Lyle Giese wrote: > I am seeing alot of the messages below. Is this any thing special I need to > watch out for? These seemed to start recently and just want to see if this > is something new or ??? > > I like to know what I am up against when I see increases in certain traffic > and googling this(I may not know what to look for in this case) is not giving > me a concrete answer as to what this is about. I am also seeing various > source ip addresses. The ones I have checked have reverse lookups indicating > DSL service. > > This is from a Soekris net4801 running pfSense 1.2.3rc1. > > Thanks, > Lyle Giese > LCR Computer Services, Inc. > > Jun 8 00:38:32 FW2 pf: 000410 rule 104/0(match): block in on ng0: (tos 0x0, > ttl 47, id 53817, offset 0, flags [none], proto UDP (17), length 122) > 99.180.11.164.61891 > <public ip>.19295: UDP, length 94 > Jun 8 00:38:33 FW2 pf: 483218 rule 104/0(match): block in on ng0: (tos 0x0, > ttl 47, id 26629, offset 0, flags [none], proto UDP (17), length 122) > 99.180.11.164.61891 > <public ip>.19296: UDP, length 94 > Jun 8 00:38:33 FW2 pf: 000821 rule 104/0(match): block in on ng0: (tos 0x0, > ttl 47, id 5213, offset 0, flags [none], proto UDP (17), length 122) > 99.180.11.164.61891 > 2<public ip>.19295: UDP, length 94 > Jun 8 00:38:33 FW2 pf: 507076 rule 104/0(match): block in on ng0: (tos 0x0, > ttl 47, id 39985, offset 0, flags [none], proto UDP (17), length 122) > 99.180.11.164.61891 > <public ip>.19296: UDP, length 94 > Jun 8 00:38:33 FW2 pf: 000403 rule 104/0(match): block in on ng0: (tos 0x0, > ttl 47, id 53069, offset 0, flags [none], proto UDP (17), length 122) > 99.180.11.164.61891 > <public ip>.19295: UDP, length 94 > > > > I have another soekris running 2.0-BETA2 and seeing the following in the logs from it(it's not logging source or destination). Be nice to have the source ip address...
Lyle Giese LCR Computer Services, Inc. Jun 8 21:47:21 proxy pf: 00:00:00.000350 rule 2/0(match): block in on sis0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 243) Jun 8 21:47:21 proxy pf: 00:00:00.000302 rule 2/0(match): block in on sis0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 235) Jun 8 21:47:21 proxy pf: 00:00:00.000290 rule 2/0(match): block in on sis0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 243) Jun 8 21:47:21 proxy pf: 00:00:00.000289 rule 2/0(match): block in on sis0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 243) J --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
