Port 873 traffic

So, I’ve been watching this for a bit, actually went ahead and made a rule to block the traffic, but I thought I’d drop a line here and ask if anyone has any insight as to why ns6.7 is constantly talking to the world at large on port 873 (rsync).

I’ve run reverse lookups on a few of the ip’s from my fw that are being reached out to by the ns servers.

ovh-hosting.network-studio.com web.virusfree.cz rsync-mirror.rollernet.us resolv3.vianetworks.de spamexperts3-mirror.sanesecurity.com ? 185-12-6-218.freeformit.com saturn.retrosnub.co.uk patroklos.noc.ntua.gr bart.sas-systems.net postfix.charite.de mail.espmail.co.uk mirror.vaniersel.net ? ws3-170.freeformit.com

1 Like

rsync is used to update antivirus signatures.
It’s the most efficient way, if rsync is blocked it reverts to full sig download with curl or wget.


ok, the traffic really wasn’t correlating with what I saw in the web filtering.