On 03/12/2020 00:02, home user wrote:
(I sent this to the list three times in the past two days; it
apparently never arrived, and it did not bounce.)
I rebooted, and did a few netstat's and an iftop while the workstation was
"quiet". I pasted output from 2 netstat runs into a text file.
I paused the iftop display many times to grab line pairs of interest, and pasted those
into the text file that has the netstat runs.
The text file is attached.
Most of the entries in the iftop display involve comcast, my internet service provider.
Quite a few unexpected addresses also show up in iftop. A few questions come to mind...
A few years ago, I saw in the system journal numerous log-in attempts by outsiders from
all over the world, and opened a thread about that. Now such attempts are blocked by the
firewall. If an outsider tries to communicate with my workstation, and the firewall
blocks the attempt, will the attempt show up in the network activity panel of ksysguard?
Will that attempt show up in the iftop display?
Well, it is really difficult to determine the source of those small packets.
You may want to run iftop with -Pn to make sure the port numbers are listed.
Thing suchs as
c-98-245-12-4.hsd1.co.comcast.net =>
no-mans-land.m247.com 0b 54b 14b
are meaningless without a port. Also, if one does a lookup they would see...
[egreshko@meimei etc]$ host
no-mans-land.m247.com
Host
no-mans-land.m247.com not found: 3(NXDOMAIN)
So, what is the real IP address of that hostname? And how did your system come up with
that name....
The best tool for this is "wireshark" and capturing network activity with
filters on maybe one IP address which
appears most often.
Also, go back and run "lastb" to make sure your firewall is actually blocking
incoming logins.
It also makes things difficult for others to diagnose without a clear understanding of
your network
topology. Is the host directly connected to the Internet with public IP addresses?
Running IPv4 and IPv6?
Is the host behind a router and using NAT? etc....
---
The key to getting good answers is to ask good questions.