I was running Wireshark and saw the usual stuff, ARP, NTP and DNS. The DNS requests were going to conncheck.opensuse. org, this is also what I saw in the NetworkManager config.
There was a TCP connection (port 80) openend from my machine to hydra.opensuse.org. When I go to hydra.opensuse.org in my browser, I get a login screen which says: ‘The site says “Monitor”.’
I’ve never seen openSUSE (or Linux in general) making tcp connections on it’s own. For now I made a rule in /etc/hosts so the connection is gone, but what causes it?
I’m using openSUSE 42.2 with plasma5 desktop, no programs which require internet were opened, static ip. Update notifier is disabled and PackageKit is not installed.
I know there is a program called Hydra, which is not installed. I also ran Wireshark on another system, also openSUSE 42.2 but with the XFCE desktop and no outgoing TCP connection to hydra.opensuse.org was made.
Based on the NetworkManager.conf that you are showing (good you added it!) I am quite sure the source of the traffic is the Network Manager checking for connectivity.
If you do not like this, I think that with NetworkManager.conf you found how to change this or disable this.
