States Table filling up with entries from DirecTv box on known trojan port 2189
-
I have attached a txt file of my states table.
I am seeing a LOT of suspecious 192.168.1.199 entries in the states table. So much that I am worried.
I have a wireless access point on my network secured with WPA (i know that is easily cracked) but I do not see the 192.168.1.199 IP in the clients list for the WAP.
I have no idea what this machine is or where it is connecting from.
I would like to either find a way to block this traffic completely or find out where it is coming from in order to rebuild the machine or whatever has to happen.
Thanks for your help!
[States Table.txt](/public/imported_attachments/1/States Table.txt) -
I decided to stop pulling my hair out and start pulling some cat cable out. I disconnected all devices and started plugging them back in one by one with a couple minutes in between and checked the states table each time.
To my surprise, I was able to determine that my damn DirecTv box was the culprit. You have to plug it into the internet to use some of the ondemand features they offer. I will be having a fun conversation with them soon.Thanks for those of you who looked,
and thanks for PfSense!!! -
Do you guys think there is something wrong with this DirecTv box?
Should I try and get a new box or try to terminate my contract due to what this is doing to my network? -
It would be interesting to know why and if its normal for the box to do that… I cant imagine all the problems this kinda traffic could cause to a cheap WalMart bought broadband router...
Keep us updated on what they tell you after you get past level 1 support...
-
Will do :)
Yes, thanks to pfsense my network was not completely killed by this, but my states table did go above 10K entries, which I agree would have brought down a consumer model router to it's knees. -
It would be interesting to know why and if its normal for the box to do that… I cant imagine all the problems this kinda traffic could cause to a cheap WalMart bought broadband router...
Keep us updated on what they tell you after you get past level 1 support...
It'd cripple most consumer routers within minutes. Even those the higher-end models. I've tried the more powerful models like the D-link DGL-4300, Linksys WRT-350N so on and so forth. They will rapidly slowdown at 3000+ connections and just freeze up at about 6000 connections.
