I frequently get notices from my firewall that a known high risk internet address is attempting to connect to my MCH device. It is running 7.16.0-220 and is set to Local. These addresses from all over the world. How is the MCH even being seen from the Internet and how do I stop this?
Which router firewall and what “high risk” IP is shown?
Disable UPnP.
See if you can block or deny the IP or Mac address in your router. See example image from my router.
I have a COX Panoramic router. High risk IP’s are from all over, eg; 23.129.64.212 from USA 89.248.165.89 from Seychelles or 185.220.101.46 from Germany. I get several of these reports every week. There does not seem to be any way to turn on’/off UPnP in the user interface. Port Forwarding is OFF on the router so maybe I just don’t see the UPnP setting? Is the MCH using UPnP and broadcasting its ID to the Internet?
Probably has nothing to do with MCH but has something to do with bittorrent as that USA ip is a tor exit node, 40% of which is bittorent and is considered as low to middle risk. COX is just being nosy and covering their backs. Use a VPN and/or get your own router to control your traffic as COX locked many of the settings of their router in the cloud and not easily accessible by the home user.
What perplexes me is how is anything on the Internet detecting the MCH? How is it broadcasting its presence?