PfSense 2.0 Suspicious IP Connections



  • I know my pfSense version is outdated, but its running on a old WRAP PC Engines board.

    Anyway I was monitoring the connections on the network and noticed this box that runs pfSense and no plugins or add-on's is connecting to 2 IP's which had me concerned.

    The suspicious IP's are:
    67.227.252.196 - NSLOOKUP shows amsat.org
    72.14.183.239 - NSLOOKUP shows jtsage.com

    Any idea why that is? I've already blacklisted these IP's, but would like to fix the fault/flaw.

    Thanks



  • Connecting to them with what protocol/port? With that description, guessing UDP 123, NTP time sync traffic to pool.ntp.org members.



  • @cmb:

    Connecting to them with what protocol/port? With that description, guessing UDP 123, NTP time sync traffic to pool.ntp.org members.

    Thanks, I haven’t checked which protocol/port. I will try that, but first I changed the NTP server to see if the problem stops.