Why is my log flooded with blocked traffic from 0.0.0.0? [SOLVED]



  • I have a WAN setup on em0 via pppoe0 and a LAN on em1.  WAN is connected to a Modem which provides access to internet.

    I see my log flooded  with blocked traffic from 0.0.0.0. I am not sure I have seen this from the start but it does not look healthy.

    I have seen some posts referring to this as a bug or explanations that do not make seance to me.
    So I would appreciate if somebody can explain who\what is initiating these connections?




  • https://forum.pfsense.org/index.php?topic=92054.0

    Seems like the words pppoe and dsl are common and related to your firewall spam.



  • 0.0.0.0 is the address used by devices that don't yet have an IPv4 address.  For example DHCP requests will have 0.0.0.0 as a source address, as will duplicate address detection ARP requests.  So, it's normal to see some on the network.  However, you can use packet capture to see what the MAC address is for those packets, to determine the source.  You'll have to download the capture and view the file in Wireshark to see the MAC addresses.



  • @kejianshi
    Yes, I did read this before I posted but it does not really tell you how you can find out what it is, apart from the point that it may be a bug in pfSence. (and I am not sure why would this be a bug, unless non existent traffic.

    @JKnott:

    0.0.0.0 is the address used by devices that don't yet have an IPv4 address.  For example DHCP requests will have 0.0.0.0 as a source address, as will duplicate address detection ARP requests.  So, it's normal to see some on the network.  However, you can use packet capture to see what the MAC address is for those packets, to determine the source.  You'll have to download the capture and view the file in Wireshark to see the MAC addresses.

    That's a good point - I'll it check out…



  • @johnpoz:

    So did you go into your daytek and

    UNmarking "Broadcast DSL status to LAN" under ->System Maintenance->Management

    User johnpoz solved this in the above post.

    When I un-ticked this, no flooding anymore!!!! Yeee  8)

    For me this worked as the source of my broadcast traffic was my DSL modem, for other people this might be due to other traffic broadcasts in their networks.


Log in to reply