ShadowServer Coming From My IP?
-
Hello! I saw a strange connection coming from my pfSense and decided to lookup that IP and saw it belonged to a service called ShadowServer.
They are just collecting data and giving it to governments & bidders I assume.
Is this coming from my network? Thank youEdit: Read more on it, making me even more confused why it appears to be originating from my IP? Is this something my ISP has power to do?
From what ShadowServer describes, they connect to you not the other way around. Thank you -
You can block it.
-
Thank you for the response, am I reading it wrong that it's coming from my IP?
-
Do you have any sort of port forwarding going on ?
What's firewall rule 197 ?
-
@NogBadTheBad said in ShadowServer Coming From My IP?:
Do you have any sort of port forwarding going on ?
What's firewall rule 197 ?
I'm not sure what firewall rule 197 is, I've never made a NAT or rule named that and I went over all my rules.
Those are the only rules on my INTERNET interface
I do have other rules but that traffic goes through my GRE tunnels instead of my INTERNET, and they're not 197 either or get connected to via my IP. Very strange!
-
Check Diag > pfTop > View: Rules
Outbound traffic would normally always be passed and not logged by default though.
Steve
-
@stephenw10
Thank you Stephen, next time I find traffic like that I'll go there and check. I didn't know about that tool!I couldn't find the IP when I searched it as "src" or "dst" network 184.105.139.118/32
I'll keep an eye out, I just don't want something like that coming out of my network because I'd suspect one of my machines got hacked into!
Thank you for all the responses -
Unless you have changed the rules since taking that screen shot you should still be able to see what rule 197 is.
It must be a custom rule of some sort as that would not otherwise be logged.
Steve
