Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is it hacking?

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 4 Posters 796 Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Antibiotic
      last edited by Antibiotic

      Hi, with pfblockerNg, just for experiment I did ban whole Africa and was surprised that my laptop trying to connect some telecommunication services and internet services in Africa. Im from Europe, btw. I did full scan by antivirus nothing was found. Now in doubt, wtf going on. If it was my mobile phone, but this is my laptop. Actually I dont use any illegal software on this laptop or playing the games and have very good antivirus soft, because use this laptop for banking payments. Any ideas?
      Screenshot_17-11-2024_222430_192.168.20.1.jpeg
      Screenshot_17-11-2024_222351_192.168.20.1.jpeg
      Screenshot_17-11-2024_222317_192.168.20.1.jpeg

      pfSense plus 24.11 on Topton mini PC
      CPU: Intel N100
      NIC: Intel i-226v 4 pcs
      RAM : 16 GB DDR5
      Disk: 128 GB NVMe
      Brgds, Archi

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator @Antibiotic
        last edited by johnpoz

        @Antibiotic take a look at netstat to see what process is doing it.. Could be some addon in your browser as well.

        as admin in a cmd prompt run netstat -anb

          TCP    192.168.9.100:18958    208.123.73.77:443      ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:20572    34.107.243.93:443      ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21258    146.75.77.91:443       ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21274    178.162.173.120:443    ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21326    151.101.193.188:443    ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21329    146.75.77.188:443      ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21340    23.33.29.88:443        ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21381    142.250.191.164:443    ESTABLISHED
 [firefox.exe]
  TCP    192.168.9.100:21384    104.18.17.97:443       ESTABLISHED

        Or you could use tcpview
        https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview

        btw - I tried talking to that IP on both 443 and 80 and nothing answers anyway.

        noanswer.jpg

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        A 1 Reply Last reply Reply Quote 0
        • A Offline
          Antibiotic @johnpoz
          last edited by

          @johnpoz said in Is it hacking?:

          as admin in a cmd prompt run netstat -anb

          I did, but for this moment no connections with those IP's

          pfSense plus 24.11 on Topton mini PC
          CPU: Intel N100
          NIC: Intel i-226v 4 pcs
          RAM : 16 GB DDR5
          Disk: 128 GB NVMe
          Brgds, Archi

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator @Antibiotic
            last edited by

            @Antibiotic I see a 6881 port in there - you running torrents? Also that 6900 port also common torrent port.. So yeah I would expect IPs from all over.. I mean all over!!

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07 | Lab VMs 2.8, 25.07

            A 1 Reply Last reply Reply Quote 0
            • A Offline
              Antibiotic @johnpoz
              last edited by

              @johnpoz I'm also start think about torrent client))))

              pfSense plus 24.11 on Topton mini PC
              CPU: Intel N100
              NIC: Intel i-226v 4 pcs
              RAM : 16 GB DDR5
              Disk: 128 GB NVMe
              Brgds, Archi

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator @Antibiotic
                last edited by

                @Antibiotic blocking outbound while your running a torrents going to drastically reduce the overall capability for it to function at its peak.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07 | Lab VMs 2.8, 25.07

                1 Reply Last reply Reply Quote 0
                • JonathanLeeJ Offline
                  JonathanLee
                  last edited by JonathanLee

                  It looks like bit-torrents, Azure, Limewire, something like that. If you use snort you could activate openAppID and see what it is in a second

                  Make sure to upvote

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG Offline
                    Gertjan @JonathanLee
                    last edited by

                    @JonathanLee said in Is it hacking?:

                    If you use snort

                    Or clean up the PC ?!

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    johnpozJ A 2 Replies Last reply Reply Quote 0
                    • johnpozJ Offline
                      johnpoz LAYER 8 Global Moderator @Gertjan
                      last edited by

                      Maybe he is running torrents on purpose? He did say it was his laptop.. How would torrent just show up without the user knowing they were running torrents?

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 25.07 | Lab VMs 2.8, 25.07

                      A 1 Reply Last reply Reply Quote 0
                      • A Offline
                        Antibiotic @Gertjan
                        last edited by

                        @Gertjan said in Is it hacking?:

                        Or clean up the PC ?!

                        Funny)))

                        pfSense plus 24.11 on Topton mini PC
                        CPU: Intel N100
                        NIC: Intel i-226v 4 pcs
                        RAM : 16 GB DDR5
                        Disk: 128 GB NVMe
                        Brgds, Archi

                        1 Reply Last reply Reply Quote 0
                        • A Offline
                          Antibiotic @johnpoz
                          last edited by

                          @johnpoz said in Is it hacking?:

                          Maybe he is running torrents on purpose? He did say it was his laptop.. How would torrent just show up without the user knowing they were running torrents?

                          It was my torrent client on laptop.

                          pfSense plus 24.11 on Topton mini PC
                          CPU: Intel N100
                          NIC: Intel i-226v 4 pcs
                          RAM : 16 GB DDR5
                          Disk: 128 GB NVMe
                          Brgds, Archi

                          JonathanLeeJ 1 Reply Last reply Reply Quote 0
                          • JonathanLeeJ Offline
                            JonathanLee @Antibiotic
                            last edited by

                            @Antibiotic get rid of that torrent client eventually it’s gonna break stuff if you keep using it. Trust me. Stop using it, think about how many ports you need open. It just takes one bad download

                            Make sure to upvote

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.