Why is pfSense calling CZ?

November

@provels "What device is 192.168.1.100?" is one of the root questions I'm trying to answer. Currently I'm turning off one or two devices at a time to try to track down which device it is. Any other suggestions?

November

@DaddyGo , I don't hate CZ but from what I've read and from my own experience working at a global Internet company, lots of hacking starts from that area.

jdeloach

This post is deleted!

ptt

@jdeloach said in Why is pfSense calling CZ?:

IP address 192.168.1.100 is the common address of most cable modems. This has always been the IP address of all cable modems that I've had in the past.

192.168.100.1 ;)

provels

@November
Ping 192.168.1.100 then do and

arp -a

to see what MAC address has 1.100 and track down the MAC.

PS C:\Users\Me> arp -a

Interface: 192.168.0.20 --- 0x17
  Internet Address      Physical Address      Type
  192.168.0.1           00-15-5d-00-14-30     dynamic
  192.168.0.12          00-15-5d-00-14-2c     dynamic
  192.168.0.61          00-11-0a-54-23-14     dynamic
  192.168.0.69          00-15-5d-00-14-4b     dynamic
  192.168.0.71          fc-03-9f-f8-86-d8     dynamic
  192.168.0.100         0c-41-3e-91-6e-60     dynamic
  192.168.0.101         30-0d-43-26-00-e8     dynamic
  192.168.0.106         00-15-5d-00-14-45     dynamic
  192.168.0.108         00-1e-64-4d-d0-2e     dynamic
  192.168.0.111         00-15-5d-00-14-2d     dynamic
  192.168.0.150         30-52-cb-e7-50-71     dynamic
  192.168.0.200         00-00-f0-a3-f3-33     dynamic
  192.168.0.204         00-09-b0-e6-5c-b0     dynamic
  192.168.0.255         ff-ff-ff-ff-ff-ff     static
  224.0.0.22            01-00-5e-00-00-16     static
  224.0.0.251           01-00-5e-00-00-fb     static
  224.0.0.252           01-00-5e-00-00-fc     static
  239.255.255.250       01-00-5e-7f-ff-fa     static

Or try a

ping -an

and maybe it will resolve the device name.

PS C:\Users\Me> ping -an 192.168.0.150

Pinging XPS13 [192.168.0.150] with 32 bytes of data:
Reply from 192.168.0.150: bytes=32 time=5ms TTL=128
Reply from 192.168.0.150: bytes=32 time=7ms TTL=128
Reply from 192.168.0.150: bytes=32 time=5ms TTL=128
Reply from 192.168.0.150: bytes=32 time=9ms TTL=128

November

@ptt , it turns out that 192.168.1.100 is the WAN IP address that my router is using.

Thanks much, everyone!

The question now is why my router is calling out to CZ, UA, etc.

provels

@November
Well, there are router exploits. You may want to search for your model and exploits.

November

@provels , that's definitely one of my concerns.

I was just made aware of https://atlas.ripe.net/landing/probes-and-anchors/. Whenever I've done a who.is on the target IP addresses, RIPE does come up. I'll try whitelisting them and seeing if that helps.

provels

@November
Maybe check here:
https://duckduckgo.com/?isource=infinity&iname=duckduckgo&itype=web&q=router+exploits+by+manufacturer&atb=v211-1&ia=web

DaddyGo

@November said in Why is pfSense calling CZ?:

lots of hacking starts from that area.

Interesting..

CZ country next to my place of birth, but I haven't heard of them yet such as harassment, hackers, etc., I worked as a computer scientist in Brno (city CZ) for a long time and it never arose.

I accept your position, if you feel that way