checking for errors in the logs and apparent http/https issues, i discover i addresses that are unfamiliar to me, and certainly not defined in one of the services in my setup.
If i google them there’s various mentioning. mostly from China also MariaDB was found strangely enough. right now im seeing http://221.194.47.221:50659, even being connected so it worries me quite a bit.
anyone recognize this behavior?
Do we have some alert mechanism available in Hassio for unknown/undefined connection attempts? I do have the max try setting in http, but apparently this is something different?
Anytime you are connected to the Internet, you are being scanned for open ports, and application vulnerabilities.In this case, the port number looks like it is outbound rather than inbound.What device do you have that might be initiating a connection?
There used to be a persistent notification when there was a failed login attempt. I haven’t tested it in a few months so I don’t know that it still works, but it was there at one time.
My router logs all the connections to my HA instance and e-mails them to me each morning. Its 99% me but its nice to see any other connections and get them blocked. Blocking on geographical location is also very nice and a few custom rules means most connections are blocked. You will definitely get connections from all over the world if you have a port open. This isn’t necessarily malicious activity as there are a lot of web crawlers just surveying what is out there.
I have never seen anything like that show up in my logs though. Be aware that anything with a ‘cloud connection’ or an app that lets you connect remotely can go to a server anywhere in the world for its connection. Chinese products often connect back to Chinese servers.
sure the persistent notification is there, at least i see it pop up when i type the wrong password…
but i don’t think it works for ssh logins? Ill go and search for that.
the only thing i can think of was a few Foscam cameras i tried and returned since the apps were so crappy.
i just down like this: Connection from 221.194.47.221 port 59744 on 172.30.33.2 port 22
How to check that, and more importantly how to stop and prevent.
How to check that, and more importantly how to stop and prevent.
What device is at 172.30.33.2 on your local network?
What custom rules do you have?
Router firmware is this, coupled with pfblocker add on using some of the default country blocking and some custom lists. Its a bit of a rabbit hole getting it all setup and working but I like the control and logging it provides.