Answer the question
In order to leave comments, you need to log in
Why are there so many incoming connections?
Looked at a broad gull and is a little puzzled. Lots of rows from blocked connections. For example:
Mar 18 10:41:03 Home kernel: [ 697.350008] [UFW BLOCK] IN=eth0 OUT= MAC=xxxxxxxxxxxxxxxxxxxxxxxxxx SRC=204.42.253.2 DST=xxxxxxxxxxxx LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID= 11490 DF PROTO=UDP SPT=51374 DPT=123 LEN=20
Mar 18 10:41:55 AM TOS=0x00 PREC=0x00 TTL=49 ID=55103 DF PROTO=UDP SPT=43481 DPT=53413 LEN=9
Mar 18 10:42:03 Home kernel: [ 757.751833] [UFW BLOCK] IN=eth0 OUT= MAC=xxxxxxxxxxxxxxxxxxxxxxxxx SRC=65.52.229.71 DST=xxxxxxxxxxxx LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=41952 PROTO=TCP SPT=1185 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0
The firewall policy blocks all incoming ones, but why are there so many of them? What attracts them? Panic or ignore? Thank you.
Answer the question
In order to leave comments, you need to log in
DPT=3389, DPT=123, ..., standard potentially vulnerable services. For certain also on sssh passwords will sort out if will find.
Botnets will scan everything they can for vulnerabilities.
Attracts a live host on a white IP address. Humble yourself.
And update.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question