Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange Traffic from Pfsense LOCAL to 31.203.7.115:22 ( SUSPICIOUS ) ?

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 505 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      startrekfr
      last edited by startrekfr

      Hi,

      I have found a lot of requests going from PfSense ITSELF ( WAN ) to this IP "31.203.7.115" on Port 22.

      28be1d8c-74af-415c-9040-b28069402648-image.png

      Has someone an idea about the reason ?

      Regards,
      Michel

      1 Reply Last reply Reply Quote 0
      • chpalmerC Offline
        chpalmer
        last edited by

        @startrekfr said in Strange Traffic from Pfsense local to 31.203.7.115:22 ?:

        31.203.7.115

        What is 192.168.22.100 on your network? Is this truly your firwall?

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • S Offline
          startrekfr
          last edited by startrekfr

          Yes, the origin is clearly my firewall : 192.168.22.100 is the IP of the WAN Interface of Pfsense.

          1744061b-41c0-4d1e-a5f9-3154e2adfdd4-image.png

          I have found it out, due to the analyse of my traffic in "ntopng", where it fills up pages

          dae71f6c-3b5f-4e25-bd95-4ab9110272c2-image.png

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            startrekfr @startrekfr
            last edited by

            Hi,

            I have found myself the beginning of a response :

            I have managed out, that it's related with the package NTOPNG and the DNS-Server that is used in it :

            when I change the DNS -Option from

            6a862a8c-dc66-4f35-a8c4-9d197c9201d1-image.png

            to

            cbc2d23f-6331-4c29-bfac-2fcdc869f939-image.png

            the messages about a misbehaviour disappear.

            The strange thing is that pfSense is configured to use localhost as DNS-Server and that unbound is configured on pfSense itself.

            14cf15a2-f057-4d1d-9c54-61fe1f29ad5d-image.png

            I will put a new post about the problem in the category traffic of the forum.

            Regards,
            Michel

            1 Reply Last reply Reply Quote 0
            • NogBadTheBadN Offline
              NogBadTheBad
              last edited by

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.