4. How to identify strange private IP address on LAN interface?

How to identify strange private IP address on LAN interface?

  • S

    Hi there,

    in our firewall log we discovered a lot of entries like this:

    filterlog:
5,,,1000000103,igb0,match,block,in,4,0xc0,,63,60124,0,none,1,icmp,116,10.5.184.252,185.60.216.11,unreach,host 10.5.184.252 unreachable96

    igb0 is our LAN interface, and we neither know about a device with the IP address 10.5.184.252 nor do we have a subnet fitting to this address. The destinations are varying, often client stuff like Facebook, Google, Akamai, ...

    What can we do to investigate this? The packet capture "just" tells us that it is traffic between our switches and the LAN interface of our pfSense.

    Thanks and greets
    Stephan

    0
  • Rebel Alliance Global Moderator

    Sniff on your pfsense, find the mac and then follow that mac into your network to find the box sending the traffic. Are you saying that your only able to see the mac of some downstream layer 3 switch routing the traffic.

    If so you will have to sniff downstream to find the offending traffic to find the mac to track down the host sending it.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy