Odd tcp error in syslog



  • I have my syslog for pfsense routed to papertrailapp and I keep getting a notification on this error and was wondering if anyone can help me decipher it:

    Mar 26 19:15:42 173.239.240.71 filterlog: 5,,,1000000103,em0,match,block,in,4,0x0,,238,3891,0,DF,6,tcp,40,5.149.244.237,65.25.203.12,51727,8291,-4,S,errormsg='[bad hdr length 24 - too long, > 20]',



  • Could be something to do with this:

    https://forum.mikrotik.com/viewtopic.php?t=132368

    Telnet to 5.149.244.237 gives a Mikrotik RouterOS login prompt.

    Might also be related to vt44's thread



  • [2.4.2-RELEASE][admin@pfSense.geek.local]/root: pfctl -vvsr | grep -A3 1000000103
    @5(1000000103) block drop in log inet all label "Default deny rule IPv4"
      [ Evaluations: 666223    Packets: 6750      Bytes: 588103      States: 0    ]
      [ Inserted: pid 15505 State Creations: 0    ]
    @6(1000000104) block drop out log inet all label "Default deny rule IPv4"