Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Log shows repeated denials from several addresses

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 899 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • TangoOverswayT
      TangoOversway
      last edited by

      On my log, I'm seeing a continual run of repeated denials from several IP addresses. Is this some kind of hacking or DOS attack? Any idea what's causing this?

      702f23e3-01e5-4848-81a2-08e3eb2dcae6-image.png

      johnpozJ GertjanG 2 Replies Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @TangoOversway
        last edited by

        @tangooversway that is your typical Ipv6 link-local noise. 1900 is SSDP/UPnP and 5353 is mdns.. Yeah clients love to put that noise on the network.

        Prob best just not to log such noise, create rules that allow it, or just if you want to block it for some reason - pfsense wouldn't do anything with it anyway, unless maybe you were trying to use UPnP, but that would be pretty useless via link-local anyway. Pfsense not going to answer any mdns query, etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        TangoOverswayT 1 Reply Last reply Reply Quote 1
        • TangoOverswayT
          TangoOversway @johnpoz
          last edited by

          @johnpoz

          @johnpoz said in Log shows repeated denials from several addresses:

          that is your typical Ipv6 link-local noise. 1900 is SSDP/UPnP and 5353 is mdns.. Yeah clients love to put that noise on the network.

          For the SERIOUSLY outdated who may be misremembering, is it fair to say this is like using the broadcast address in my LAN to try to find a device or something like that?

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @TangoOversway
            last edited by

            @tangooversway exactly its broadcasting to find stuff.. it pretty useless to be honest.. The only time say mdns as any use for say something trying to find your printer to use Airprint - and that doesn't work across vlans without some setup.

            If your printer is on this same network - pfsense logging it is just spam.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            TangoOverswayT 1 Reply Last reply Reply Quote 1
            • TangoOverswayT
              TangoOversway @johnpoz
              last edited by

              @johnpoz

              @johnpoz said in Log shows repeated denials from several addresses:

              exactly its broadcasting to find stuff.. it pretty useless to be honest..

              Okay, thanks for clarifying. As I keep saying, I know I am SERIOUSLY out of date on dealing with any firewall issues and there's a lot of new stuff I don't know. But, to sound like an old timer, when I learned how to set things up, I learned not to use a broadcast signal unless I absolutely had to - that doing so was basically obnoxious and rude because it created extra traffic and got in peoples' (and computers') way.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @TangoOversway
                last edited by

                @tangooversway the new stuff puts a shit ton of useless broadcast/multicast traffic on the wire.. Windows is horrible at, phones are even worse - and they are wireless so yeah broadcast and multicast even bigger pain over wireless, etc.

                I with I could get my phones to stop their constant mdns noise, have not been able to find a way to turn off the nonsense..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 1
                • GertjanG
                  Gertjan @TangoOversway
                  last edited by Gertjan

                  @tangooversway

                  Years ago, some one (jimp, I guess) proposed this for the LAN firewall rules :

                  c8f4ce78-4137-41d0-87c2-39cf3ab55d6e-image.png

                  Forgot about what it was doing, until you brought up the subject.

                  edit : I am using the avahi packages, and users on other LANs can find my printers on my main LAN, and use them.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @Gertjan
                    last edited by

                    @gertjan yeah because it doesn't come from some ipv6 link-local address ;)

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.