Weird Bogon activity on Realtek NIC
-
@netblues The automatic bogon rule is defined by pfSense, so they consider it as such, not me.
There's no such MAC address like 0.0.0.0. but I guess that when the single PC that is currently using the Realtel NIC is coming up from a sleep or a shut down, then this happens. Weird... -
Well. as I said, 0.0.0.0 is defined as bogus if you see packets from it.
However, during dhcp requests, 0.0.0.0 is used. See dhcp negotiation for more details. -
@netblues Where do I see such negotiations?
-
On the log posted, you have requests from 0.0.0.0 addressed to udp port 67. This looks like a dhcp request.
https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol -
@netblues Ok...So that's how a machine asks to lease an IP. So should I remove that bogon rule or would setting a static IP to that machine fix it?
-
Probably both will do, virtualisation (if any ) could also be playing games with you.
-
@netblues How does it work eventually with the PC receiving IP regardless if this rule? Maybe something else causing that
-
Where is the dhcp server? On pf? somewhere else?
-
@netblues Everything is on pfSense
-
Bogon should never be set on a lan interface!! rfc1918 is official part of bogon.. Even though pfsense pulls it out.
"Bogons are defined as Martians (private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated to a regional internet registry (RIR) by the Internet Assigned Numbers Authority."
You using on a lan side interface is going to cause you grief!!
There is zero point using bogon on a lan side interface..
-
Then the above description by pfSense is misleading...
@johnpoz said in Weird Bogon activity on Realtek NIC:
There is zero point using bogon on a lan side interface
But any how...I get your point
-
See my edit.. Pfsense pulls it out of bogon, because they use their own other rfc1918 block table..
Here is the thing if your setting bogon on your lan your doing it WRONG!!! There is zero reason to set that, and clearly you have no clue to what it actually is or you wouldn't be setting it..
-
@johnpoz Well...the only scenario I could think of is a virus or malicious software sitting on the lan and using bogon addresses LOL....Ok, I removed that rule. It should only be set on the WAN