new pfSense install - immediate and numerous DoD (department of defense) "queries"? 255.255.255.255:68
-
This post is deleted! -
ok ive captured some packets and opened them in wireshark
anything i should be looking for ? -
In the packet capture i notice Mac addresses with Arris and Cadant. Arris aquiried Cadant in like 2001 and they make cable modems and cable set top boxes.
-
http://www.dslreports.com/forum/r25679029-Why-is-my-first-hop-to-a-DoD-assigned-IP-address
http://www.dslreports.com/forum/r31748514-Connectivity-Why-is-comcast-xfinity-hosting-VoIP-servers-on-DOD-network
-
You have a cable modem I would take it... Yes arris and Cadant same and cable modem maker.
-
@johnpoz I dont have an Arris or a Cadant but yes I have a cable modem.
So take off my tinfoil hat then ?
My ISP basically said GTFO and won't even look into the DoD requests.
-
And what is your cable modem brand.. The nic is made arris/cadant ;)
Your tinfoil hat should never had been on - there is a shit ton of noise on the net.. Figuring out what it is the interesting fun stuff..
-
You cannot control what arrives on your WAN. That's why we run firewalls. All you can do is pass what you want and block the rest.
If you want to know why DHCP traffic from that address is out there you'll have to talk to your ISP.
pfSense is deny all traffic by default. If you put default deny rules in manually, expect to have to do things like manually pass IPsec too.
-
Ok I feel better. Thanks for putting my head on straight.
A question though. With all wan traffic blocked... why do services like teamviewer still work ?
-
because teamview creates a tunnel to their servers..
-
https://en.wikipedia.org/wiki/UDP_hole_punching
-
That is not the only way.. That will not work in the case of a proxy for example. I my home box all the time from work using it, and behind a proxy.. So it tunnels over tcp in that case.
It uses multiple methods none of which require the user to configure inbound port forwarding.