I just got a "blocked" message from LFD:
I haven't seen this before. 0.0.128.0 doesn't ring any bell, but the target IP address also doesn't. What can this be? Does this look suspicious to anyone?
Code:
lfd on server.myserver.com: 0.0.128.0 (-/-/-) blocked with too many connections
Time: Tue Nov 28 10:01:43 2017 +0100
IP: 0.0.128.0 (-/-/-)
Connections: 258
Blocked: Temporary Block
Connections:
tcp6: 0.0.128.0:62418 -> xxx.11.36.110:443 (TIME_WAIT)
tcp6: 0.0.128.0:36766 -> xxx.11.36.110:443 (TIME_WAIT)
tcp6: 0.0.128.0:19060 -> xxx.11.36.110:443 (TIME_WAIT)
tcp6: 0.0.128.0:22294 -> xxx.11.36.110:443 (TIME_WAIT)
tcp6: 0.0.128.0:13338 -> xxx.11.36.110:443 (TIME_WAIT)
tcp6: 0.0.128.0:60074 -> xxx.11.36.110:80 (TIME_WAIT)
tcp6: 0.0.128.0:53082 -> xxx.11.36.110:443 (TIME_WAIT)
tcp6: 0.0.128.0:13118 -> xxx.11.36.110:443 (TIME_WAIT)
tcp6: 0.0.128.0:18740 -> xxx.11.36.110:443 (TIME_WAIT)
tcp6: 0.0.128.0:49148 -> xxx.11.36.110:443 (TIME_WAIT)
I haven't seen this before. 0.0.128.0 doesn't ring any bell, but the target IP address also doesn't. What can this be? Does this look suspicious to anyone?