Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is this one calls a DDoS?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      torontob
      last edited by

      Using option 10 as filter log I notcied a single IP scanning a lot. Blocking that open the can of bees. Am I right with my assumption? and what doesn't pfSense have built in against this? Any adaptive ban on the firewall?

      Enter an option: 10

      tcpdump: WARNING: pflog0: no IPv4 address assigned
      tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
      listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
      000000 rule 70/0(match): block in on vr1: 221.132.34.165.33556 > 69.90.78.53.52229:  tcp 20 [bad hdr length 0 - too short, < 20]
      6. 239658 rule 70/0(match): block in on vr1: 121.207.254.227.6667 > 69.90.78.38.3072:  tcp 24 [bad hdr length 0 - too short, < 20]
      7. 986724 rule 70/0(match): block in on vr1: 61.231.237.223.4155 > 69.90.78.62.445:  tcp 28 [bad hdr length 0 - too short, < 20]
      2. 867707 rule 70/0(match): block in on vr1: 61.231.237.223.4155 > 69.90.78.62.445:  tcp 28 [bad hdr length 0 - too short, < 20]
      2. 799337 rule 70/0(match): block in on vr1: 186.36.73.212.4545 > 69.90.78.56.445:  tcp 28 [bad hdr length 0 - too short, < 20]
      2. 931814 rule 70/0(match): block in on vr1: 186.36.73.212.4545 > 69.90.78.56.445:  tcp 28 [bad hdr length 0 - too short, < 20]
      1. 574556 rule 70/0(match): block in on vr1: 190.7.59.45.1341 > 69.90.78.43.445:  tcp 28 [bad hdr length 0 - too short, < 20]
      2. 956066 rule 70/0(match): block in on vr1: 190.7.59.45.1341 > 69.90.78.43.445:  tcp 28 [bad hdr length 0 - too short, < 20]
      1. 598334 rule 70/0(match): block in on vr1: 2.95.19.121.3463 > 69.90.78.42.445:  tcp 20 [bad hdr length 8 - too short, < 20]
      072759 rule 70/0(match): block in on vr1: 123.192.177.2.54518 > 69.90.78.43.445:  tcp 20 [bad hdr length 8 - too short, < 20]
      109451 rule 70/0(match): block in on vr1: 219.163.19.138.3723 > 69.90.78.63.445:  tcp 28 [bad hdr length 0 - too short, < 20]
      2. 731065 rule 70/0(match): block in on vr1: 2.95.19.121.3463 > 69.90.78.42.445:  tcp 16 [bad hdr length 12 - too short, < 20]
      159413 rule 70/0(match): block in on vr1: 123.192.177.2.54518 > 69.90.78.43.445:  tcp 20 [bad hdr length 8 - too short, < 20]
      374293 rule 70/0(match): block in on vr1: 219.163.19.138.3723 > 69.90.78.63.445:  tcp 16 [bad hdr length 12 - too short, < 20]
      10. 234202 rule 70/0(match): block in on vr1: 189.105.69.200.2413 > 69.90.78.52.445:  tcp 20 [bad hdr length 12 - too short, < 20]
      2. 985558 rule 70/0(match): block in on vr1: 189.105.69.200.2413 > 69.90.78.52.445:  tcp 20 [bad hdr length 12 - too short, < 20]
      13. 236084 rule 70/0(match): block in on vr1: 82.51.36.230.2923 > 69.90.78.35.445:  tcp 16 [bad hdr length 12 - too short, < 20]
      2. 982122 rule 70/0(match): block in on vr1: 82.51.36.230.2923 > 69.90.78.35.445:  tcp 16 [bad hdr length 12 - too short, < 20]
      18. 493312 rule 70/0(match): block in on vr1: 218.16.118.242.80 > 69.90.78.47.39781:  tcp 16 [bad hdr length 12 - too short, < 20]
      2. 477084 rule 70/0(match): block in on vr1: 218.16.118.242.80 > 69.90.78.47.39781:  tcp 16 [bad hdr length 12 - too short, < 20]
      9. 777792 rule 70/0(match): block in on vr1: 121.243.16.214.1677 > 69.90.78.54.445:  tcp 16 [bad hdr length 12 - too short, < 20]
      1. 216002 rule 70/0(match): block in on vr1: 172.168.0.4.1568 > 69.90.78.49.445: [|tcp]
      321600 rule 70/0(match): block in on vr1: 72.179.18.165.2854 > 69.90.78.55.445:  tcp 20 [bad hdr length 8 - too short, < 20]
      1. 383839 rule 70/0(match): block in on vr1: 121.243.16.214.1677 > 69.90.78.54.445: [|tcp]
      1. 466115 rule 70/0(match): block in on vr1: 72.179.18.165.2854 > 69.90.78.55.445: [|tcp]
      7. 977140 rule 70/0(match): block in on vr1: 41.72.209.67.4532 > 69.90.78.36.445: [|tcp]
      2. 920013 rule 70/0(match): block in on vr1: 41.72.209.67.4532 > 69.90.78.36.445: [|tcp]
      29. 032839 rule 70/0(match): block in on vr1: 201.168.49.13.1404 > 69.90.78.55.445: [|tcp]
      2. 996906 rule 70/0(match): block in on vr1: 201.168.49.13.1404 > 69.90.78.55.445: [|tcp]
      62. 079279 rule 70/0(match): block in on vr1: 82.165.131.28.6005 > 69.90.78.47.1024: [|tcp]
      34. 224871 rule 67/0(match): block in on vr1: 77.34.234.241.1899 > 69.90.78.43.445: [|tcp]
      3. 006367 rule 67/0(match): block in on vr1: 77.34.234.241.1899 > 69.90.78.43.445: [|tcp]
      20. 274886 rule 67/0(match): block in on vr1: 66.211.120.62.1132 > 69.90.78.55.445: [|tcp]
      2. 893859 rule 67/0(match): block in on vr1: 66.211.120.62.1132 > 69.90.78.55.445: [|tcp]
      28. 739620 rule 67/0(match): block in on vr1: 117.197.247.151.1042 > 69.90.78.55.445: [|tcp]
      2. 936286 rule 67/0(match): block in on vr1: 117.197.247.151.1042 > 69.90.78.55.445: [|tcp]
      1. 207250 rule 67/0(match): block in on vr1: 118.171.176.188.42965 > 69.90.78.43.445: [|tcp]
      3. 015370 rule 67/0(match): block in on vr1: 118.171.176.188.42965 > 69.90.78.43.445: [|tcp]
      7. 088359 rule 67/0(match): block in on vr1: 61.130.103.10 > 69.90.78.42: [|icmp]
      11. 825521 rule 67/0(match): block in on vr1: 71.100.221.211.4521 > 69.90.78.33.445: [|tcp]
      2. 316564 rule 67/0(match): block in on vr1: 61.130.103.10 > 69.90.78.42: [|icmp]
      626845 rule 67/0(match): block in on vr1: 71.100.221.211.4521 > 69.90.78.33.445:  tcp 20 [bad hdr length 8 - too short, < 20]
      5. 041794 rule 67/0(match): block in on vr1: 95.224.51.107.1378 > 69.90.78.48.1434: UDP, length 376
      8. 978999 rule 67/0(match): block in on vr1: 221.132.34.165.33556 > 69.90.78.53.52229: [|tcp]
      8. 067764 rule 67/0(match): block in on vr1: 117.22.229.187.2882 > 69.90.78.36.1434: UDP, length 376
      7. 936396 rule 67/0(match): block in on vr1: 117.211.83.182.1919 > 69.90.78.59.445: [|tcp]
      2. 890145 rule 67/0(match): block in on vr1: 117.211.83.182.1919 > 69.90.78.59.445: [|tcp]
      4. 611658 rule 67/0(match): block in on vr1: 61.32.84.165.2561 > 69.90.78.43.445: [|tcp]
      007399 rule 67/0(match): block in on vr1: 69.39.235.5.5060 > 69.90.78.40.5060: SIP, length: 403
      2. 932101 rule 67/0(match): block in on vr1: 61.32.84.165.2561 > 69.90.78.43.445: [|tcp]
      14. 157570 rule 67/0(match): block in on vr1: 83.239.20.74.3191 > 69.90.78.54.445: [|tcp]
      2. 229645 rule 67/0(match): block in on vr1: 75.97.10.248.2556 > 69.90.78.54.445: [|tcp]
      773124 rule 67/0(match): block in on vr1: 83.239.20.74.3191 > 69.90.78.54.445: [|tcp]
      2. 102083 rule 67/0(match): block in on vr1: 75.97.10.248.2556 > 69.90.78.54.445: [|tcp]
      6. 378646 rule 67/0(match): block in on vr1: 114.42.222.45.31689 > 69.90.78.39.445: [|tcp]
      2. 950717 rule 67/0(match): block in on vr1: 114.42.222.45.31689 > 69.90.78.39.445: [|tcp]
      6. 111112 rule 67/0(match): block in on vr1: 186.122.147.6.32221 > 69.90.78.45.445: [|tcp]
      3. 608465 rule 67/0(match): block in on vr1: 186.122.147.6.32221 > 69.90.78.45.445: [|tcp]

      Thanks

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        Please stop cross posting.  You've already asked a question related to this issue.

        1 Reply Last reply Reply Quote 0
        • T
          torontob
          last edited by

          Apart from the fact that now it's not only 1 single IP. If check the log I posted they are different and I am wondering if as a DDoS (if it qualifies) there is something to deter this or if this also falls under there is no tool to do this yet.

          Thanks

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.