Jump to content

Banana Pi Pro undefined traffic?


Johanes

Recommended Posts

Hi,I installed a fresh image today, one Armbian_21.08.3_Bananapipro_focal_current_5.10.60.img.
Short check showed that there is an undefined traffic taking place, please see images. funny is that the open ports are not associated with any processes. does anyone have an idea what is behind it? buggy? trojan in the kernel?  Johanes387898195_Screenshotfrom2021-11-0507-48-17.png.512886c0bfc29365118f4c3dd76e99b1.png85909872_Screenshotfrom2021-11-0507-58-05.png.c2ce83a52c46230ea0124a127b2105c5.png

Link to comment
Share on other sites

  • Werner changed the title to Banana Pi Pro undefined traffic?

192.168.2.222 is probably the host you are using to connect to the bananapi via SSH, you have 2 connections open -> The two Port 22 tcp.

 

time01.nevondo.com AND

ntp2.wup-de....    Are probably NTP hosts your system is using to synchronize the time. NTP uses UDP via port 123. Which totally explains your UDP log (incoming from NTP server port 123, outgoing from your box on random free port)

 

*.canonical.com are all Ubuntu Servers, so you are using an ubuntu system and it is doing some background stuff (Updates? Status?)

littlericket.me seems to be some kind of Telegram bot. No idea if you are using that in any way https://botostore.com/c/messagestatisticsbot/ (see subscribe/unsubscribe url)

 

I think that was all - btw easily googleable. Or what undefined traffic did you mean?

Link to comment
Share on other sites

as i said, the installation is native and fresh. also, i have removed all useless services, such as avahi*, unattended-upgrades, etc.  only ssh and ntp are running. so my question: where are the canonical and other undefined connection attempts coming from?? where can i find the responsible code in the system? 

Link to comment
Share on other sites

2 hours ago, Johanes said:

as i said, the installation is native and fresh. also, i have removed all useless services, such as avahi*, unattended-upgrades, etc.  only ssh and ntp are running. so my question: where are the canonical and other undefined connection attempts coming from?? where can i find the responsible code in the system? 

 

On 11/8/2021 at 7:29 AM, Heisath said:

 

*.canonical.com are all Ubuntu Servers, so you are using an ubuntu system and it is doing some background stuff (Updates? Status?)

littlericket.me seems to be some kind of Telegram bot. No idea if you are using that in any way https://botostore.com/c/messagestatisticsbot/ (see subscribe/unsubscribe url)

 

Those are all NTP requests to a network pool, check the sizes (61b/15b), nothing wrong here move along

Link to comment
Share on other sites

This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines