[SOLVED] Am I infected with malware or virus ?
-
From today.
I began to see lot of outgoing traffic at port 443 on different IP Address.
Do you think I am infected? Or I somehow misconfigured firewall rule.
Thanks
-
@whitekalu Just guessing, ignore at will... Are you running pfBlockerNG? Those could be blocks to Akamai and Google ad servers.
NetRange: 23.192.0.0 - 23.223.255.255
CIDR: 23.192.0.0/11
NetName: AKAMAI
NetHandle: NET-23-192-0-0-1
Parent: NET23 (NET-23-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Akamai Technologies, Inc. (AKAMAI)NetRange: 184.24.0.0 - 184.31.255.255
CIDR: 184.24.0.0/13
NetName: AKAMAI
NetHandle: NET-184-24-0-0-1
Parent: NET184 (NET-184-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Akamai Technologies, Inc. (AKAMAI)NetRange: 35.192.0.0 - 35.207.255.255
CIDR: 35.192.0.0/12
NetName: GOOGLE-CLOUD
NetHandle: NET-35-192-0-0-1
Parent: NET35 (NET-35-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Google LLC (GOOGL-2) -
They are all ACK packets and all FIN or RESET so the firewall is probably blocking them because the state has already closed. Usually nothing to worry about. That is a lot from just one IP in a short time though.
https://docs.netgate.com/pfsense/en/latest/firewall/troubleshooting-blocked-log-entries-for-legitimate-connection-packets.htmlSteve
-
@provels
Thankyou provels.
Yes I'm running pfBlockerNG -
@stephenw10
Thanks stephenw10 for the informative link. -
If by any reason you are running kaspersky or malwarebytes [link-removed] can sometimes cause conflicts in firewall rules.