My Intrusion prevention system is detection a lot of strange traffic from my Pi-Hole, should I be worried?
I actually thinking that this can come from something else than the Pi-hole him self, even though that the same device.
Would Pi-hole use port like 37466,35822, 55744 ?
- I use this site to figure out who is behind an IP.
- 18.104.22.168 points to astomi.canonical.com
- If you visit that page, you’ll find a message regarding your installation of apache2:
<quote>This is the default welcome page used to test the correct operation of the Apache2 server after installation on Ubuntu systems. It is based on the equivalent page on Debian, from which the Ubuntu Apache packaging is derived. If you can read this page, it means that the Apache HTTP server installed at this site is working properly. You should replace this file (located at /var/www/html/index.html) before continuing to operate your HTTP server.
Are you using apache, or is this something that requires more investigation?
Canonical are the people that make Ubuntu. Something is calling home to check for updates? APT on automatic possibly. But it does appear to be a metric of some sort.
Thanks, I guess the can be https://netbeez.net, which I tried to setup a few days ago, probably not related to the Pi-Hole anyway, thank you !