Question about a broadcast
Hi all guys,
on an installation of pfsense 2.1-RC0 (i386)
on the re2 interface that connect using PPPOE
when i see the log interface is full of this rows :
but i don't understand why i have these broadcast requests
any knows best?
any idea or advice?
Port used by Linksys (and other) Cable/DSL Routers Remote Administration
Vulnerable systems: Linksys Cable/DSL version 1.42.7 (BEFSR11 / BEFSR41 / BEFSRU31)
Immune systems: Linksys Cable/DSL versions prior to 1.42.7 (BEFSR11 / BEFSR41 / BEFSRU31)
SNATMAP server also uses this port to ensure that connections between iChat users can properly function behind network address translation (NAT).
Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, a.k.a. "extraneous messaging."
References: [CVE-2007-5636] [BID-26118]
WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678.
Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers go gain access.
References: [CVE-2002-2159] [BID-4987]
Its a default block rule, so if you don't want to have to look at it all the time, you can go to status > system logs > setings
uncheck the Log packets blocked by the default rule box and save settings.
Or add a rule to block these packets specifically and uncheck the log packets on that. Other stuff blocked by the default rule will continue to be logged which is usually a good thing.
I hate seeing when my firewall is blocking things its supposed to block by default. I always think to myself.
"Ohhhh look. Someone trying to get into my blocked port… Thats nice". No action needed.
Its like the 10,000,000 hack attempts on my openvpn that is just forever ongoing from what appears to be an inexhaustible supply of random IPs out of China. They don't have my certs, so who cares? Let them waste their time.