Hi, I just installed Sniffnet on a PC that has a couple of jails running and found there's an IP (from the outside) that is connected (or at least tried to connect) to the IP of one jail. This Jail is the DMZ of my home and there I have pf allowing a couple of ports to nat to other jails with small websites. The host also have pf installed with a bunch of filters.
What is shown in Sniffnet is this:
I wonder if this was just an attempt to connect to the port 6379 and as I don't have it open (also no Redis installed in my environment) Sniffnet just logged those 148 bytes to let me know there was a connection attempt or is this a real intrusion.
What is shown in Sniffnet is this:
Code:
Source: 8.137.60.211: 46640
Destination: 192.168.0.200:6379
Protocol: TCP
Service: redis
Bytes: 148 B
Packets: 2I wonder if this was just an attempt to connect to the port 6379 and as I don't have it open (also no Redis installed in my environment) Sniffnet just logged those 148 bytes to let me know there was a connection attempt or is this a real intrusion.
