Ok, ran tcpdump with the following result:<div><br></div><div><div>$ sudo tcpdump -vpni eth0 &#39;src net <a href="http://212.13.194.0/23">212.13.194.0/23</a> and not arp&#39;</div><div>tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes</div>
<div>21:14:44.610567 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)</div><div>    212.13.195.254.80 &gt; 180.76.5.52.34209: Flags [S.], cksum 0x2eb3 (correct), seq 1882408364, ack 2442136209, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0</div>
<div>21:14:44.916894 IP (tos 0x0, ttl 64, id 18695, offset 0, flags [DF], proto TCP (6), length 40)</div><div>    212.13.195.254.80 &gt; 180.76.5.52.34209: Flags [.], cksum 0x84f9 (correct), ack 240, win 108, length 0</div>
<div>[...]</div><div>21:14:47.691019 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)</div><div>    212.13.195.254.80 &gt; 66.249.72.20.49028: Flags [S.], cksum 0x3588 (correct), seq 4123153607, ack 62604846, win 5792, options [mss 1460,sackOK,TS val 918884192 ecr 696390848,nop,wscale 6], length 0</div>
<div><br></div><div>I see the same few IPs in the destination, and I looked them up: Baidu and Google.  I take it these are &quot;scans&quot;?  It seems like a lot of communication going on.  But if that&#39;s the only traffic, am I&#39;m only facing a drop in search ranking if I delete that IP?</div>
<br><div class="gmail_quote">On Tue, Jan 31, 2012 at 4:17 PM, Andy Smith <span dir="ltr">&lt;<a href="mailto:andy@bitfolk.com">andy@bitfolk.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Michael,<br>
<div class="im"><br>
On Tue, Jan 31, 2012 at 04:01:08PM -0600, Michael Corliss wrote:<br>
&gt; After making sure that my VPS is receiving packets on the right address,<br>
&gt; I&#39;m now getting warnings that it&#39;s sending on the old address.<br>
<br>
</div>I had a look at what was caught for you and it was just 9 packets,<br>
split between source port 443 and source port 53. Probably just<br>
scans.<br>
<br>
So I wouldn&#39;t be too concerned.<br>
<div class="im"><br>
&gt; To my knowledge I don&#39;t have any software installed for which I<br>
&gt; needed to specify the VPS&#39; IP, so my guess is that this will end<br>
&gt; when I remove the old address from network/interfaces.  Is that<br>
&gt; right?<br>
<br>
</div>You will definitely not be able to send packets from an IP address<br>
you have removed¹. ;)<br>
<div class="im"><br>
&gt; Is there a way to test before deleting the old IP?<br>
<br>
</div># tcpdump -vpni eth0 &#39;src net <a href="http://212.13.194.0/23" target="_blank">212.13.194.0/23</a> and not arp&#39;<br>
<br>
will show you any traffic going in or out of your eth0 that has a<br>
source address inside <a href="http://212.13.194.0/23" target="_blank">212.13.194.0/23</a> and is not ARP traffic.<br>
<br>
Cheers,<br>
Andy<br>
<br>
¹ OK yeah barring some crafty thing you do to generate such traffic.<br>
<br>
_______________________________________________<br>
users mailing list<br>
<a href="mailto:users@lists.bitfolk.com">users@lists.bitfolk.com</a><br>
<a href="https://lists.bitfolk.com/mailman/listinfo/users" target="_blank">https://lists.bitfolk.com/mailman/listinfo/users</a><br>
</blockquote></div><br></div>