Stop China from connecting to my Google Compute Engine server

hacking firewall linux-networking google-compute-engine china

Solution 1:

Firewalls have two main choices when receiving unwanted connection attempts.

  1. REJECT - send a response saying the port/service/etc is closed or
    unavailable
  2. DROP - don't respond and just drop the packets

The words REJECT/DROP aren't standard or used across all firewalls but the difference between the concepts behind the two possible actions will be there. You want to do the equivalent of DROP so there is no outbound traffic. As mentioned by others inbound traffic incurs no charges.

Solution 2:

There is no charge for the Google Compute Engine ingress traffic. Take a look at GCE network pricing. If you've been charged for the ingress traffic, you can contact the Cloud billing team to clarify and fix the charge.

Regarding the requests to port 11, as far as this port is blocked in your GCE network's firewall your VM instances should be safe and the requests should not eat up the bandwidth.

I'm curious to know the way in which you monitor these requests.

Related

Virtualization - Ten 1Gbps links or one 10Gbps link? (Performance)
safely upgrade glibc on CentOS 7
what is the difference between /etc/issue.net and /etc/issue
How do I test connection from Linux to Microsoft SQL Server?
How to find which template is used for a site or a page in SharePoint
Every single time I use sudo it hangs before completing
How do I measure disk thrashing on linux?
How to drop all tables in a MySQL database without dropping the database?
installing msttcorefonts on ubuntu
How do I ssh into a box as another user given that host user has no ssh key on the remote machine
Thoughts on Free Splunk
tcpdump: capture one of several vlans