Localhost resolving to strange address



  • So I've got something weird going on that I noticed while monitoring network traffic. localhost ipv4 and ipv6 are resolving to gearssdk.opswat.com and I am not sure why.
    Is this something to be concerned about? Strangely, even if I use MXToolBox to do a DNS lookup it also resolves gearssdk.opswat.com to localhost…



  • Doing a port span on LAN interface to monitor, only traffic being passed is between my main PC on random high ports (55000 and up) and 127.0.0.1 TCP ports 443 and 19000. Sitting at 31GB of traffic over a 12ish hour period with a TCP checksum error count of over 24 million between this address only.

    The MAC address associated with this 127.0.0.1 is 00:0E:C4:D2:7F:7F which doesn't match any known device on my network and seems to be associated with the company Iskra Transmission D.d.

    I still can't figure this out, it'd driving me batty… No ideas folks?



  • Probably a host entry on your PC and not related to pfSense at all. Try to resolve it from a different device or pfSense itself.

    If you want more help you first need to provide a lot more details about your pfSense setup, you didn't even include whether you're using the resolver or forwarder.



  • I'm a bit new to this, so let me give this a shot… Please let me know if there are more specific items I need to list.

    I'm using 2.4.2-RELEASE-p1, DNS resolver with forwarding enabled to Google DNS ipv4 and ipv6 with interfaces set to its default of ALL.

    Physical setup is a Qotom fanless box with i3 4025u + 4GB ram and quad intel i210 nics as follows: Cable modem > pfSense WAN >|> pfSense LAN+SPAN > Netgear GS108T managed switch (LAN) + Monitoring PC (SPAN) which is separate from my main PC.

    Packages installed are Snort, pfBlockerNg, ntopng, nut, openvpn-client-export.

    I tried powering off my main PC to see what how the traffic changes, and 127.0.0.1 now correctly resolves to the hostname of the device that performed the resolution; the target MAC address is still the same however. Originally 127.0.0.1 was resolving to gearssdk.opswat.com regardless of the device performing the resolution.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy