Menu
What's new
By:
Filters Better Search

AT-RX58U Large amount of blocked incoming connections

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

mattyboolin

mattyboolin

New Around Here
Hello all, apologies if I'm at the wrong place.

I recently noticed in my system log that I'm getting a ton of incoming connections that are all from (according to AbuseIPDB) malicious sources overseas. I'm not the most network-savvy individual, but I'm pretty sure that's what I'm looking at. Here's a ss of my log:
syslog.png

Any insight on what the deal with this is? Should I install something like skynet to ensure my network is secure? As far as I can tell they aren't trying to connect to a specific device on my network, but I could be mistaken. Thanks in advance for any help that can be offered.
 
Your picture is hard to read but it looks like normal internet port scanners. That's why you should turn off logging of dropped packets, it's pointless having it on.
 
ColinTaylor said:
Your picture is hard to read but it looks like normal internet port scanners.
Click to expand...

Exactly - it's the internet's version of the Cosmic Background Radiation

Could be fun to just plot all of this 'traffic' as a heat map...
 
ColinTaylor said:
Your picture is hard to read but it looks like normal internet port scanners. That's why you should turn off logging of dropped packets, it's pointless having it on.
Click to expand...
Guess that really puts into perspective why you shouldn’t open up random ports. Thanks for easing my paranoia.
 
mattyboolin said:
Guess that really puts into perspective why you shouldn’t open up random ports. Thanks for easing my paranoia.
Click to expand...

Personally I just use skynet to geoblock most of the highest offending country’s. You’ll still receive the logs, but even if you port forward then it’ll still be a block for the scanners of those countries. CDN’s allow for local distribution within your country of popular websites. If theirs a website you need that’s blocked just whitelist it. Maybe an extreme way to firewall, but the only issue I’ve really had is when playing non steam games that host by peer to peer. People can be anywhere so geoblocking has its drawbacks. Plus side none of my cheap Chinese IoT devices directly phone home or share analytics with companies like Alibaba.

Skynet can also block by ASN most of the scanners own a ton of ip addresses, but they typically have a ASN number association even if it’s originating from a hosting company. Block the ASN and it typically blocks all ip’s from the scanner.
 
Last edited:
DJones said:
Personally I just use skynet to geoblock most of the highest offending country’s.
Click to expand...

The highest offending countries are China and USA. Brazil, India, Germany come next. All they have large Internet hubs for multiple common online services. And there are proxies, Chinese hacker may hit you via USA based server. You obviously didn't block the second largest offender for some reason. Then come your free community supported block lists with unknown reaction time. A fresh active IP is most likely not included. You basically firewalled yourself and this gives you some false sense of increased security. You also firewalled all your network users based on your understanding of things.
 
Tech9 said:
The highest offending countries are China and USA. Brazil, India, Germany come next. All they have large Internet hubs for multiple common online services. And there are proxies, Chinese hacker may hit you via USA based server. You obviously didn't block the second largest offender for some reason. Then come your free community supported block lists with unknown reaction time. A fresh active IP is most likely not included. You basically firewalled yourself and this gives you some false sense of increased security. You also firewalled all your network users based on your understanding of things.
Click to expand...

Unfortunately you’re correct, I have no misunderstanding that blocking yourself in against the torrent of what is the internet is practically impossible beyond unplugging yourself from the net. Even the largest of companies that monitor all data incoming and outgoing have holes in their networks because otherwise it would negatively affect their users. Encryption makes monitoring as a man in the middle basically useless. It’s a balancing act of what is acceptable, and what is paranoid level of security. Even the best I could manage myself is hardly adequate, and merely as you say a false sense of security.

That said it’s just my home internet so really don’t care that much. My homelab is just me playing sysadmin for fun, and learning.
 
Last edited:
You must log in or register to reply here.

Similar threads

V
Flashed the wrong AX68U Firmware on your AX86U Mesh Router and Can't Reset? This is how I fixed it
Replies
4
Views
568
Tech9
Tech9
Nick B
Allowing Incoming WAN Connections for WireGuard Client Listed in Director
Replies
7
Views
1K
arkywein
A
J
Compiling a extreamly basic Asus firmware stripped of every single add-on made
Replies
4
Views
1K
Hawk
Hawk
R
Large number of UNDEF connections to OpenVPN server
Replies
13
Views
4K
ragnaroknroll
R
M
Strange IP DCHP adress at Wifi connections (openvpn active , FW 386.7-2 , RT-AC 86U)
Replies
9
Views
2K
RMerlin
RMerlin

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 903 (members: 23, guests: 880)
Top