k.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Sun, 22 Jan 2012 11:54:57 -0000
Hi Taavi,
On Sun, Jan 22, 2012 at 01:47:58PM +0200, Taavi Ilves wrote:
> Has anyone a simple solution for catching where from and which
> protocol are those connections coming for old IP?
# tcpdump -vpni eth0 'host 212.13.19X.Y'
I've had a quick look and it seems to mostly just be random useless
traffic. You could avoid being warned again by removing the IP
address entirely:
# ip addr del 212.13.19X.Y dev eth0
(then remove from network configuration so it doesn't come back next
time you boot)
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
From syouth@??? Sun Jan 22 12:10:51 2012
Received: from mail-ey0-f176.google.com ([209.85.215.176])
by mail.bitfolk.com with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16)
(Exim 4.72) (envelope-from <syouth@???>) id 1RowG3-0001Q2-5I
for users@???; Sun, 22 Jan 2012 12:10:51 +0000
Received: by eaai1 with SMTP id i1so189082eaa.21
for <users@???>; Sun, 22 Jan 2012 04:10:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=IxpmmuSQaxqCBYAIj3w2i2lJQZBxJ2nPCR0dzUklDtg=;
b=V9ZKZ+ZGM1LPC/F32Z5xERhc38dL8mYWSIB1AWBKevKUc+7rsrwKSRQfOHkyUCqJlX
eS90XaFWrCm4/TRUJB//E9zSY8+LnF7kCcYRj3mR1pFdwoLOLY6wzga+CVYMg2qTOK66
y4sATAJ5Szl3+WqrqUzmWeHDcRYkyWdwaWpIE=
MIME-Version: 1.0
Received: by 10.213.102.10 with SMTP id e10mr379281ebo.117.1327234245394; Sun,
22 Jan 2012 04:10:45 -0800 (PST)
Received: by 10.213.10.135 with HTTP; Sun, 22 Jan 2012 04:10:45 -0800 (PST)
In-Reply-To: <20120122115457.GA23380@???>
References: <CAF=eGRi_CyUsmuN1AqG3q0T=mwTm2MZfbEjqCW-Dz3KTKkipiw@???>
<20120122115457.GA23380@???>
Date: Sun, 22 Jan 2012 14:10:45 +0200
Message-ID: <CAF=eGRjU2JB8n_3APUCcM6rWV-rtPD-SUoqQ20+eg5_0HPkdHA@???>
From: Taavi Ilves <syouth@???>
To: users@???
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Sun,
22 Jan 2012 12:10:51 +0000
X-SA-Exim-Connect-IP: 209.85.215.176
X-SA-Exim-Mail-From: syouth@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd1.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU, RCVD_IN_DNSWL_LOW,
SPF_PASS shortcircuit=no autolearn=disabled version=3.3.1
X-Spam-Report: * -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
low * trust
* [209.85.215.176 listed in list.dnswl.org]
* -0.0 SPF_PASS SPF: sender matches SPF record
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's * domain
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
X-SA-Exim-Version: 4.2.1 (built Wed, 25 Jun 2008 17:14:11 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Subject: Re: [bitfolk] Finding out old IP users
X-BeenThere: users@???
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Sun, 22 Jan 2012 12:10:51 -0000
Hi Andy,
Thanks for quick answer.
I thought so. Removed old IP (from both running machine and configuration).
All the best,
Taavi
On Sun, Jan 22, 2012 at 1:54 PM, Andy Smith <andy@???> wrote:
> Hi Taavi,
>
> On Sun, Jan 22, 2012 at 01:47:58PM +0200, Taavi Ilves wrote:
>> Has anyone a simple solution for catching where from and which
>> protocol are those connections coming for old IP?
>
> # tcpdump -vpn
