Outside IP hitting firewall a lot, what do I do?
-
Check out this screenshot
Every 30 seconds or so, this outside IP address has been hitting our firewall, trying to connect to 255.255.255.255:17500. I have no idea what they are trying to do. Out network has had intermitant slowdowns all this past week and I think this could possibly be part of it… not sure.
Two questions:
1. What is the best approach to stopping this IP from hitting our network? Manually create a rule to block it? I've messed with Snort a bit but I couldn't get it setup properly (it wasn't able to retrieve rules from snort.org or something).
2. In pfSense the system log only shows the last 100 entries. How do I log more than this?
-
you can ignore it, as you are most likely on cable, that is a computer that is trying to get an ip. 169.254.x.x is an apipa.
-
That shows up on your LAN interface, which is weird. Port 17500 is used by Dropbox for LANsync discovery. Someone is probably trying to run Dropbox on your network and the computer in question probably can get or isn't assigned an IP.
-
. . . and the computer in question probably can get or isn't assigned an IP.
To elaborate: Some operating systems will assign themselves a "random" 169.254.x.x address if they don't get a timely DHCP response.
-
Just realized that I made a typo, it should read "can't get or isn't assigned an IP."