Re: [PLUG] Network question

You can run tcpdump on the machine that is the target of the unwanted traffic to try to verify if it is actually connecting. If you want you can port forward to 0.0.0.0 which effectively blackholes the unwanted traffic. You can use nmap to see if you have any ports open to the outside. Your ISP should have no problem with you running nmap on your own external IP address. Any router ports you can't close can be blackholed by port forwarding to 0.0.0.0.

Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.

On Tue, May 14, 2024 at 10:34 AM Steven Grunza via plug <plug@lists.phillylinux.org> wrote:

Am I correct in assuming all of these seemingly random TCP connection attempts are attempts to hack into my network?

The destination address is my DMZ machine. I tried using Port Forwarding but it didn't work so I am trying DMZ (basically forward everything to a particular machine).

I was able to ssh from a remote machine into my network for about two days before I started getting "no response" messages (I forget the exact message).

I was able to see that while I was trying to connect, there were not packets from the remote network machine I was using, just all this junk.

I really don't want to pay for both home Internet access and AWS services just to host a MQTT-SN / MQTT broker but it's looking like I might need to give up on Comcast being able to provide outside network access to my server.

___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug