Banana Pi Pro undefined traffic?


Johanes
 Share

0

Recommended Posts

Hi,I installed a fresh image today, one Armbian_21.08.3_Bananapipro_focal_current_5.10.60.img.
Short check showed that there is an undefined traffic taking place, please see images. funny is that the open ports are not associated with any processes. does anyone have an idea what is behind it? buggy? trojan in the kernel?  Johanes387898195_Screenshotfrom2021-11-0507-48-17.png.512886c0bfc29365118f4c3dd76e99b1.png85909872_Screenshotfrom2021-11-0507-58-05.png.c2ce83a52c46230ea0124a127b2105c5.png

Link to post
Share on other sites

  • Werner changed the title to Banana Pi Pro undefined traffic?
Armbian is a community driven open source project. Do you like to contribute your code?

192.168.2.222 is probably the host you are using to connect to the bananapi via SSH, you have 2 connections open -> The two Port 22 tcp.

 

time01.nevondo.com AND

ntp2.wup-de....    Are probably NTP hosts your system is using to synchronize the time. NTP uses UDP via port 123. Which totally explains your UDP log (incoming from NTP server port 123, outgoing from your box on random free port)

 

*.canonical.com are all Ubuntu Servers, so you are using an ubuntu system and it is doing some background stuff (Updates? Status?)

littlericket.me seems to be some kind of Telegram bot. No idea if you are using that in any way https://botostore.com/c/messagestatisticsbot/ (see subscribe/unsubscribe url)

 

I think that was all - btw easily googleable. Or what undefined traffic did you mean?

Link to post
Share on other sites

as i said, the installation is native and fresh. also, i have removed all useless services, such as avahi*, unattended-upgrades, etc.  only ssh and ntp are running. so my question: where are the canonical and other undefined connection attempts coming from?? where can i find the responsible code in the system? 

Link to post
Share on other sites

2 hours ago, Johanes said:

as i said, the installation is native and fresh. also, i have removed all useless services, such as avahi*, unattended-upgrades, etc.  only ssh and ntp are running. so my question: where are the canonical and other undefined connection attempts coming from?? where can i find the responsible code in the system? 

 

On 11/8/2021 at 7:29 AM, Heisath said:

 

*.canonical.com are all Ubuntu Servers, so you are using an ubuntu system and it is doing some background stuff (Updates? Status?)

littlericket.me seems to be some kind of Telegram bot. No idea if you are using that in any way https://botostore.com/c/messagestatisticsbot/ (see subscribe/unsubscribe url)

 

Those are all NTP requests to a network pool, check the sizes (61b/15b), nothing wrong here move along

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

0