On Thu, Dec 21, 2023 at 10:31:06AM -0500, Pocket wrote: > All you should be seeing is scans which you can not prevent.
I am looking at incoming packets with tcpdump. This sees packets *before* they are filtered by iptables. > What are you using for a firewall? Something hand rolled. Reasonably complicated (over 300 rules) as it deals with: internet, VPN, DMZ, internal network for virtual machines. It is NOT a firewall issue. > It is my belief that your firewall is NOT setup correctly and that is why > you are seeing the traffic. My firewall *cannot* deal with packets before they hit my machine. They only hit my machine after they have arrived over broadband. The only thing that I might be able to do is to somehow prevent discovery that my machine is listening on port 80 -- that would mean somehow distinguishing between a genuine visitor and one that is mapping the Internet to later pass that map somewhere else which generates the unwanted traffic that I see. > Amazon AWS system. should not be able to hit your http server, unless you > want it to. How do I distinguish between wanted & unwanted connections. The only thing that I can think of is to DROP incoming packets if the source port is 80 or 443 - which would disrupt the mapping process. However: if the mapping process uses normal TCP (ie high/random port number) this would do little. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include <std_disclaimer.h>