Strange packets logs to my pfsense.. on a net i dont have?!?
-
I have 1 local net configured and thats is:
192.168.0.1 pf sense, local net.
192.168.0.210 main computer, has port 21 forwarded to only.
192.168.0.254 my test web / and my test mail server not shared outside the internal networkthe xl0 is my wan network card i know that much but the rest is confusing.
And now i have found some strange packets in my firewall log:
2006-02-07 13:28:34 Local0.Info 192.168.0.1 Feb 7 13:28:42 pf: 1. 728786 rule 46/0(match): block in on xl0: (tos 0x0, ttl 50, id 64313, offset 0, flags [none], proto: ICMP (1), length: 97) 217.8.154.197 > 83.227.180.253: ICMP host 192.168.1.112 unreachable, length 772006-02-07 13:28:34 Local0.Info 192.168.0.1 Feb 7 13:28:42 pf: <009>(tos 0x0, ttl 48, id 37254, offset 0, flags [none], proto: UDP (17), length: 69) 83.227.180.253 > 192.168.1.112: [|udp]
2006-02-07 13:29:48 Local0.Info 192.168.0.1 Feb 7 13:29:56 pf: 6. 244058 rule 46/0(match): block in on xl0: (tos 0x0, ttl 43, id 14982, offset 0, flags [none], proto: ICMP (1), length: 118) 24.34.131.147 > 83.227.180.253: ICMP host 192.168.100.103 unreachable, length 98
2006-02-07 13:29:48 Local0.Info 192.168.0.1 Feb 7 13:29:56 pf: <009>(tos 0x20, ttl 43, id 44883, offset 0, flags [none], proto: UDP (17), length: 90) 83.227.180.253 > 192.168.100.103: [|udp]
2006-02-07 13:32:03 Local0.Info 192.168.0.1 Feb 7 13:32:11 pf: 1. 213978 rule 46/0(match): block in on xl0: (tos 0x0, ttl 46, id 13752, offset 0, flags [none], proto: ICMP (1), length: 118) 70.26.174.47 > 83.227.180.253: ICMP host 192.168.1.111 unreachable, length 98
2006-02-07 13:32:03 Local0.Info 192.168.0.1 Feb 7 13:32:11 pf: <009>(tos 0x0, ttl 46, id 50964, offset 0, flags [none], proto: UDP (17), length: 90) 83.227.180.253 > 192.168.1.111: [|udp]
i havent any net on 192.168.1.x or 192.168.100.x and i havent configured those net on my pf iether.
What can i do to get rid of these ? And how come they are linked to a network i dont have ?
They repet them self from differents ip adresses to differnes internal ip adresses every 1-5 mins.btw im running: 1.0-BETA1-TESTING-SNAPSHOT-2-5-06
-
pfSense is doing its job. Call your ISP and ask them why you are seeing someone elses traffic.
-
Ooh forgot to mention. 83.227.180.253 is my wan (static) ip adress.