On 2010-09-18, packetfilte...@gmail.com <packetfilte...@gmail.com> wrote: > Hi > > Can someone shed some light on the following (pfSense) PF log entries;
Don't know pfSense, but these logs appear to show the firewall blocking some traffic that you told it to block. > I've been experiencing a lot of problems when trying to log into online > banking and Googlemail and sometime see private IP addresses between my > ADSL router and my ISP's gateway. Talk to pfSense people or your ISP. My guess would be broken path mtu discovery. http://www.elifulkerson.com/projects/mtu-eyechart.php > I don't use VoIP Makes no difference to people scanning; they will search for endpoints on your network whether or not you have them. (Not for you, but for people who do run voip then for the love of $DEITY keep an eye on security. use strong passwords so you just get the log spam and packets-per-second and not the phone bills too, and make sure you have a handle on how you've configured your software; e.g. with asterisk don't get confused about contexts, and if you use "insecure" flags anywhere then understand what it does and make sure it's safe..) > However I'm using RST and DEST-UNR which may invite a botnet or > feeling lucky today script kid. > > Resetting the PF state seems to alleviate the problem at least partially > but even though PF logs that the packet was locked it seems to be > causing problems. Is it some sort of arp poisoning or UDP injection > which is stuffing the routing tables. Huh?
