My firewall gets hammered with traffic to port 443 after switching ISP, what's going on?
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My firewall gets hammered with traffic to port 443 after switching ISP, what's going on?
Hi! I very recently switched from a Telia DSL connection to a small ISP via a local fiber network. Now, after switching ISP, my firewall blocks a lot of incoming traffic to port 443. I don't run any web server or anything, and when I checked a few random source addresses, they're all originating from China. Any ideas what's happening?
Sounds like you drew a short straw. Some Chinese guys have your IP address and they think that something's there. If you've got a dynamic IP, the last person to have your address probably had something they were interested in.
I'd unplug your router/modem for a while to try to get a new IP. Don't know how long it will take. I'd start by leaving it off overnight, but it might take longer. Some routers give information about when their DHCP lease expires; I'd make sure that it's off when that happens so it can't renew it.
You might also try contacting your ISP and tell them what's going on, but I don't know what they will be able to do about it.
Hi! I very recently switched from a Telia DSL connection to a small ISP via a local fiber network.
It is possible that you have always had these incoming connections but you never noticed because your DSL router (or maybe your ISP) was blocking them for you. People are always scanning random IP addresses hoping to find unpatched security holes - I get loads of connections from China too on www and ssh ports. There isn't anything you can do to stop it, just make sure you don't have any services running that don't need to be and make sure your firewall is turned on.
If your fibre modem is connected directly to your PC then your PC will have a public IP address which is why all connections are making it to the PC. To stop that you could get a separate firewall which plugs in between the fibre modem and your local network (which may be similar to how your DSL was set up).
Sounds like you drew a short straw. Some Chinese guys have your IP address and they think that something's there. If you've got a dynamic IP, the last person to have your address probably had something they were interested in.
I'd unplug your router/modem for a while to try to get a new IP. Don't know how long it will take. I'd start by leaving it off overnight, but it might take longer. Some routers give information about when their DHCP lease expires; I'd make sure that it's off when that happens so it can't renew it.
You might also try contacting your ISP and tell them what's going on, but I don't know what they will be able to do about it.
Thanks, I'll try that!
Quote:
Originally Posted by af7567
It is possible that you have always had these incoming connections but you never noticed because your DSL router (or maybe your ISP) was blocking them for you. People are always scanning random IP addresses hoping to find unpatched security holes - I get loads of connections from China too on www and ssh ports. There isn't anything you can do to stop it, just make sure you don't have any services running that don't need to be and make sure your firewall is turned on.
If your fibre modem is connected directly to your PC then your PC will have a public IP address which is why all connections are making it to the PC. To stop that you could get a separate firewall which plugs in between the fibre modem and your local network (which may be similar to how your DSL was set up).
My DSL connection is still active, so I connected my router to that again and checked, but it's only with my new connection I get that specific traffic from China to port 443. On my DSL connection the blocked incoming traffic is more "random", so I think maples might be right.
On my old connection my DSL modem just acts as a modem and my MikroTik router gets a public IP. With the new I just connect my router to an ethernet jack in my apartment and my router gets a public IP.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
