Allow IP for ESP ?

Discussion in 'other firewalls' started by osip, Jul 18, 2010.

Thread Status:
Not open for further replies.
  1. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Got a warning from OP fw which I havn't seen before. See rules pic. Can see that the 2nd IP(local adress) is related to my mobile connection, the 1st (remote adress)is unknown. Could this be used for violation of privacy? Allow or block ?

    ESP.png

    ESP002.png
     
  2. weeNym

    weeNym Registered Member

    Joined:
    Jul 14, 2003
    Posts:
    19
    Protocol type ESP - Encapsulating Security Payload
    http://tools.ietf.org/html/rfc4303
    http://technet.microsoft.com/en-us/library/cc959510.aspx

    WhoIs on Remote IP: 213.153.112.60

    Code:
    inetnum:        213.153.112.32 - 213.153.112.63
    netname:        UNET-EDB-INFRA
    descr:          Public customer services
    country:        SE
    admin-c:        CE2580-RIPE
    tech-c:         EDB100-RIPE
    status:         ASSIGNED PA
    mnt-by:         edb-unigrid-mnt
    source:         RIPE # Filtered
    Is this IP associated with your service provider?

    weeNym
     
  3. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Thanks for your answer. The local adress is my mobile host, the remote is unknown but as your whois says the country,SE, is right.
    It got my attention because I should have seen it earlier, it turned up yesterday in a sudden. I tried to block it with report and no problems with connection.
    Could this be used by authorities to sneak in your online habits ? Just an interesting thought.
     
  4. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Very strange, when I discovered this I had above fw report constantly during that evening, blocked or unblocked. Now a couple of days later, nothing. OK, I can see that ESP has to do with encryption, but why did this remote adress try to connect to my local adress (mobile host) only that day ? That is the question. Anyone with ideas. I'm not paranoid, just curious.
     
  5. weeNym

    weeNym Registered Member

    Joined:
    Jul 14, 2003
    Posts:
    19
    Did you check you outbound logs to see if you had a connection to that remote IP at the time of the alert?

    weeNym
     
Loading...
Thread Status:
Not open for further replies.