It appears that I'm getting FTP connection attempts from unknown sources. The SYN_RECEIVED state is nearly always showing.
C:\Users\Administrator>netstat -aon | findstr "1596"
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1596
TCP 198.XXX.XX.XX:21 121.254.204.3:21 SYN_RECEIVED 1596
TCP [::]:21 [::]:0 LISTENING 1596
I have added my remote ip-address on "IIS - FTP IP Address and Domain Restrictions", is that enough? Anything more I can do like an incoming rule on the Firewall?
Thanks.