Strange packets logs to my pfsense.. on a net i dont have?!? New
-
have 1 local net configured and thats is:
192.168.0.1 pf sense, local net.
192.168.0.210 main computer, has port 21 forwarded to only.
192.168.0.254 my test web / and my test mail server not shared outside the internal networkthe xl0 is my wan network card i know that much but the rest is confusing.
And now i have found some strange packets in my firewall log:
2006-02-07 13:28:34 Local0.Info 192.168.0.1 Feb 7 13:28:42 pf: 1. 728786 rule 46/0(match): block in on xl0: (tos 0x0, ttl 50, id 64313, offset 0, flags [none], proto: ICMP (1), length: 97) 217.8.154.197 > 83.227.180.253: ICMP host 192.168.1.112 unreachable, length 772006-02-07 13:28:34 Local0.Info 192.168.0.1 Feb 7 13:28:42 pf: <009>(tos 0x0, ttl 48, id 37254, offset 0, flags [none], proto: UDP (17), length: 69) 83.227.180.253 > 192.168.1.112: [|udp]
2006-02-07 13:29:48 Local0.Info 192.168.0.1 Feb 7 13:29:56 pf: 6. 244058 rule 46/0(match): block in on xl0: (tos 0x0, ttl 43, id 14982, offset 0, flags [none], proto: ICMP (1), length: 118) 24.34.131.147 > 83.227.180.253: ICMP host 192.168.100.103 unreachable, length 98
2006-02-07 13:29:48 Local0.Info 192.168.0.1 Feb 7 13:29:56 pf: <009>(tos 0x20, ttl 43, id 44883, offset 0, flags [none], proto: UDP (17), length: 90) 83.227.180.253 > 192.168.100.103: [|udp]
2006-02-07 13:32:03 Local0.Info 192.168.0.1 Feb 7 13:32:11 pf: 1. 213978 rule 46/0(match): block in on xl0: (tos 0x0, ttl 46, id 13752, offset 0, flags [none], proto: ICMP (1), length: 118) 70.26.174.47 > 83.227.180.253: ICMP host 192.168.1.111 unreachable, length 98
2006-02-07 13:32:03 Local0.Info 192.168.0.1 Feb 7 13:32:11 pf: <009>(tos 0x0, ttl 46, id 50964, offset 0, flags [none], proto: UDP (17), length: 90) 83.227.180.253 > 192.168.1.111: [|udp]
i havent any net on 192.168.1.x or 192.168.100.x and i havent configured those net on my pf iether.
What can i do to get rid of these ? And how come they are linked to a network i dont have ?
They repet them self from differents ip adresses to differnes internal ip adresses every 1-5 mins.btw im running: 1.0-BETA1-TESTING-SNAPSHOT-2-5-06
-
Why the heck are you running something that old? You know there have been several major releases and literally thousands of bugs fixed in the years since the version you're running right?
-
Those host unreachables are coming back from your ISP probably because something inside your network is trying to access something on that private subnet, which you don't have internally so it gets routed out to the Internet. They shouldn't be getting blocked if that's the case though, could be any number of things, weird noise on the Internet is pretty much the norm.
And yes, you should definitely upgrade. Though I doubt if it changes that.