Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense found docker process

    Scheduled Pinned Locked Moved General pfSense Questions
    27 Posts 8 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aaronouthier
      last edited by

      Even scarier: The ptr record for 104.244.77.92 points to nasa.gov.

      I don’t know which is more disturbing: The thought that the US Feds did this, or the thought that their server might be compromised!??!

      I don’t know. Can a ptr record be spoofed?

      A 1 Reply Last reply Reply Quote 0
      • A
        aaronouthier @aaronouthier
        last edited by

        @aaronouthier

        Thinking about it some more, the ptr record is certainly spoofed. Probably attempting misdirection.

        A 1 Reply Last reply Reply Quote 0
        • A
          aaronouthier @aaronouthier
          last edited by

          @aaronouthier
          If your box wasn’t accessible from the outside, then something inside maybe compromised, or perhaps a visitor’s device was compromised and launched an attack on your router while on your network.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Mmm, it would be very interesting to see what's in those script files.

            Seeing this error log on a box with 16GB RAM:

            [zone: pf states] PF states limit reached\

            Implies it's moving a lot of traffic.

            Steve

            johnpozJ 1 Reply Last reply Reply Quote 0
            • Bob.DigB
              Bob.Dig LAYER 8
              last edited by

              I knew it, one day docker would come to pfSense... 😉

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @Bob.Dig
                last edited by

                @bob-dig hahah

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @stephenw10
                  last edited by

                  @stephenw10 Yeah I bet ;)

                  Other then curiosity on what it is, and how it got there being the biggest question. I would wipe this box for sure.. This is clearly not something you setup. And everything points to nefarious use.. The IPs are hosted vps, and you got some weird ass PTR setting nasa.gov - yeah ok ;)

                  And the one IP is a tor exit node..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.