On 2020-02-01 04:31, Samuel Sieb wrote: > On 1/31/20 6:37 AM, Michael Eager wrote: >> Apparently, my original post was not as clear as I thought. >> >> Password authentication on the workstation is disabled and port 22 >> is not forwarded by the firewall. >> >> Fail2ban would not answer the question of where the SSH access is coming >> from on the LAN. If something on the LAN is forwarding SSH connections, >> knowing that the IP is in China does not give me info about where this >> is happening. > > Your original post was completely clear. However, something is happening on your network that you aren't aware of. The fact that you are getting connections from an external IP address means that somehow there is a path from the external internet to this computer. It's possible that another computer on your network could somehow be routing incoming packets to the computer, but the outgoing ones have to be following the default route to the default gateway. An interesting split routing. tcpdump (or wireshark) will give you the mac address and if it doesn't match your gateway, you will have to track down which computer has that mac. And in that regard the "arp" command may be useful. That is if one is aware of what IP addresses on the LAN belong to what devices. -- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx