Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange Behavior Since Yesterday: OUTBOUND portscanning from external WAN IP

    Firewalling
    1
    1
    26
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      StealthNet
      last edited by

      Hi there,

      I am using pfsense 2.7.2 ce preloaded on a N5105 appliance with 16GB ram. It came preinstalled (tbh I think this is the root cause of the problem - trusting a preinstall).

      I am testing this appliance for 20 days now, running with pfblocker devel, suricata and adguard DNS server. Just after the initial setup, I applied all available patches.

      Since yesterday night, suricata started blocking outbound connection attempts originated from the pfsense WAN interface, to random remote networks, on ports 22 and 80. Suricata identifies the attempts as SSH scan outbound.

      Firewall logs show connection attempts at class c remote networks, from x.y.z.1 to x.y.z.254, ports 22 and 80.

      firewalllogs.jpg

      Before cleaning up this install and installing pfsense ce again, does any1 ever saw such behavior?

      Is it possible for it to be a persistent threat (ie reinstalling pfsense wont solve it)?

      Any ideas would be greatly appreciated. Thank you!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.