Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Question about a broadcast

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gzamboni
      last edited by

      Hi all guys,
      on an installation of pfsense 2.1-RC0 (i386)
      on the re2 interface that connect using PPPOE
      when i see the log interface is full of this rows :

      but i don't understand why i have  these broadcast requests
      any knows best?
      any idea or advice?
      best regards

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        Port used by Linksys (and other) Cable/DSL Routers Remote Administration

        Vulnerable systems: Linksys Cable/DSL version 1.42.7 (BEFSR11 / BEFSR41 / BEFSRU31)
        Immune systems: Linksys Cable/DSL versions prior to 1.42.7 (BEFSR11 / BEFSR41 / BEFSRU31)

        SNATMAP server also uses this port to ensure that connections between iChat users can properly function behind network address translation (NAT).

        Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, a.k.a. "extraneous messaging."
        References: [CVE-2007-5636] [BID-26118]

        WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678.
        References: [CVE-2012-2559]

        Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers go gain access.
        References: [CVE-2002-2159] [BID-4987]

        iChat

        Its a default block rule, so if you don't want to have to look at it all the time, you can go to status > system logs > setings

        uncheck the Log packets blocked by the default rule box and save settings.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Or add a rule to block these packets specifically and uncheck the log packets on that. Other stuff blocked by the default rule will continue to be logged which is usually a good thing.

          Steve

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            I hate seeing when my firewall is blocking things its supposed to block by default.  I always think to myself.

            "Ohhhh look.  Someone trying to get into my blocked port…  Thats nice".  No action needed.

            Its like the 10,000,000 hack attempts on my openvpn that is just forever ongoing from what appears to be an inexhaustible supply of random IPs out of China.  They don't have my certs, so who cares?  Let them waste their time.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.