I ran tcpdump overnight. Nothing ran that connected to the Internet other than a single time check. In the morning I found 499 accesses by lax31s19-in-x0a.1e100.net (which resolves to 2607:f8b0:4007:818::200a by ping). 'whois' on this found nothing. A DDG search attributes it to Google. When I try to http-connect it gets redirected to www2.net.net, which won't let me browse because it detects an ad blocker, which I don't have, in both seamonkey and Firefox. Knows anyone about this?

Thanks. Firefox wasn't running. I wasn't browsing anything, was in bed. I don't browse YouTube. A whois on 1e100.net refers to markmonitor.com, which shows no obvious connection to Google. It uses Google's name servers, but I think lots of people do.

It could just be a random port scan. Google has web crawlers working 24-7 to feed its search engine.

Do you have incoming connections blocked in you firewall?

I lack a firewall. My router requires specific IP addresses. As near as I can tell Slackware has none. What do you recommend?

Well, Slackware does come with iptables, which is a firewall capability built into the kernel, but it is not configured out of the box.

As easy-to-use frontends for configuring it, I recommend ufw or gufw (gui-ufw). You can find both of them at slackbuilds.org.

I also would recommend closing incoming ports in your router unless you have a positive need for them.

I'm using it now, but it requires specific addresses, not ranges.

If that's possible I'll have to figure out how to do it. Many of these queries are zero-length queries to the https port. Since I'm not running a webserver they just get rejected. Most of the others are ICMP - I have to leave that on right? sendmail is listening, but I don't think I serve any other port. None of the queries are on 25.

There should be some way to log into your router and configure it. Check your router documentation.

As an aside, I just got a system "upgrade" from my ISP. As part of their "upgrade" they replaced my router with one of theirs (it has to do with the fact that they are also my cable provider, and their router is more compatible with their cable service, as now TV shows that I've "saved" for future viewing are now in their "cloud" and no longer on my cable box). I must say, their new router is much faster than my old one and the saved shows are working fine, but I still haven't figured out how to log into the router. But I will.

As regards iptables, take a serious look a ufw/gufw. They give you the capability of blocking incoming ports with a couple of commands.

Good luck.

I log into it daily. The only blocking in the firewall is a single IP at a time.

Do you use it? I had to supply a slew of other stuff, 2 of which wouldn't build. Even if it does block a whole domain with millions of entries in iptables, I don't know I'd like that.