Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What might these blocks be?

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    5 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      justsomeguy6575
      last edited by

      75.139.202.185 is Charter which is my isp but not sure I've noticed these blocks before. Any thoughts on what they may be?
      ![2016-05-18 13_03_45-pfsense.home - Status_ System Logs_ Firewall_ Normal View - Cyberfox.jpg](/public/imported_attachments/1/2016-05-18 13_03_45-pfsense.home - Status_ System Logs_ Firewall_ Normal View - Cyberfox.jpg)
      ![2016-05-18 13_03_45-pfsense.home - Status_ System Logs_ Firewall_ Normal View - Cyberfox.jpg_thumb](/public/imported_attachments/1/2016-05-18 13_03_45-pfsense.home - Status_ System Logs_ Firewall_ Normal View - Cyberfox.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66
        last edited by

        Very strange, that's what they rare. Random guess since they look like random high ports. P2P application that was shut down and UPNP closed the ports. My guess would be not, but grasping at straws. Being a local IP makes it all the more suspicious.

        If you can capture some of the packets, you could check to see what protocol is being used. Could give hints.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Where are you seeing a local IP??

          Sure looks like your trypical UDP noise to me.. P2P is very common source of this sure.

          I don't even both logging such noise.  I turn off logging of default blocks and create my own block rule to only log tcp syn.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • J
            justsomeguy6575
            last edited by

            I'm not aware of any p2p on the network recently but I won't rule that out as possible. p2p did cross my mind but seeing the IP was my isp I thought something else may be going on. These have since stopped though so I'm not sure what the cause was. Thanks for the feedback.

            1 Reply Last reply Reply Quote 0
            • K
              kpa
              last edited by

              It could be just random noise generated by script kiddies. After all, you don't have to ask anyone's permission to send random UDP traffic to random IP addresses, you just do it and the recipient of that traffic sees just random unrelated UDP packets hitting his firewall if he has logging on it.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.