On Tue, May 13, 2014 at 3:27 PM, Johan Ryberg <jo...@securit.se> wrote:
> Hi, > > Please forgive my ignorance. > > I have a small lab and I noticed this IP in the routing table: > 61.174.51.232, resolves to > 232.51.174.61.dial.wz.zj.dynamic.163data.com.cn > > # route -n show > Routing tables > > Internet: > Destination Gateway Flags Refs Use Mtu Prio > Iface > default 192.168.66.1 UGS 7 39270 - 8 em0 > 61.174.51.232 192.168.66.1 UGHD 1 38722 - L 56 em0 > 127/8 127.0.0.1 UGRS 0 0 33144 8 lo0 > 127.0.0.1 127.0.0.1 UH 4 1244 33144 4 lo0 > 192.168.66/24 link#1 UC 1 0 - 4 em0 > 192.168.66.1 00:1b:17:bd:8d:11 UHLc 2 0 - 4 em0 > 224/4 127.0.0.1 URS 0 0 33144 8 lo0 > > > > It came and disappeared quite fast. > > The box are a more or less stock OpenBSD 5.5 > > Is it normal that entries like this comes and goes? > > > Labs are prime targets for scanning for vulnerable machines.
