Got a warning from OP fw which I havn't seen before. See rules pic. Can see that the 2nd IP(local adress) is related to my mobile connection, the 1st (remote adress)is unknown. Could this be used for violation of privacy? Allow or block ?
Protocol type ESP - Encapsulating Security Payload http://tools.ietf.org/html/rfc4303 http://technet.microsoft.com/en-us/library/cc959510.aspx WhoIs on Remote IP: 213.153.112.60 Code: inetnum: 213.153.112.32 - 213.153.112.63 netname: UNET-EDB-INFRA descr: Public customer services country: SE admin-c: CE2580-RIPE tech-c: EDB100-RIPE status: ASSIGNED PA mnt-by: edb-unigrid-mnt source: RIPE # Filtered Is this IP associated with your service provider? weeNym
Thanks for your answer. The local adress is my mobile host, the remote is unknown but as your whois says the country,SE, is right. It got my attention because I should have seen it earlier, it turned up yesterday in a sudden. I tried to block it with report and no problems with connection. Could this be used by authorities to sneak in your online habits ? Just an interesting thought.
Very strange, when I discovered this I had above fw report constantly during that evening, blocked or unblocked. Now a couple of days later, nothing. OK, I can see that ESP has to do with encryption, but why did this remote adress try to connect to my local adress (mobile host) only that day ? That is the question. Anyone with ideas. I'm not paranoid, just curious.
Did you check you outbound logs to see if you had a connection to that remote IP at the time of the alert? weeNym