Port 873 traffic

So, I’ve been watching this for a bit, actually went ahead and made a rule to block the traffic, but I thought I’d drop a line here and ask if anyone has any insight as to why ns6.7 is constantly talking to the world at large on port 873 (rsync).

I’ve run reverse lookups on a few of the ip’s from my fw that are being reached out to by the ns servers.

ovh-hosting.network-studio.com 213.152.3.110 web.virusfree.cz 212.24.139.164 rsync-mirror.rollernet.us 208.79.241.67 resolv3.vianetworks.de 194.77.111.24 spamexperts3-mirror.sanesecurity.com 185.95.29.15 ? 185.87.185.65 185-12-6-218.freeformit.com 185.12.6.218 saturn.retrosnub.co.uk 178.18.118.26 patroklos.noc.ntua.gr 147.102.222.211 bart.sas-systems.net 144.76.210.133 postfix.charite.de 141.42.206.35 mail.espmail.co.uk 95.154.208.105 mirror.vaniersel.net 94.142.245.58 ? 46.21.115.195 ws3-170.freeformit.com 69.16.193.170

1 Like

rsync is used to update antivirus signatures.
It’s the most efficient way, if rsync is blocked it reverts to full sig download with curl or wget.

2 Likes

ok, the traffic really wasn’t correlating with what I saw in the web filtering.