Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    States Table filling up with entries from DirecTv box on known trojan port 2189

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      I have attached a txt file of my states table.

      I am seeing a LOT of suspecious 192.168.1.199 entries in the states table.  So much that I am worried.

      I have a wireless access point on my network secured with WPA (i know that is easily cracked) but I do not see the 192.168.1.199 IP in the clients list for the WAP.

      I have no idea what this machine is or where it is connecting from.

      I would like to either find a way to block this traffic completely or find out where it is coming from in order to rebuild the machine or whatever has to happen.

      Thanks for your help!
      [States Table.txt](/public/imported_attachments/1/States Table.txt)

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        I decided to stop pulling my hair out and start pulling some cat cable out.  I disconnected all devices and started plugging them back in one by one with a couple minutes in between and checked the states table each time.
        To my surprise, I was able to determine that my damn DirecTv box was the culprit.  You have to plug it into the internet to use some of the ondemand features they offer.  I will be having a fun conversation with them soon.

        Thanks for those of you who looked,
        and thanks for PfSense!!!

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          Do you guys think there is something wrong with this DirecTv box?
          Should I try and get a new box or try to terminate my contract due to what this is doing to my network?

          1 Reply Last reply Reply Quote 0
          • chpalmerC
            chpalmer
            last edited by

            It would be interesting to know why and if its normal for the box to do that…  I cant imagine all the problems this kinda traffic could cause to a cheap WalMart bought broadband router...

            Keep us updated on what they tell you after you get past level 1 support...

            Triggering snowflakes one by one..
            Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              Will do :)
              Yes, thanks to pfsense my network was not completely killed by this, but my states table did go above 10K entries, which I agree would have brought down a consumer model router to it's knees.

              1 Reply Last reply Reply Quote 0
              • D
                dreamslacker
                last edited by

                @chpalmer:

                It would be interesting to know why and if its normal for the box to do that…   I cant imagine all the problems this kinda traffic could cause to a cheap WalMart bought broadband router...

                Keep us updated on what they tell you after you get past level 1 support...

                It'd cripple most consumer routers within minutes.  Even those the higher-end models.  I've tried the more powerful models like the D-link DGL-4300, Linksys WRT-350N so on and so forth.  They will rapidly slowdown at 3000+ connections and just freeze up at about 6000 connections.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.