Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outside IP hitting firewall a lot, what do I do?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jakobud
      last edited by

      Check out this screenshot

      Every 30 seconds or so, this outside IP address has been hitting our firewall, trying to connect to 255.255.255.255:17500. I have no idea what they are trying to do. Out network has had intermitant slowdowns all this past week and I think this could possibly be part of it… not sure.

      Two questions:

      1. What is the best approach to stopping this IP from hitting our network?  Manually create a rule to block it?  I've messed with Snort a bit but I couldn't get it setup properly (it wasn't able to retrieve rules from snort.org or something).

      2. In pfSense the system log only shows the last 100 entries.  How do I log more than this?

      1 Reply Last reply Reply Quote 0
      • X
        XIII
        last edited by

        you can ignore it, as you are most likely on cable, that is a computer that is trying to get an ip. 169.254.x.x is an apipa.

        -Chris Stutzman
        Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
        Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
        freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
        Check out the pfSense Wiki

        1 Reply Last reply Reply Quote 0
        • D
          dreamslacker
          last edited by

          That shows up on your LAN interface, which is weird.  Port 17500 is used by Dropbox for LANsync discovery.  Someone is probably trying to run Dropbox on your network and the computer in question probably can get or isn't assigned an IP.

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob
            last edited by

            @dreamslacker:

            . . . and the computer in question probably can get or isn't assigned an IP.

            To elaborate:  Some operating systems will assign themselves a "random" 169.254.x.x address if they don't get a timely DHCP response.

            1 Reply Last reply Reply Quote 0
            • D
              dreamslacker
              last edited by

              Just realized that I made a typo, it should read "can't get or isn't assigned an IP."

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.