Hi ThatOneGuy:
When we checked the IP's listed above, they appear to be in various countries and they were flagged as malicious or suspicious using IPVoid.
https://www.ipvoid.com/ip-blacklist-check/
When we checked out own antsles, we didn't see this communication. The traffic we did see was going anthill.antsle.com and some NTP servers used for updating the time.
So it appears that perhaps the VM or edgeLinux has been hacked. Is the traffic going toward the internal network (such as 10.1.1.x) or private network (such as 192.168.1.x)?
Hi ThatOneGuy:
When we checked the IP's listed above, they appear to be in various countries and they were flagged as malicious or suspicious using IPVoid.
https://www.ipvoid.com/ip-blacklist-check/
When we checked out own antsles, we didn't see this communication. The traffic we did see was going anthill.antsle.com and some NTP servers used for updating the time.
So it appears that perhaps the VM or edgeLinux has been hacked. Is the traffic going toward the internal network (such as 10.1.1.x) or private network (such as 192.168.1.x)?