• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Question about a broadcast

Scheduled Pinned Locked Moved General pfSense Questions
4 Posts 3 Posters 2.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    gzamboni
    last edited by Sep 25, 2013, 10:49 AM

    Hi all guys,
    on an installation of pfsense 2.1-RC0 (i386)
    on the re2 interface that connect using PPPOE
    when i see the log interface is full of this rows :

    but i don't understand why i have  these broadcast requests
    any knows best?
    any idea or advice?
    best regards

    1 Reply Last reply Reply Quote 0
    • K
      kejianshi
      last edited by Sep 25, 2013, 11:18 AM

      Port used by Linksys (and other) Cable/DSL Routers Remote Administration

      Vulnerable systems: Linksys Cable/DSL version 1.42.7 (BEFSR11 / BEFSR41 / BEFSRU31)
      Immune systems: Linksys Cable/DSL versions prior to 1.42.7 (BEFSR11 / BEFSR41 / BEFSRU31)

      SNATMAP server also uses this port to ensure that connections between iChat users can properly function behind network address translation (NAT).

      Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, a.k.a. "extraneous messaging."
      References: [CVE-2007-5636] [BID-26118]

      WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678.
      References: [CVE-2012-2559]

      Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers go gain access.
      References: [CVE-2002-2159] [BID-4987]

      iChat

      Its a default block rule, so if you don't want to have to look at it all the time, you can go to status > system logs > setings

      uncheck the Log packets blocked by the default rule box and save settings.

      1 Reply Last reply Reply Quote 0
      • S
        stephenw10 Netgate Administrator
        last edited by Sep 25, 2013, 1:27 PM

        Or add a rule to block these packets specifically and uncheck the log packets on that. Other stuff blocked by the default rule will continue to be logged which is usually a good thing.

        Steve

        1 Reply Last reply Reply Quote 0
        • K
          kejianshi
          last edited by Sep 25, 2013, 1:47 PM

          I hate seeing when my firewall is blocking things its supposed to block by default.  I always think to myself.

          "Ohhhh look.  Someone trying to get into my blocked port…  Thats nice".  No action needed.

          Its like the 10,000,000 hack attempts on my openvpn that is just forever ongoing from what appears to be an inexhaustible supply of random IPs out of China.  They don't have my certs, so who cares?  Let them waste their time.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received