Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Am I infected with malware or virus ?

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 4 Posters 2.7k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      whitekalu
      last edited by whitekalu

      From today.
      I began to see lot of outgoing traffic at port 443 on different IP Address.
      Do you think I am infected? Or I somehow misconfigured firewall rule.
      Thanks
      443.JPG

      provelsP 1 Reply Last reply Reply Quote 0
      • provelsP Online
        provels @whitekalu
        last edited by

        @whitekalu Just guessing, ignore at will... Are you running pfBlockerNG? Those could be blocks to Akamai and Google ad servers.

        NetRange: 23.192.0.0 - 23.223.255.255
        CIDR: 23.192.0.0/11
        NetName: AKAMAI
        NetHandle: NET-23-192-0-0-1
        Parent: NET23 (NET-23-0-0-0-0)
        NetType: Direct Allocation
        OriginAS:
        Organization: Akamai Technologies, Inc. (AKAMAI)

        NetRange: 184.24.0.0 - 184.31.255.255
        CIDR: 184.24.0.0/13
        NetName: AKAMAI
        NetHandle: NET-184-24-0-0-1
        Parent: NET184 (NET-184-0-0-0-0)
        NetType: Direct Allocation
        OriginAS:
        Organization: Akamai Technologies, Inc. (AKAMAI)

        NetRange: 35.192.0.0 - 35.207.255.255
        CIDR: 35.192.0.0/12
        NetName: GOOGLE-CLOUD
        NetHandle: NET-35-192-0-0-1
        Parent: NET35 (NET-35-0-0-0-0)
        NetType: Direct Allocation
        OriginAS:
        Organization: Google LLC (GOOGL-2)

        Peder

        MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
        BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

        W 1 Reply Last reply Reply Quote 1
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          They are all ACK packets and all FIN or RESET so the firewall is probably blocking them because the state has already closed. Usually nothing to worry about. That is a lot from just one IP in a short time though.
          https://docs.netgate.com/pfsense/en/latest/firewall/troubleshooting-blocked-log-entries-for-legitimate-connection-packets.html

          Steve

          W 1 Reply Last reply Reply Quote 1
          • W Offline
            whitekalu @provels
            last edited by

            @provels
            Thankyou provels.
            Yes I'm running pfBlockerNG

            1 Reply Last reply Reply Quote 0
            • W Offline
              whitekalu @stephenw10
              last edited by

              @stephenw10
              Thanks stephenw10 for the informative link.

              1 Reply Last reply Reply Quote 1
              • R Offline
                rawla
                last edited by stephenw10

                If by any reason you are running kaspersky or malwarebytes [link-removed] can sometimes cause conflicts in firewall rules.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.