Solved Why am I getting failed connections from china?


scubieman

Recommended Posts

why? because every standard port gets every some seconds scanned. thats normal.

 

Thats how worms and such spread.

 

Thats also why you shouldnt face your unraid to the outside (at very least not with standard ports). unraid is not hardend to be reachable from the internet. Its intented for LAN.

 

Security might be added at some point tho.

Edited by nuhll
Link to comment
Just now, nuhll said:

So you removed that port forwarding in your router? Just to be sure.

That was port 32400 used by plex. I set it so all traffic using that ip address will not leave my network.

 

Short term solution. Trying to set up pfsense thinking of switching to that.

 

However my dockers seem to reach the internet still. Not sure why or how

Link to comment
1 minute ago, trurl said:

Outgoing connections are normally allowed, and responses to those are allowed. Just think of web browsing, for example. What isn't allowed normally are unsolicited incoming connections.

just like nuhll said. It should be blocked at the router before reaching the server right?

Link to comment
1 hour ago, scubieman said:

I sure am! last one was like ten seconds ago. 

 

Right now its 17:16 for time

image.png.fc0842a86defab34168ed9e0a9db7659.png

You are also getting ssh connection attempts.  This usually only happens if you have open ports or have your server in the DMZ.

 

Go to this site and click the Proceed button after doing a little reading.  Then run the Common Ports and All Service Ports scans to see what is reported regarding port security.

 

You want to see results like the following:

 

 

Ports.PNG

Link to comment
Such requests should not be reaching your server if it is behind a router!   You have not by any chance put the server into a DMZ zone on the router (as that means your are bypassing the routers protection against incoming connections from the internet)’/
I agree 100% . However I didn't change anything from my router after I set up unraid. Only thing is one port forwarding for Plex. I have no idea how to stop this. I guess it should be set by default to block all incoming. I may need to reach out to manfactor. Thinking switching to pfsense but at first glance it scares me lol

Sent from my Pixel 2 XL using Tapatalk

Link to comment

I ran it.

I ran the 2 test you recommended and both came back success.

 

image.png.6ba69493669d7e4b1d9b2b8575ecb3ab.png

8 minutes ago, Hoopster said:
You are also getting ssh connection attempts.  This usually only happens if you have open ports or have your server in the DMZ.
 
Go to this site and click the Proceed button after doing a little reading.  Then run the Common Ports and All Service Ports scans to see what is reported regarding port security.
 
You want to see results like the following:
 
 
Ports.thumb.PNG.0c1cee519ca940959b80c08eddabdb11.PNG

 


Sent from my Pixel 2 XL using Tapatalk
 

 

Edited by scubieman
Link to comment
4 hours ago, scubieman said:

my unraid is behind a edgerouter x

My router is the Ubiquiti USG. I imagine the EdgeRouter X is very similar in its security functions. 

 

If you only have the Plex port forwarded, perhaps something changed in your router configuration that resulted in it being exposed to the Internet somehow?

 

I have the Plex port as well as OpenVPN port forwarded on the USG, but, nothing else and I have never seen the telnet and ssh connection attempts you are seeing. Shields Up reports all my router ports are in stealth mode and refuse to acknowledge any connection attempts.

Link to comment
4 minutes ago, Hoopster said:

My router is the Ubiquiti USG. I imagine the EdgeRouter X is very similar in its security functions. 

 

If you only have the Plex port forwarded, perhaps something changed in your router configuration that resulted in it being exposed to the Internet somehow?

 

I have the Plex port as well as OpenVPN port forwarded on the USG, but, nothing else and I have never seen the telnet and ssh connection attempts you are seeing. Shields Up reports all my router ports are in stealth mode and refuse to acknowledge any connection attempts.

 

I have openvpn installed on my ERX but its disabled as of now. I dont even have openVPN port forwarded. Only thing is plex.

 

Maybe i should change plex IP then port forward to that for whatever reason

 

 

Adding one more thing that is interesting....

image.thumb.png.ec81d9f9cd259cb9174ff48ea21d11f3.png

image.thumb.png.06ae1d8ff772f300bf1fe3870ee0aa6c.png

Edited by scubieman
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.