1

I recently setup a new server with Ubuntu 22.04. No web server, no no FTP server, no mail server; just a freshly installed Ubuntu Server where I did not much except installing some extras like nethogs and btop.

Since about two weeks ago I've noticed that for some reason every day there is incoming traffic of 2-6 GB.

I don't know what produces that much traffic, as the only thing which could create some incoming traffic should be unattended updates, but that many updates per day sounds strange to me.

So I installed nethogs and I can see very strange connections to random IPs.

There are no connection attempts (at least no successful ones), I installed fail2ban, I disabled ssh root login, I changed ssh port). nethog shows this:

   PID USER     PROGRAM                                  DEV         SENT      RECEIVED
 33870 myuser   sshd: myuser@pts/2                       eno1        0.148       0.059 KB/sec
     ? root     SERVERIP:2096-65.49.20.118:50513                     0.011       0.012 KB/sec
     ? root     SERVERIP:82-185.224.128.43:57350                     0.000       0.000 KB/sec
     ? root     SERVERIP:51580-162.216.149.14:57199                  0.000       0.000 KB/sec
     ? root     SERVERIP:33126-162.142.125.134:15363                 0.000       0.000 KB/sec
     ? root     unknown TCP                                          0.000       0.000 KB/sec

Examining the IP addresses shows this:

for ip in 65.49.20.118 185.224.128.43 162.216.149.14 162.142.125.134; do printf '%s\t%s\n' "$ip" "$(dig +short -x "$ip" | xargs)"; done

65.49.20.118    118.64-26.20.49.65.in-addr.arpa. scan-17m.shadowserver.org.
185.224.128.43
162.216.149.14  14.149.216.162.bc.googleusercontent.com.
162.142.125.134 scanner-01.ch1.censys-scanner.com.
Improve this question
0

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.