looks like this is some sort of attack from Russia:
IP Information - 95.83.173.208
|**Host name **
|
|95.83.173.208.spark-ryazan.ru
|
|Country|Russian Federation
|
|Country Code|RU
|
|
|
|
||
|||
I’m on an internal network, no server open in it, and the Internet connection is my ISP Box working as gateway/router, so I wonder how the russian can have sniffed my internal IP?
As far as I know, the only other computer on the network is a linux/openSUSE box. I have an eth printer, but old kind, no net access.
Did you just reboot from running Windows (or other operating system), and were you doing something on Windows that could have set an entry in the router NAT table – say game playing or using bit torrent ?
Why do you think they sniffed the internal IP ? Most likely some script is trying the most popular IP addresses. Anyhow the DST IP is most likely something that your ISP router sets with DNAT. So most likely the russian target the external IP of your ISP.
I would ask the ISP about this. Anyhow it’s good that you have a firewall enabled as the traffic was dropped by it.