I am running Mint 21.2 XFCE and using the UFW Firewall (using GUFW) as
well as a personal VPN to the internet.
Beginning of last week I became aware of a lot of connection to and from
<some sub domain>.dreamsinheels.com (no it is not a dodgy porn site). I
use the term some sub domains as I have counted around 24 different sub
domains so far there probably more. The connection are both ways in and
out but greater amount of data is going out.
I have checked for Root kits but nothing was found.
The issue I have is I have not been able to block the connection, all
the sub domains seem to be coming from 185.151.30.148 port 42474 which I
have tried to block both in and out on both TCP & UDP with the rule to
reject, but they are still showing as making connections. I have
requested the action to be logged but don't see any logs. The only thing
I have noticed is that the different sub domains seems to be using
different ports 45510, 42474 & 43646 to name three, how do I block a
range from 1 to 65,535 (can't remember the number of the last port).
Can anybody help with some advise please on how best to block this
access please.
Tim H
--
Next meeting: Online, Jitsi, Tuesday, 2024-01-02 20:00
Check to whom you are replying
Meetings, mailing list, IRC, ... http://dorset.lug.org.uk
New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
