If you use a VPN, be aware that it may not be filtering inbound ports. Effectively, this opens up your computer to port scanning and attacks on vulnerable network services. In this scenario, it doesn’t matter if you are behind a NAT: the VPN virtually grants you a public IP address reachable by all.
A few months ago I had a simple HTTP server open on port 8000 of one of my machines. At some point, I noticed that my logs listed requests from machines outside my network. These are some examples:
178.225.110.184 - - [21/Oct/2016 22:08:12] code 400, message Bad request syntax ('\xca\xe6f\x89\xc4\xa8\xbc\xc6\x8d^\x9b\x14\xa1X\xb3x\xa3\xf9o`9\x0c\xd6\xdcY_\xee\x1d\xec4\xe9\x8d4\xa5\xb7\x98{6\xb5\x18\xe0J\xee\x1d\xfcFWy\x1650\xa4H\x10\xe8\xb0\xa0\xc7RS \xd1\x1b\xe6\xbf2[\xa8\xb1\x9c$\xc5&4\xf4\x7f\x06\xa8x\xf0K\x17\xaf\xdbe\xf3M\xa9\xd5\x7f~\x9f_ \x0c\x92\r\xd5`\x97D"y\xb5\xf6"\x1f\x13:\t\x0b\x05*\xee\x0f\xd2\xab\xdf\xeb0\xa4\xa41\xf2\x9d\xdb%I\xbd\x8bh\x19\xf0M\xc0\x1b\xf5\x86E\x9eF\xcc\xed\xce1\xaa%"D\'\xf4\xad\xee\xc3\r\x8f\xa0\xb1\xe0Ji8\x0b\xf6\x999[71\xc0\xbf\xc4\xc0\xc4\xee\x9b\x8c\xae\x8bH3\xd1*\xa6T\x18\xd26NK\x8e\x94\xcc_\x95\xc9.\xfd\xa87\xe3\x1a\xb6\xed\x8b\xf0A\x83N\x0f\x1e?\t\xcd\x15\x08\x0bJ\x99\xd4\xfa\xbb\x18\xbc\x7f\x0fW\xccy\xdfG\xb6\x03\x03\x96\x8e\xcd\xab\xb0v2\xa3\x0f\xd9*q>\t\t\xb0\xac\xf3\x07\x80\x13E&\xa6\t') 2 323.125.107.154 - - [22/Oct/2016 20:37:09] code 404, message File not found 423.125.107.154 - - [22/Oct/2016 20:37:09] "GET /w00tw00t.at.ISC.SANS.test0:) HTTP/1.1" 404 - 5 6123.151.42.61 - - [23/Oct/2016 10:26:37] "GET http://www.baidu.com/ HTTP/1.1" 404 - 7 8218.93.206.27 - - [23/Oct/2016 16:41:20] code 400, message Bad request version ('0\xf6\xdb\x00\xbd\x00\x00p\xc00\xc0,\xc02\xc0.\xc0/\xc0+\xc01\xc0-\x00\xa3\x00\x9f\x00\xa2\x00\x9e\xc0(\xc0$\xc0\x14\xc0')
There were more than those, most of them looking very much like HTTP vulnerability probes of all sorts. All these requests had me baffled for a while. I was convinced that my network had been breached somehow; maybe a router misconfiguration. Eventually I realised that the source of these requests was my VPN.
I use IPredator often. They provide a pretty reliable service I’m happy with. However there are details like this one that are not that obvious and can bring new trouble that you didn’t expect. Security is annoyingly difficult to get right!