Hi,
I configured the NIS firewall to block all traffic to and from the IP 209.141.206.119 but when I capture Wireshark, I still the a lot of traffic from the IP to my server.
According to the info on Wireshark, the Length is 82, the Info is Source port: avt-profile-1 Destination port 28332. Please see the attachment for detail.
I tried to look up for the IP and found this IP from Cik Telecom Inc in Canada. The port 28332 is an unassigned port.
Could anyone advice if this is a type of attack/hack/spy?
I see this is an one way traffic (only originate from the IP, my server does not respond to it).
Thank you.
--