So, I’ve been watching this for a bit, actually went ahead and made a rule to block the traffic, but I thought I’d drop a line here and ask if anyone has any insight as to why ns6.7 is constantly talking to the world at large on port 873 (rsync).
I’ve run reverse lookups on a few of the ip’s from my fw that are being reached out to by the ns servers.
ovh-hosting.network-studio.com 188.8.131.52 web.virusfree.cz 184.108.40.206 rsync-mirror.rollernet.us 220.127.116.11 resolv3.vianetworks.de 18.104.22.168 spamexperts3-mirror.sanesecurity.com 22.214.171.124 ? 126.96.36.199 185-12-6-218.freeformit.com 188.8.131.52 saturn.retrosnub.co.uk 184.108.40.206 patroklos.noc.ntua.gr 220.127.116.11 bart.sas-systems.net 18.104.22.168 postfix.charite.de 22.214.171.124 mail.espmail.co.uk 126.96.36.199 mirror.vaniersel.net 188.8.131.52 ? 184.108.40.206 ws3-170.freeformit.com 220.127.116.11