The internet provider called me by phone and there is reflected data volume of 1 GB per month.
What is that (reflected data volume) supposed to mean?
They usually don’t call you, btw.
You call them and they get back to you.
What do you mean by “reflected”. Do you mean traffic originating from within you network to destinations in the internet, that your provider drops? If this is the case, your Router and Firewall cascade will not help unless you extremely precise know the traffic, and if so simply remove the rouge device(s) from your network.
Or do you mean the traffic originating from the internet that your provider blocks before it reaches your outer router? In this case, don’t worry this is normal in today’s internet.
If you don’t know, maybe use the german word for it.
Why I ask:
- where is the problem with the ssh access to the firewall
- How to prevent and disable the problem
It is routing and/or DNS. You did not shared enough information to determine this.
Fix either the routing or the DNS. Also you might want to rethink your local network topology. The router and firewall cascade will not make your network more secure, it just adds problems. But its your network. 
1 Like
Maybe it was a… telephone scam…
OP seems to meet the target demographic.
3 Likes
The internet provider is Telekom.
You also gave me the address, from where this hacking comes from.
Reflected data volume = incoming data, which rejected by the firewall
This is not a problem and totally normal. There are billions of unwanted requests to all possible address.
… that much was understood
But that “THEY” call you to tell you about it is weird.
After all - for them it is just incoming data.
It’s not that they suffer from it because it is somehow reflected back to them and they will have to deal with it somehow … -
the data is delivered and your firewall just discards it - or does whatever else with it.
No one cares at the ISP …
Who did give you what?
I believe no one did any such thing.
And, again:
What hacking?
2 Likes
It’s those packets that don’t get dropped that are usually of greater concern.
The network topology loosely described above seems overly complex; perhaps it might be worth re-evaluating your needs:
I would recommend that you immediately change all of your passwords for banking etc, and ensure that multi-factor authentication is enabled for accounts when available.
Did the caller from “Telekom” ask you to download anything to your computer, or request any identifying information from you (such as your name & date-of-birth to “confirm” that you are the account holder)? You should never give out any personal information to an unsolicited caller, even if they know your name.
I’ve received lots of these phishing calls over the 23 years that I have had a home Internet connection. Fortunately, I am with a small telco and, as the scammers always say they are calling from a major telco, I immediately know they are trying to trick me into providing personal info or opening my PC for them to remotely access and steal my passwords. And, yes, the times that I have decided to play along with them for a few minutes for a bit of fun, they have often advised me that my PC or Internet connection has been hacked and there is lots of data being transmitted/received, and that they have now “blocked” the offending connection.
I am being serious about this. For many years the scammers calling Australia would say they were from Telstra (the nation’s largest telco); now my weekly call from scammers claims they are from the NBN (our govt-owned National Broadband Network). But the NBN never calls customers, because it is only the carrier. All contact with customers is done via their ISP, of which there are many.
Until that comment I had felt privileged.
These scammers actually call others too?
I feel so… dirty… and used…
2 Likes
You ought to watch some of the videos by Kitboga, Scam Sandwich, Scammer Payback etc.! 
Interesting stuff.
For a while I was getting texts from random numbers saying “I have a package we couldn’t deliver”. I hadn’t ordered anything so just ignored them. I’d guess they’d want an up-front payment via a bank transfer or maybe SlayPal™ “to complete the delivery process”.
1 Like
My internet banking works with an app on my phone.
Do you want the address, from where the hacking comes from ?
I think, I need a firewall, which costs 10 k €.
Do you know this devices, which costs 10.000 € and filters the DSL signal directly ?
A simple Fritzbox does that.
How trustworthy is that? 
Considering the fact that any hacker worth their salt would be using a VPN or proxy to hide their real IP address, the answer is “No”.
ssh login with ssh ip address works fine.
What I have noticed: if I turn the internet before 6:30 a.m. on, then …