On 12/21/23 10:50, Alain D D Williams wrote:
On Thu, Dec 21, 2023 at 10:31:06AM -0500, Pocket wrote:
All you should be seeing is scans which you can not prevent.
I am looking at incoming packets with tcpdump. This sees packets *before* they
are filtered by iptables.
What are you using for a firewall?
Something hand rolled. Reasonably complicated (over 300 rules) as it deals
with: internet, VPN, DMZ, internal network for virtual machines.
It is NOT a firewall issue.
If I am correct you don't want any thing from the outside to hit your
web server?
If so your firewall is not configured correctly.
It is my belief that your firewall is NOT setup correctly and that is why
you are seeing the traffic.
My firewall *cannot* deal with packets before they hit my machine. They only
hit my machine after they have arrived over broadband.
The only thing that I might be able to do is to somehow prevent discovery that
my
machine is listening on port 80 -- that would mean somehow distinguishing
between a genuine visitor and one that is mapping the Internet to later pass
that map somewhere else which generates the unwanted traffic that I see.
Which points to your firewall not being correct.
Amazon AWS system. should not be able to hit your http server, unless you
want it to.
How do I distinguish between wanted & unwanted connections. The only thing that
I can think of is to DROP incoming packets if the source port is 80 or 443 -
which would disrupt the mapping process.
However: if the mapping process uses normal TCP (ie high/random port number)
this would do little.
What mapping process?
--
Hindi madali ang maging ako
