Newb curiosity, is this normal?

trentdk

I pulled up my firewall logs and found that is just full of this:

Apr 21 16:37:58	NG0	98.95.80.55:56098		98.91.---:30445	UDP
Apr 21 16:38:00	NG0	217.76.2.129:23173 	98.91.---:51926	UDP
Apr 21 16:38:02	NG0	82.55.106.191:28826	98.91.---:65214	UDP
Apr 21 16:38:03	NG0	195.211.172.250:64585	98.91.---:19912	UDP
Apr 21 16:38:04	NG0	188.16.35.81:34787	98.91.---:31551	UDP
Apr 21 16:38:10	NG0	79.167.30.30:43004	98.91.---:19912	UDP
Apr 21 16:38:10	NG0	119.152.85.97:10699	98.91.---:7148		UDP
Apr 21 16:38:11	NG0	79.21.120.216:42130	98.91.---:51926	UDP
Apr 21 16:38:16	NG0	95.43.30.202:55760	98.91.---:7148		UDP
Apr 21 16:38:18	NG0	94.2.84.131:52832		98.91.---:19912	UDP
Apr 21 16:38:25	NG0	92.239.164.150:54836	98.91.---:7148		UDP

I've got about 20 users behind this router, and I'm not sure yet what they do. Does this look like P2P traffic?

jimp

Do you have UPnP enabled?

Are there gaming consoles behind this router?

Games often use high numbered UDP ports to communicate, p2p tends to use TCP, but of course that is just a generalization.

trentdk

UPnP is not enabled, and there are not gaming consoles, or games on any of the PCs (not that I know of).

jimp

Is your IP dynamic?

That may just be "backscatter" so to speak – leftover traffic from the last person who had that IP doing something like using a game server, etc.

Hard to really say, but if it's blocked coming in the WAN, it isn't getting into your network so it's really a non-issue.

trentdk

The WAN IP is dynamic, and changes every few weeks.

I guess that was the concern, whether or not this is an issue. So the pfSense firewall is fine blocking this stuff every second, 24/7? (its a dedicated box, decent specs)

jimp

It would take several hundred thousand blocks per second to have much of an impact on a decently spec'd box.

You'd be more likely to run out of bandwidth on your internet connection before that became a problem.

trentdk

Thanks Jimp!