A non expert response.
On Wed, 02 Dec 2020 16:09:16 -0000 "home user" mattisonw@comcast.net wrote:
A few years ago, I saw in the system journal numerous log-in attempts by outsiders from all over the world, and opened a thread about that. Now such attempts are blocked by the firewall. If an outsider tries to communicate with my workstation, and the firewall blocks the attempt, will the attempt show up in the network activity panel of ksysguard? Will that attempt show up in the iftop display?
I don't know about ksysguard, but I think they should show up in iftop, as they make it through the hardware connection (ethernet or wireless).
--------------- begin text file ---------------
[snip]
These all appear to be OK.
some captured iftop lines
These appear to be from someone looking for open ports in the comcast range, so they can try exploits. The firewall seems to be stopping them dead. I think you might be able to configure your router so that these are rejected there instead of making it through to the firewall. You would have to log in and then go to whatever configuration it has for an internal firewall, and disable them there, if it is even possible. It's been a long time since I configured mine, but I don't see these attempts on my ISP's range in my firewall, though I used to. However, my ISP might now be actively blocking such attempts, while comcast isn't.
Most of the attempts I used to see were for window's exploits, though there were a considerable number of attempts to use ssh. Do you have sshd disabled if you are not using it? As root, systemctl status sshd It should be inactive (dead) if it is not being used. I keep it masked so that updates don't reactivate it from disabled state.