Re: [pfSense] Fwd: Firewall Log

Wed, 19 Mar 2014 05:51:33 -0700 

On 19/03/14 13:46, Moshe Katz wrote:




On Mar 19, 2014 7:59 AM, "Brian Caouette" <bri...@dlois.com 
<mailto:bri...@dlois.com>> wrote:

>
>
>
>
> -------- Original Message --------
> Subject:
> Firewall Log
> Date:
> Thu, 13 Mar 2014 12:48:33 -0400
> From:
> Brian Caouette <bri...@dlois.com <mailto:bri...@dlois.com>>
> To:

> pfSense support and discussion <list@lists.pfsense.org 
<mailto:list@lists.pfsense.org>>

>
>
> Also seeing this in the log:
>
> Mar 13 11:37:36
> WAN
> 0.0.0.0:68 <http://0.0.0.0:68>
> 255.255.255.255:67 <http://255.255.255.255:67>
> UDP
> Mar 13 11:37:35
> WAN
> 0.0.0.0:68 <http://0.0.0.0:68>
> 255.255.255.255:67 <http://255.255.255.255:67>
> UDP
> Mar 13 11:37:34
> WAN
> 0.0.0.0:68 <http://0.0.0.0:68>
> 255.255.255.255:67 <http://255.255.255.255:67>
> UDP
> Mar 13 10:38:46
> WAN
> 0.0.0.0:68 <http://0.0.0.0:68>
> 255.255.255.255:67 <http://255.255.255.255:67>
> UDP
> Mar 13 10:38:44
> WAN
> 0.0.0.0:68 <http://0.0.0.0:68>
> 255.255.255.255:67 <http://255.255.255.255:67>
> UDP
> Mar 13 10:38:43
> WAN
> 0.0.0.0:68 <http://0.0.0.0:68>
> 255.255.255.255:67 <http://255.255.255.255:67>
> UDP
> Mar 13 09:58:24
> WAN
> 0.0.0.0:68 <http://0.0.0.0:68>
> 255.255.255.255:67 <http://255.255.255.255:67>
> UDP
> Mar 13 09:58:23
> WAN
> 0.0.0.0:68 <http://0.0.0.0:68>
> 255.255.255.255:67 <http://255.255.255.255:67>
> UDP
>


That is DHCP request traffic from some other device on the WAN.  In 
practice, most providers block this traffic from reaching you so that 
you don't cause a DoS against other hosts on the network by giving out 
random IP addresses that are not in the correct subnet for this 
network.  If you have done of your own devices on the WAN side, then 
it is most likely that this is a normal DHCP request from one of 
them.  Otherwise, your ISP is either very trusting of its users or has 
misconfigured something.


Moshe



_______________________________________________
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

If you are on a DOCSIS this is normal.

There is no way for the provider to block traffic on a local loop 
between clients.

It's just one big collision/broadcast domain.

Best regards
Matthias

_______________________________________________
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list





















					Reply via email to