.159 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 169.254.107.164 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>  169.254.121.27 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 169.254.121.151 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  => 169.254.125.173 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>  169.254.133.92 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>  169.254.133.92 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>  169.254.133.92 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>  169.254.133.92 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  169.254.135.71 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 169.254.136.210 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  => 169.254.136.210 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>  169.254.142.86 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>  169.254.142.86 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>  169.254.144.34 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>  169.254.144.34 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>  169.254.144.34 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>  169.254.144.34 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  => 169.254.147.149 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  => 169.254.147.149 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  => 169.254.147.149 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  => 169.254.147.149 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 169.254.147.191 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>  169.254.149.12 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  => 169.254.150.154 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  => 169.254.150.154 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  => 169.254.150.154 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  => 169.254.150.154 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>  169.254.156.19 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   169.254.157.8 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   169.254.157.8 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 169.254.163.222 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 169.254.163.227 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 169.254.166.158 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  169.254.168.23 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>  169.254.168.23 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 169.254.170.244 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  => 169.254.170.244 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  => 169.254.171.143 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  => 169.254.171.143 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  => 169.254.171.143 3001 
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  => 169.254.171.143 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 169.254.181.208 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  => 169.254.181.208 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  169.254.195.26 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>  169.254.195.26 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  169.254.197.94 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 169.254.199.186 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 169.254.206.114 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   169.254.207.7 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  => 169.254.207.247 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  => 169.254.207.247 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   169.254.208.1 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  => 169.254.225.200 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  => 169.254.225.200 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  => 169.254.225.200 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  => 169.254.225.200 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>  172.19.196.218 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>  172.19.196.218 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>     172.20.10.2 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>     172.20.10.2 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>     172.20.10.2 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>     172.20.10.2 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>    192.168.0.11 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>    192.168.0.11 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>    192.168.0.12 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>    192.168.0.12 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>    192.168.0.22 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   192.168.0.102 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.0.102 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   192.168.0.102 3001 
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>   192.168.0.102 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   192.168.0.103 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.0.103 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   192.168.0.103 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   192.168.0.103 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.0.103 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.0.105 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.0.107 3001 
Wed Oct 25 23:56:46 2017 TCP    88.99.195.96 4001  =>   192.168.0.107 3001 
Wed Oct 25 23:56:48 2017 TCP    88.99.195.96 4001  =>   192.168.0.107 3001 
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>   192.168.0.107 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.0.111 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.0.111 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>     192.168.1.2 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>     192.168.1.2 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>     192.168.1.2 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>     192.168.1.2 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>     192.168.1.2 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>     192.168.1.2 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>     192.168.1.2 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 44156 =>     192.168.1.2 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>     192.168.1.3 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>     192.168.1.5 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>     192.168.1.5 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>     192.168.1.5 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>     192.168.1.5 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>     192.168.1.7 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>     192.168.1.9 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>     192.168.1.9 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>     192.168.1.9 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>     192.168.1.9 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>    192.168.1.17 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>    192.168.1.43 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>    192.168.1.66 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   192.168.1.100 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.1.100 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   192.168.1.100 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   192.168.1.100 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.1.101 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   192.168.1.105 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.1.105 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   192.168.1.105 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   192.168.1.105 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.1.108 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   192.168.1.110 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.1.110 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   192.168.1.110 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   192.168.1.110 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 34796 =>   192.168.1.110 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.1.111 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.1.111 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.1.190 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.1.190 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   192.168.1.199 3001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.1.199 3001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   192.168.1.199 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.1.254 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>   192.168.1.254 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>     192.168.2.6 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>   192.168.2.114 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>    192.168.5.36 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>    192.168.5.36 3001 
Wed Oct 25 23:56:46 2017 TCP    88.99.195.96 4001  =>   192.168.8.102 3001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   192.168.8.102 3001 
Wed Oct 25 23:56:49 2017 TCP    88.99.195.96 4001  =>   192.168.8.102 3001 
Wed Oct 25 23:56:53 2017 TCP    88.99.195.96 4001  =>   192.168.8.102 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.10.16 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  192.168.43.227 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>  192.168.43.227 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>    192.168.56.1 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.100.6 3001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.100.6 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 53586 =>   192.168.100.6 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.137.1 3001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 55592 =>   192.168.137.1 3001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>   192.168.137.1 3001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>     10.33.7.214 63482
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>     10.33.7.214 63482
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>     10.33.7.214 63482
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>     10.33.7.214 63482
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   192.168.1.190 4002 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.1.190 4002 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   192.168.1.190 4002 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   192.168.1.190 4002 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.1.100 56789
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>     10.33.15.32 61403
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>     10.33.15.32 61403
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>     10.33.15.32 61403
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>     10.33.15.32 61403
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   192.168.1.174 35051
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.1.174 35051
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   192.168.1.174 35051
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   192.168.1.174 35051
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   192.168.1.174 57431
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.1.174 57431
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   192.168.1.174 57431
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   192.168.1.174 57431
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>       10.59.5.1 40588
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>       10.59.5.1 40588
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.1.100 13790
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>    192.168.1.64 61272
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>    192.168.1.64 61272
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>    192.168.1.64 61272
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>    192.168.1.64 61272
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>    192.168.1.64 27486
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>    192.168.1.64 27486
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>    192.168.1.64 27486
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>    192.168.1.64 27486
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>        10.0.1.6 23990
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>        10.0.1.6 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>        10.0.6.4 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>      10.4.11.61 4001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>      10.4.11.61 4001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>      10.4.11.61 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>     10.4.11.110 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>     10.4.11.110 4001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>     10.4.11.110 4001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>     10.4.11.110 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>     10.10.10.10 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>     10.10.10.10 4001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>     10.10.10.10 4001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>     10.10.10.10 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>       10.12.0.6 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>      10.13.53.1 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>       10.15.0.5 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>       10.16.0.5 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>       10.17.0.5 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>       10.17.0.7 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>      10.17.0.10 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>     10.18.10.10 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>     10.34.33.33 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>     10.34.33.33 4001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>     10.34.33.33 4001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>     10.34.33.33 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>     10.37.129.2 4001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>     10.37.129.2 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>      10.76.4.21 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>     10.81.64.88 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   10.101.10.109 4001 
Wed Oct 25 23:56:46 2017 TCP    88.99.195.96 4001  =>   10.101.10.109 4001 
Wed Oct 25 23:56:48 2017 TCP    88.99.195.96 4001  =>   10.101.10.109 4001 
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>   10.101.10.109 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>    10.119.75.82 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   10.119.75.230 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>      10.128.0.3 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>      10.138.0.3 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>     10.211.55.2 4001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>     10.211.55.2 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>     10.255.2.21 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>    10.255.2.170 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>    10.255.10.24 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>    10.255.10.30 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>  169.254.54.121 4001 
Wed Oct 25 23:56:46 2017 TCP    88.99.195.96 4001  =>  169.254.54.121 4001 
Wed Oct 25 23:56:48 2017 TCP    88.99.195.96 4001  =>  169.254.54.121 4001 
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>  169.254.54.121 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>    169.254.61.4 4001 
Wed Oct 25 23:56:46 2017 TCP    88.99.195.96 4001  =>    169.254.61.4 4001 
Wed Oct 25 23:56:48 2017 TCP    88.99.195.96 4001  =>    169.254.61.4 4001 
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>    169.254.61.4 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  169.254.95.120 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  => 169.254.147.143 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  => 169.254.147.143 4001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  => 169.254.147.143 4001 
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  => 169.254.147.143 4001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>  169.254.198.53 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  => 169.254.214.242 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>  169.254.246.48 4001 
Wed Oct 25 23:56:46 2017 TCP    88.99.195.96 4001  =>  169.254.246.48 4001 
Wed Oct 25 23:56:48 2017 TCP    88.99.195.96 4001  =>  169.254.246.48 4001 
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>  169.254.246.48 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>      172.16.3.5 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   172.16.20.242 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   172.16.24.242 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   172.16.26.138 4001 
Wed Oct 25 23:56:46 2017 TCP    88.99.195.96 4001  =>   172.16.26.138 4001 
Wed Oct 25 23:56:48 2017 TCP    88.99.195.96 4001  =>   172.16.26.138 4001 
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>   172.16.26.138 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>      172.17.0.1 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 45298 =>      172.17.0.1 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 45298 =>      172.17.0.1 4001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 45298 =>      172.17.0.1 4001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 45298 =>      172.17.0.1 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>      172.17.0.1 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 45308 =>      172.17.0.1 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 45312 =>      172.17.0.1 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 45314 =>      172.17.0.1 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 45322 =>      172.17.0.1 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 45324 =>      172.17.0.1 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>      172.17.0.1 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>      172.17.0.2 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>      172.17.0.2 4001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>      172.17.0.2 4001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>      172.17.0.2 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>      172.17.0.2 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>     172.17.42.1 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  172.17.109.102 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>  172.17.109.102 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>      172.18.0.1 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   172.31.47.115 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.0.123 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.0.193 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.0.201 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>    192.168.1.65 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.1.105 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.1.105 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.1.119 4001 
Wed Oct 25 23:56:46 2017 TCP    88.99.195.96 4001  =>   192.168.1.119 4001 
Wed Oct 25 23:56:48 2017 TCP    88.99.195.96 4001  =>   192.168.1.119 4001 
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>   192.168.1.119 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.1.122 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>   192.168.1.129 4001 
Wed Oct 25 23:56:56 2017 TCP    88.99.195.96 4001  =>   192.168.1.129 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   192.168.1.205 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.1.205 4001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   192.168.1.205 4001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   192.168.1.205 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   192.168.1.218 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.1.218 4001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   192.168.1.218 4001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   192.168.1.218 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>   192.168.1.252 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>     192.168.2.1 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>     192.168.2.4 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>     192.168.2.4 4001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>     192.168.2.4 4001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>     192.168.2.4 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>     192.168.5.1 4001 
Wed Oct 25 23:56:46 2017 TCP    88.99.195.96 4001  =>     192.168.5.1 4001 
Wed Oct 25 23:56:48 2017 TCP    88.99.195.96 4001  =>     192.168.5.1 4001 
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>     192.168.5.1 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>   192.168.10.19 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>   192.168.10.19 4001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>   192.168.10.19 4001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>   192.168.10.19 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>    192.168.15.2 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>    192.168.32.4 4001 
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>    192.168.32.4 4001 
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>    192.168.32.4 4001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>    192.168.32.4 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  192.168.36.201 4001 
Wed Oct 25 23:56:55 2017 TCP    88.99.195.96 4001  =>  192.168.36.201 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>  192.168.142.63 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 192.168.150.253 4001 
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>  192.168.178.20 4001 
Wed Oct 25 23:56:52 2017 TCP    88.99.195.96 4001  =>  192.168.178.20 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  =>  192.168.178.20 4001 
Wed Oct 25 23:56:54 2017 TCP    88.99.195.96 4001  => 192.168.200.253 4001 
Wed Oct 25 23:56:44 2017 TCP    88.99.195.96 4001  =>    10.0.193.107 12980
Wed Oct 25 23:56:45 2017 TCP    88.99.195.96 4001  =>    10.0.193.107 12980
Wed Oct 25 23:56:47 2017 TCP    88.99.195.96 4001  =>    10.0.193.107 12980
Wed Oct 25 23:56:51 2017 TCP    88.99.195.96 4001  =>    10.0.193.107 12980

According to the log, automated systems might have been triggered because it tries to connect to addresses that are usually reserved to local networks, as it scans for peers in local network.

I tend to agree, though, that blindly connecting to all RFC 1918 and 6890 addresses is poor practice.

If IPFS is looking for local peers this way, it should use broadcast packets instead of blindly trying to connect to every possible combination of IP addresses in that reserved space.

Temporary solution, since there is no local network on that machine:

# route add -net 192.168.0.0 netmask 255.255.0.0 gw 127.0.0.1 lo
# route add -net 10.0.0.0 netmask 255.0.0.0 gw 127.0.0.1 lo
# route add -net 169.254.0.0/16 gw 127.0.0.1 lo

But I'd rather not have to do that.

This is serious enough that made me instantly reconsider running IPFS.
@Stebalien
Copy link
Member

Stebalien commented Oct 26, 2017
edited
Loading

Same as: #1226
Related to here: #1771

I tend to agree, though, that blindly connecting to all RFC 1918 and 6890 addresses is poor practice.

IPFS is not quite that evil, it doesn't just blindly scan to those addresses (we use mdns for local peer discovery). Someone (or, probably, many someones) have advertised those addresses in the DHT.

To make IPFS ignore all such advertisements, you can configure the address filters. You can either configure them manually (#1226 (comment)) or initialize your profile with ipfs init --profile=server.

@magik6k
Copy link
Member

magik6k commented Oct 26, 2017

There is also an open PR for config patch command - #4195 - which will allow to apply profiles post-init

@hmage
Copy link
Author

hmage commented Oct 26, 2017
edited
Loading

@Stebalien thanks! Edited peer filtering in ipfs config.

What should be done with this github issue? Close?

I wasn't able to find an existing open issue for this easily (looked for 'scan' and 'local'), since it wasn't obvious that it was DHT misadvertisment. And I didn't search for closed issues since closed issue means that it was fixed, therefore I assumed it was new development.

Since the email I've received seemed quite urgent that I need to explain myself to Hetzner as soon as possible -- and if this issue will be closed -- anyone else who runs IPFS on VPS will likely trigger scan alert again and won't be able to find easily what the underlying issue is during quick glance on issues page and searching for words like 'scan' and 'local network'.

@Stebalien
Copy link
Member

Users can (and often do) still search through closed issues. However, I'd argue that issues aren't really the place for documentation. We usually just put FAQs in the forum (which isn't linked to from the readme...) but something like this should probably be documented in the "getting started" document; that is, it should probably mention profiles and use-cases for each. Mind filing an issue for that and closing this one? I'll ping those currently working on documentation on that issue.

@whyrusleeping
Copy link
Member

related: #4029 (comment)

@mguentner
Copy link

This is the solution I came up with (I don't had any other nodes in a private net)

up:

iptables -A OUTPUT  -p tcp --dport 4001 -d 10.0.0.0/8 -j REJECT
iptables -A OUTPUT  -p tcp --dport 4001 -d 192.168.0.0/16 -j REJECT
iptables -A OUTPUT  -p tcp --dport 4001 -d 172.16.0.0/12 -j REJECT

down:

iptables -D OUTPUT  -p tcp --dport 4001 -d 10.0.0.0/8 -j REJECT
iptables -D OUTPUT  -p tcp --dport 4001 -d 192.168.0.0/16 -j REJECT
iptables -D OUTPUT  -p tcp --dport 4001 -d 172.16.0.0/12 -j REJECT

@Stebalien
Copy link
Member

@mguentner you can tell IPFS to not dial certain addresses by using the Swarm.AddrFilters config option. For example, to block those addresses, you'd use:

> ipfs config --json Swarm.AddrFilters '["/ip4/10.0.0.0/ipcidr/8", "/ip4/192.168.0.0/ipcidr/16", "/ip4/172.16.0.0/ipcidr/12"]'

You can also specify the --profile=server argument when initializing your repo to preconfigure address filters.

Note: Your current filters won't be quite sufficient. Users can (and do) run and advertise IPFS nodes on ports other than 4001.

@targodan
Copy link

targodan commented Feb 6, 2018
edited
Loading

I ran into the same issue a few days ago. Luckily my provider unlocked the server after I shutdown the ipfs service.

IMO at least a note on this should be somewhere prominent on the ipfs website. Somewhere like here. It's my fault for not researching properly, but I think quite a few people that like the idea of ipfs might do the same thing as I did. I. e. just put ipfs on their server to help the network grow. What can possibly go wrong after all.

I think people shouldn't be punished for trying to help the network.

Also my provider claimed that:

[...] parts of our network were severely impacted.

Whatever that may mean, I just thought I'd let you guys know.

@whyrusleeping
Copy link
Member

Yeah, definitely makes sense to put it on the getting started guide.

"If you're running ipfs in a hosted environment, use ipfs init --profile=server" or something.

Stebalien added a commit to ipfs-inactive/website that referenced this issue Feb 6, 2018
@Stebalien
warn that cloud users should initialize with --profile=server
6033197 
see ipfs/kubo#4343 (comment)
Stebalien added a commit to ipfs-inactive/website that referenced this issue Feb 7, 2018
@Stebalien
warn that cloud users should initialize with --profile=server
834beed 
see ipfs/kubo#4343 (comment)
@bonedaddy bonedaddy mentioned this issue Sep 1, 2018
Closed
@lidel lidel mentioned this issue Sep 14, 2018
Closed
@akaihola akaihola mentioned this issue Sep 15, 2018
Closed
@alexanderkjeldaas alexanderkjeldaas mentioned this issue Sep 22, 2018
Closed
@dadittoz
Copy link

I've had the similar problem with Hetzner. Looks like blocking these 3 network is not enough. Just got a message from them.

Dear Client,

Your server is trying to access other unrouted prefixes.

Please block the following prefixes. Then IPFS should not trigger our Abuse System anymore.

-----------------%<-----------------
https://tools.ietf.org/html/rfc1918
https://tools.ietf.org/html/rfc6598
https://tools.ietf.org/html/rfc3927
-----------------%<-----------------
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
100.64.0.0/10
169.254.0.0/16 
-----------------%<-----------------

@Stebalien
Copy link
Member

Please apply the server profile: ipfs config profile apply server. That will block all non-routable addresses.

@dadittoz
Copy link

@Stebalien thank you, this works fine. Just to explain how it happened to me as a regular user. The flow is this:

  1. Learn about IPFS, be exited to try it out
  2. Install Docker image
  3. Get abuse triggered by Hetzner
  4. Search Google for solution and come to this page
  5. Find out --profile doesn't work for docker image and you have to use daemon --init-profile option
  6. Find out --init-profile does nothing if you already have config file set.
  7. Add listed ranges on this page to config and iptables
  8. Find out abuse is still triggered
  9. Be confused that nothing worked. Uninstall IPFS.

Hopefully @Stebalien reply will help someone in a similar situation.

@sneak sneak mentioned this issue Oct 17, 2018
Closed
@Stebalien Stebalien mentioned this issue Feb 25, 2020
Open
@Stebalien
Copy link
Member

Closing in favor of a meta issue: #6932.

@flowlee flowlee mentioned this issue Jan 10, 2022
Closed
@abarmat abarmat mentioned this issue Jan 11, 2023
Open
@avral
Copy link

avral commented Jan 14, 2023

@dadittoz ahahah same here!

@noslav noslav mentioned this issue Jul 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@dadittoz @Stebalien @mguentner @hmage @whyrusleeping @magik6k @targodan @avral