Private networks bleeding through?



  • Installed ntop just to get an overall idea of what's going on in life, and noticed a lot of traffic from a 192 network… only I don't use 192 anywhere :-. Checking under my states, I clearly see where it goes from my private IP > gateway > 192...

    Digging a little deeper I see svchost is listening on numerious UDP ports :-\ - Guess I'll just block 192.* on all my interfaces...

    svchost.exe                  PID:1108

    Appinfo, BITS, Browser, CertPropSvc, gpsvc,
                                      IKEEXT, iphlpsvc, LanmanServer, MMCSS,
                                      MSiSCSI, ProfSvc, Schedule, SENS,
                                      SessionEnv, ShellHWDetection, Themes,
                                      Winmgmt, wuauserv

    http://imgur.com/IoUG2T0,ofux3FH


  • LAYER 8 Global Moderator

    "only I don't use 192 anywhere "

    Wht?  Clearly your states show lots of 192 addresses all taking to thia 10.0.30.4 address.



  • That's not from, it's to. Your internal devices are communicating out to those IPs. Might want a block rule on LAN to prevent that if you don't want it going out.



  • Yea I know it's outgoing, and that was the worry / realization midway through the post. A bit concerning, I'm not sure why my desktop is seeking out 192. But anywho it's a problem on my side vs pfsense's side.

    @johnpoz - it was the point of my post, I don't have anything in the 192 IP Space, and yet there are connections which was the concern. But as I state in this post, the strange behavior is because of my desktop :-( I haven't found anything to look at UDP connections in Windows 7, mainly TCP.



  • @heavy1metal:

    Yea I know it's outgoing, and that was the worry / realization midway through the post. A bit concerning, I'm not sure why my desktop is seeking out 192. But anywho it's a problem on my side vs pfsense's side.

    @johnpoz - it was the point of my post, I don't have anything in the 192 IP Space, and yet there are connections which was the concern. But as I state in this post, the strange behavior is because of my desktop :-( I haven't found anything to look at UDP connections in Windows 7, mainly TCP.

    Are there corporate desktops or laptops that people take home as well? Could be that they're still trying to connect to some home stuff? They seem to be high ports though, bittorrent-like things running maybe?

    I think you should check out the PCs that do this :)


Log in to reply