I was testing a small tcp server that I made internet-accessible using ngrok. I had made the server to test connections with another terminal session, but I was surprised to see that I got a connection and (benign) message from someone other than myself! I looked up their name and saw a blog post about their experience using tcp port scanners. And then I realized: oh yeah, this server is open to the entire internet, and it can be picked up by a scan...

I only had the server open to the internet for around a minute at a time (I was constantly closing it and restarting the ngrok tunnel) over a period of maybe 10 minutes. Perhaps I am overthinking this, but should I be worried about if someone else had scanned this server and found a way to exploit it/get into my network? The server was just a listener that would exchange a message before ending the connection, but the inputs it received were not being sanitized. I didn't see any unusual output when I had the listener running, but I was connecting to it myself a lot, so it's possible there was a connection I missed (I have since closed that terminal so I no longer have the output to check).

I was running this server on a VM. I briefly inspected network traffic on the VM and I didn't see anything out of the ordinary. Maybe 15 - 20 minutes passed before I unplugged my modem until I could load an older backup of the VM. But should I be worried about if someone moved elsewhere into my network since then? How would I even know, and what can I do to check? Any input is much appreciated.