Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN Attackers handling

    Scheduled Pinned Locked Moved Firewalling
    23 Posts 6 Posters 2.8k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ Offline
      johnpoz LAYER 8 Global Moderator @Bambos
      last edited by johnpoz

      @bambos those are ALL SYNs (S)... Those others were ACKS - and from 443.. And all to 1 random high port.. Now even close to the same thing..

      6379 is redis (common exploitable port), which is common scan for port. 21 (ftp), etc..

      You don't see that is different then coming from port 443 (https port)..

      See how the source port is some high port that is all different...

      Yes you connect to the public internet - your going to see NOISE.. There is NOTHING you could do about that traffic - nothing!! Its all blocked... If you had open ports you were forwarding, and you don't want some china IP able to talk to it, then say limit your open ports to only the countries you want to allow.. I allow for example only IP from US to talk to my plex server port, because all my users are only going to be in the US..

      What was the IP that was 443 as the source? Now you got me curious..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      B 1 Reply Last reply Reply Quote 0
      • B Offline
        Bambos @johnpoz
        last edited by

        @johnpoz ok, thanks for your comments.

        So this means pfblockerNG with Geo IP blocking, right ?

        185.85.2.202

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator @Bambos
          last edited by johnpoz

          @bambos that was the IP sending those PA from 443? that is a German IP.

          Owned by
          org-name: Myra Security GmbH

          https://www.myrasecurity.com/en/about-us/

          Yes you can use pfblocker to create alias that contain the IPs of only the country or countries you want. For example my pfblocker alias I created contains the US IPs, Morroco because I have family member there (she is teaching for a few years there) using my plex.. And it also contains some other IPs that check if my plex is working..

          pfblocker.jpg

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.