4. How to identify strange private IP address on LAN interface?

How to identify strange private IP address on LAN interface?

  • S

    Hi there,

    in our firewall log we discovered a lot of entries like this:

    filterlog:
5,,,1000000103,igb0,match,block,in,4,0xc0,,63,60124,0,none,1,icmp,116,10.5.184.252,185.60.216.11,unreach,host 10.5.184.252 unreachable96

    igb0 is our LAN interface, and we neither know about a device with the IP address 10.5.184.252 nor do we have a subnet fitting to this address. The destinations are varying, often client stuff like Facebook, Google, Akamai, ...

    What can we do to investigate this? The packet capture "just" tells us that it is traffic between our switches and the LAN interface of our pfSense.

    Thanks and greets
    Stephan

    0
  • LAYER 8 Global Moderator

    Sniff on your pfsense, find the mac and then follow that mac into your network to find the box sending the traffic. Are you saying that your only able to see the mac of some downstream layer 3 switch routing the traffic.

    If so you will have to sniff downstream to find the offending traffic to find the mac to track down the host sending it.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy