Attack via port 33434 ???

  • Hey guys.  I am a somewhat new pfsense user here and absolutely love my SG-2440 right now.  I've been getting into the habit of looking through my logs for strange activity and lately I have been noticing a daily and coordinated plume of packets hitting my wan side via port 33434.  The source IP's are actually from various countries.  Has anyone seen something like this before or know what it is about? (Screenshot attached)

    I know that this port is typically associated with trace-route however I think the number is supposed to get incremented for every hop right? …All I have is pages and pages of this stuff at 33434... (This burst tends to happen every 24 hours).  Any insight from the firewall wizards here would be much appreciated.

  • Banned

    Oh noes, the infamous traceroute "attack"…  ;D

  • @beefcake:

    …Any insight...

    Due to undamned pf. Recommended Status: System logs: Settings(Log Firewall Default Blocks) unchecked.  8)

  • Ok, will do.  Is there any reason why they are using multiple sources for trace route? (Wouldn't it suffice for just one machine to send the packet rather than 50 or 100?)

Log in to reply