Verizon FiOS DoS?
-
I recently bridged my Verizon FiOS ActionTec MI424WR to my pfSense APU. I then spun up an ELK server and stumbled upon some interesting network happenings.
Since doing this, my network has been seeing significant amounts of blocked requests on the WAN from Verizon FiOS IPs. OK, not really enough to be a DoS but it's still a lot.
I can only assume that Verizon likes to phone home to their modems, but as you can see from the attached chart showing the last 24 hours, these requests are constant and unrelenting.
Has anyone seen this before? If so, is there anything I can do to address it (ex: port forwards to the modem, etc)? By comparison, China seems tame.
Any input would be appreciated.
-
Those are 5 minute averages with only 200-300 events per 5 minute slice. That's an average of about 1 packet per second. Personally, I average about 19 packets per second blocked, or 1.56kb/s, about 10% the speed of a 14.4 modem.
Not a DOS.
-
Those are 5 minute averages with only 200-300 events per 5 minute slice. That's an average of about 1 packet per second. Personally, I average about 19 packets per second blocked, or 1.56kb/s, about 10% the speed of a 14.4 modem.
Not a DOS.
Thanks for the input. I didn't really think it was a DoS. I was more curious to see if anyone had any insight into why this may be happening and what could be done (if anything).
-
Well, I'm getting about 20x more of this stuff than you, and sometimes it spikes upwards of 90 pps. It's only kilobits of traffic. I've always just shrugged it off as a low level of noise.