I noticed an unusual connection on my server when I ran netstat. Here's what it shows:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp6 0 0 homeserver:48568 2606:b740:1:20::1:https ESTABLISHED
When I looked up the foreign address, it seems to belong to Hurricane Electric Internet Services, an ISP located in Florida. I've got ufw enabled with rules that either limit access to my PC's IP or allow traffic to port 8096 for Jellyfin.
So, I have a couple of questions: 1. Does this indicate a potential intrusion? 2. Is there a way to terminate this connection using a Terminal command without having to unplug my Ethernet or shut down? By the way, I'm running Ubuntu Server 24.04.
1 Answer
This connection is actually outgoing from your home server to that web server. Hurricane Electric is a well-known ISP, so seeing a connection to their IP isn't unusual. If you want to check which process is making that connection, add a -p flag when you run netstat.
What makes you sure it's an outbound connection rather than an inbound one?