States Table filling up with entries from DirecTv box on known trojan port 2189

General pfSense Questions
Log in to reply
  • ?

    I have attached a txt file of my states table.

    I am seeing a LOT of suspecious 192.168.1.199 entries in the states table.  So much that I am worried.

    I have a wireless access point on my network secured with WPA (i know that is easily cracked) but I do not see the 192.168.1.199 IP in the clients list for the WAP.

    I have no idea what this machine is or where it is connecting from.

    I would like to either find a way to block this traffic completely or find out where it is coming from in order to rebuild the machine or whatever has to happen.

    Thanks for your help!
    [States Table.txt](/public/imported_attachments/1/States Table.txt)

    0
  • ?

    I decided to stop pulling my hair out and start pulling some cat cable out.  I disconnected all devices and started plugging them back in one by one with a couple minutes in between and checked the states table each time.
    To my surprise, I was able to determine that my damn DirecTv box was the culprit.  You have to plug it into the internet to use some of the ondemand features they offer.  I will be having a fun conversation with them soon.

    Thanks for those of you who looked,
    and thanks for PfSense!!!

    0
  • ?

    Do you guys think there is something wrong with this DirecTv box?
    Should I try and get a new box or try to terminate my contract due to what this is doing to my network?

    0
  • chpalmer

    It would be interesting to know why and if its normal for the box to do that…  I cant imagine all the problems this kinda traffic could cause to a cheap WalMart bought broadband router...

    Keep us updated on what they tell you after you get past level 1 support...

    0
  • ?

    Will do :)
    Yes, thanks to pfsense my network was not completely killed by this, but my states table did go above 10K entries, which I agree would have brought down a consumer model router to it's knees.

    0
  • D

    @chpalmer:

    It would be interesting to know why and if its normal for the box to do that…   I cant imagine all the problems this kinda traffic could cause to a cheap WalMart bought broadband router...

    Keep us updated on what they tell you after you get past level 1 support...

    It'd cripple most consumer routers within minutes.  Even those the higher-end models.  I've tried the more powerful models like the D-link DGL-4300, Linksys WRT-350N so on and so forth.  They will rapidly slowdown at 3000+ connections and just freeze up at about 6000 connections.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy