This IP is definitely not associated with my ISP. It's also in a totally different country.
I normally log into the web interface using Firefox and this Firefox profile has no addons installed because I'm fully aware Firefox likes to connect to various IP's during startup and they check out as normal. I also ran netstat and everything looks fine.
The only thing I'm thinking is that it's some sort of spam address scanning my ISP's WAN subnet.
If you have any more ideas on what to look for, I'd really appreciate it.
you'd need one like this
iptables -I FORWARD -s 18.104.22.168 -j DROP
In your opinion, should I even have to add to iptables if I'm using the stock iptables config and security settings? I'm trying to get a better picture of why I'm seeing this type of connection in the first place. Just to reiterate, I have no unusual connections coming from my PC and I went to Shields Up website and ran a scan with stealth mode results and no ports open. Thanks
It happened again. This time it's coming from a private IP address. I found out after resetting the router, using the default settings and I only connected my main computer to the router. Just to clarify, I only see this in the active connections tab and then it times out after 20 secs. I'm assuming it's coming from the cable modem. Any clues?
I did more searching and found someone on another forum with a similar issue. Apparently, some ISP's are doing something called "squat space" in order to deal with a shortage of IPv4 addresses. I won't bore you with the details, but it's an interesting topic and I'm sure some of you are getting this, but never noticed it.
Here's is a good article on the topic if anyone is interested.