Posted: Sat Jul 11, 2020 21:53 Post subject: Unusual connection
I apologize if i posted this in the the wrong forum, but can someone help me understand why I might be seeing this.
I'm using the router as an AP with WPA2/AES and using the default settings.
Under active connections in the GUI I see an unknown to me source IP address of 14.240.128.1 connecting to destination IP 255.255.255.255.
I THINK I was able to make it go away by adding "iptables -A INPUT -s 14.240.128.1 -j DROP"
I also wanted to make sure all my ports were closed and visited the Shields Up website and scanned my router ports and found it was all closed up and stealth status.
I really couldn't get any concrete information on the source IP address, other than being used for spam, but not 100% sure.
This IP is definitely not associated with my ISP. It's also in a totally different country.
I normally log into the web interface using Firefox and this Firefox profile has no addons installed because I'm fully aware Firefox likes to connect to various IP's during startup and they check out as normal. I also ran netstat and everything looks fine.
The only thing I'm thinking is that it's some sort of spam address scanning my ISP's WAN subnet.
If you have any more ideas on what to look for, I'd really appreciate it.
you'd need one like this
iptables -I FORWARD -s 14.240.128.1 -j DROP
In your opinion, should I even have to add to iptables if I'm using the stock iptables config and security settings? I'm trying to get a better picture of why I'm seeing this type of connection in the first place. Just to reiterate, I have no unusual connections coming from my PC and I went to Shields Up website and ran a scan with stealth mode results and no ports open. Thanks
It happened again. This time it's coming from a private IP address. I found out after resetting the router, using the default settings and I only connected my main computer to the router. Just to clarify, I only see this in the active connections tab and then it times out after 20 secs. I'm assuming it's coming from the cable modem. Any clues?
If it is coming from a private ip address that means that one of your computers is trying to make a connection out, I am confused as to why you think it is the modem.
You need to look at your OS and track down what is making the attempt (what software/such do you have installed?) I think it is a little off the DD-WRT topic though.
I did more searching and found someone on another forum with a similar issue. Apparently, some ISP's are doing something called "squat space" in order to deal with a shortage of IPv4 addresses. I won't bore you with the details, but it's an interesting topic and I'm sure some of you are getting this, but never noticed it.
**edit***
Here's is a good article on the topic if anyone is interested.