Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1494
Views
0
Helpful
3
Replies

49.55.50.46

bereits
Level 1
Level 1

‎11-09-2018 12:19 AM

Has anyone noticed unusual traffic leaving to a public IP address 49.55.50.46 on the switch?

2 people had this problem
Labels:
0 Helpful
3 Replies 3

Daniele Giordano
Level 8
Level 8

‎11-09-2018 12:41 AM

Hi, according to APNIC whois db, the indicated IP is part of:

 

inetnum: 49.52.0.0 - 49.55.255.255
netname: SHR-CERNET
descr: China Education and Research Network
descr: Shanghai Regional Network
country: CN
admin-c: CER-AP
tech-c: CER-AP
status: ALLOCATED PORTABLE
remarks: origin AS4538
remarks: confederation
mnt-by: APNIC-HM
mnt-lower: MAINT-CERNET-AP
mnt-routes: MAINT-CERNET-AP
mnt-irt: IRT-CERNET-AP
last-modified: 2013-08-08T23:40:59Z
source: APNIC

 

The AS4538 number is one of the Top 20 Route Count per Originating AS as described in this link:

https://www.cidr-report.org/as2.0/

 

If you see something strange you can send an email to

% Abuse contact for '49.52.0.0 - 49.55.255.255' is 'abuse@net.edu.cn'

 

What type of traffic have you seen?

 

Regards. 

0 Helpful

bereits
Level 1
Level 1
In response to Daniele Giordano

‎11-09-2018 05:36 AM

It is Netflow Traffic and I also scanned several machines intensely for virus and adware with no luck. All of the running services are valid.

I haven't configured any switch to direct traffic to this Public IP Address..and I still don't know where 49.55.50.46 came from.

 

This is very unusual...Is this behavior illicit or admissible in nature ??

0 Helpful

Daniele Giordano
Level 8
Level 8
In response to bereits

‎11-09-2018 05:38 AM

Can you post logs, transport protocols and ports?

 

Regards.

0 Helpful
Customers Also Viewed These Support Documents