States Table filling up with entries from DirecTv box on known trojan port 2189



  • I have attached a txt file of my states table.

    I am seeing a LOT of suspecious 192.168.1.199 entries in the states table.  So much that I am worried.

    I have a wireless access point on my network secured with WPA (i know that is easily cracked) but I do not see the 192.168.1.199 IP in the clients list for the WAP.

    I have no idea what this machine is or where it is connecting from.

    I would like to either find a way to block this traffic completely or find out where it is coming from in order to rebuild the machine or whatever has to happen.

    Thanks for your help!
    [States Table.txt](/public/imported_attachments/1/States Table.txt)



  • I decided to stop pulling my hair out and start pulling some cat cable out.  I disconnected all devices and started plugging them back in one by one with a couple minutes in between and checked the states table each time.
    To my surprise, I was able to determine that my damn DirecTv box was the culprit.  You have to plug it into the internet to use some of the ondemand features they offer.  I will be having a fun conversation with them soon.

    Thanks for those of you who looked,
    and thanks for PfSense!!!



  • Do you guys think there is something wrong with this DirecTv box?
    Should I try and get a new box or try to terminate my contract due to what this is doing to my network?



  • It would be interesting to know why and if its normal for the box to do that…  I cant imagine all the problems this kinda traffic could cause to a cheap WalMart bought broadband router...

    Keep us updated on what they tell you after you get past level 1 support...



  • Will do :)
    Yes, thanks to pfsense my network was not completely killed by this, but my states table did go above 10K entries, which I agree would have brought down a consumer model router to it's knees.



  • @chpalmer:

    It would be interesting to know why and if its normal for the box to do that…   I cant imagine all the problems this kinda traffic could cause to a cheap WalMart bought broadband router...

    Keep us updated on what they tell you after you get past level 1 support...

    It'd cripple most consumer routers within minutes.  Even those the higher-end models.  I've tried the more powerful models like the D-link DGL-4300, Linksys WRT-350N so on and so forth.  They will rapidly slowdown at 3000+ connections and just freeze up at about 6000 connections.


Log in to reply