On 02/08/2019 14:12, Fred Smith wrote: > > but the amount of attempted traffic on that port certainly does seem > like it could be a botnet banging on me. One thing that you could try is to port forward that port to an actual listening port (think like running nc/netcat in listening mode). That way it will complete the TCP handshake and you can see what commands (if any) it sends, might be useful to record it with tcpdump / wireshark.