troubleshooting Question

What could be trying to connect to dircon.co.uk?

Avatar of tims
tims asked on
VulnerabilitiesNetwork Analysis
2 Comments1 Solution503 ViewsLast Modified:
What could be trying to connect to dircon.co.uk on my debian server?

There's nothing running that is taking any CPU and the firewall is set to allow all output ports, all incoming are closed apart from smtp, http, https and ssh.

Output from tcpdump is below.  Thanks for your help.

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:00:44.920943 IP green.32957 > ns-cache0.dircon.co.uk.domain: 16021+ PTR? 11.70.128.194.in-addr.arpa. (44)
16:00:44.945986 IP ns-cache0.dircon.co.uk.domain > green.32957: 16021 Refused 0/0/0 (44)
16:00:44.946234 IP green.32957 > ns-cache1.dircon.co.uk.domain: 16021+ PTR? 11.70.128.194.in-addr.arpa. (44)
16:00:44.970547 IP ns-cache1.dircon.co.uk.domain > green.32957: 16021 Refused 0/0/0 (44)
16:00:45.005832 IP green.32957 > ns-cache0.dircon.co.uk.domain: 31747+ PTR? 1.32.112.194.in-addr.arpa. (43)
16:00:45.029999 IP ns-cache0.dircon.co.uk.domain > green.32957: 31747 Refused 0/0/0 (43)
16:00:45.030172 IP green.32957 > ns-cache1.dircon.co.uk.domain: 31747+ PTR? 1.32.112.194.in-addr.arpa. (43)
16:00:45.053673 IP ns-cache1.dircon.co.uk.domain > green.32957: 31747 Refused 0/0/0 (43)
16:00:45.083337 IP green.32957 > ns-cache0.dircon.co.uk.domain: 63553+ PTR? 13.32.112.194.in-addr.arpa. (44)
16:00:45.106858 IP ns-cache0.dircon.co.uk.domain > green.32957: 63553 Refused 0/0/0 (44)
16:00:45.107021 IP green.32957 > ns-cache1.dircon.co.uk.domain: 63553+ PTR? 13.32.112.194.in-addr.arpa. (44)
16:00:45.130015 IP ns-cache1.dircon.co.uk.domain > green.32957: 63553 Refused 0/0/0 (44)
16:00:45.165493 IP green.32957 > ns-cache0.dircon.co.uk.domain: 63144+ PTR? 254.1.168.192.in-addr.arpa. (44)
16:00:45.189174 IP ns-cache0.dircon.co.uk.domain > green.32957: 63144 Refused 0/0/0 (44)
16:00:45.189346 IP green.32957 > ns-cache1.dircon.co.uk.domain: 63144+ PTR? 254.1.168.192.in-addr.arpa. (44)
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros