Question about a broadcast

  • Hi all guys,
    on an installation of pfsense 2.1-RC0 (i386)
    on the re2 interface that connect using PPPOE
    when i see the log interface is full of this rows :

    but i don't understand why i have  these broadcast requests
    any knows best?
    any idea or advice?
    best regards

  • Port used by Linksys (and other) Cable/DSL Routers Remote Administration

    Vulnerable systems: Linksys Cable/DSL version 1.42.7 (BEFSR11 / BEFSR41 / BEFSRU31)
    Immune systems: Linksys Cable/DSL versions prior to 1.42.7 (BEFSR11 / BEFSR41 / BEFSRU31)

    SNATMAP server also uses this port to ensure that connections between iChat users can properly function behind network address translation (NAT).

    Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, a.k.a. "extraneous messaging."
    References: [CVE-2007-5636] [BID-26118]

    WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678.
    References: [CVE-2012-2559]

    Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers go gain access.
    References: [CVE-2002-2159] [BID-4987]


    Its a default block rule, so if you don't want to have to look at it all the time, you can go to status > system logs > setings

    uncheck the Log packets blocked by the default rule box and save settings.

  • Netgate Administrator

    Or add a rule to block these packets specifically and uncheck the log packets on that. Other stuff blocked by the default rule will continue to be logged which is usually a good thing.


  • I hate seeing when my firewall is blocking things its supposed to block by default.  I always think to myself.

    "Ohhhh look.  Someone trying to get into my blocked port…  Thats nice".  No action needed.

    Its like the 10,000,000 hack attempts on my openvpn that is just forever ongoing from what appears to be an inexhaustible supply of random IPs out of China.  They don't have my certs, so who cares?  Let them waste their time.

Log in to reply