Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to identify strange private IP address on LAN interface?

    Firewalling
    2
    2
    201
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sherminator last edited by Sherminator

      Hi there,

      in our firewall log we discovered a lot of entries like this:

      filterlog:
5,,,1000000103,igb0,match,block,in,4,0xc0,,63,60124,0,none,1,icmp,116,10.5.184.252,185.60.216.11,unreach,host 10.5.184.252 unreachable96

      igb0 is our LAN interface, and we neither know about a device with the IP address 10.5.184.252 nor do we have a subnet fitting to this address. The destinations are varying, often client stuff like Facebook, Google, Akamai, ...

      What can we do to investigate this? The packet capture "just" tells us that it is traffic between our switches and the LAN interface of our pfSense.

      Thanks and greets
      Stephan

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        Sniff on your pfsense, find the mac and then follow that mac into your network to find the box sending the traffic. Are you saying that your only able to see the mac of some downstream layer 3 switch routing the traffic.

        If so you will have to sniff downstream to find the offending traffic to find the mac to track down the host sending it.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        Please don't Chat/PM me for help, unless mod related
        Read https://www.netgate.com/docs/pfsense/book/
        SG-2440 2.4.5p1 | 4x SG-3100 2.4.4p3 | SG-4860 21.05

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy