Re: mysterious/suspicious internet activity.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A non expert response.

On Wed, 02 Dec 2020 16:09:16 -0000
"home user" <mattisonw@xxxxxxxxxxx> wrote:

> A few years ago, I saw in the system journal numerous log-in attempts
> by outsiders from all over the world, and opened a thread about that.
>  Now such attempts are blocked by the firewall.  If an outsider tries
> to communicate with my workstation, and the firewall blocks the
> attempt, will the attempt show up in the network activity panel of
> ksysguard? Will that attempt show up in the iftop display?

I don't know about ksysguard, but I think they should show up in iftop,
as they make it through the hardware connection (ethernet or wireless).

> --------------- begin text file ---------------
[snip]

These all appear to be OK.
> -----
> some captured iftop lines
> -----

These appear to be from someone looking for open ports in the comcast
range, so they can try exploits.  The firewall seems to be stopping them
dead. I think you might be able to configure your router so that these
are rejected there instead of making it through to the firewall.  You
would have to log in and then go to whatever configuration it has for an
internal firewall, and disable them there, if it is even possible.  It's
been a long time since I configured mine, but I don't see these
attempts on my ISP's range in my firewall, though I used to.  However,
my ISP might now be actively blocking such attempts, while comcast
isn't.

Most of the attempts I used to see were for window's exploits, though
there were a considerable number of attempts to use ssh.  Do you have
sshd disabled if you are not using it?  As root,
systemctl status sshd
It should be inactive (dead) if it is not being used.  I keep it masked
so that updates don't reactivate it from disabled state.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux