Good afternoon,
I do see a HIP package every 2 minutes in filter.log. I have googled a bit, but I still have some questions:
a) Those packages are blocked by the packet filter. Should this really be the standard case?
b) I only have one Wifi access point (FritzBox), so I think I really don't need HIP. How can I disable this and where? Is it possible to find the real source of those packages?
c) A log entry every 2 minutes is quite anoying. How can I disable this? It's not possible to select HIP as a protocol type in the firewall rule settings.
My basic network setup:
ISP Cable (Kabeldeutschland) <==> FritzBox 6390 (DECT, 192.168.250.1/29) <==> [em1, 192.168.250.2] OPNsense (LAN DHCP, 192.168.0.1/24) [em0] <==> FritzBox 7490 (192.168.0.2, WLAN AP)
(The 6390 will be kicked out once the "Routerzwang" will end, hopefully in June 2016 :) )
filter.log snapshot:
root@OPNsense:/tmp # grep hip filter.log | tail
Mar 24 16:23:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,246,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:25:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,247,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:27:31 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,248,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:29:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,249,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:31:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,250,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:33:31 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,251,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:35:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,252,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:37:31 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,253,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:39:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,254,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:41:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,255,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Any help is appreciated!
Update:
It seems to be related to my Android phone. I was not at home for 2 hours and I don't see any packages during this time frame.
				
			I do see a HIP package every 2 minutes in filter.log. I have googled a bit, but I still have some questions:
a) Those packages are blocked by the packet filter. Should this really be the standard case?
b) I only have one Wifi access point (FritzBox), so I think I really don't need HIP. How can I disable this and where? Is it possible to find the real source of those packages?
c) A log entry every 2 minutes is quite anoying. How can I disable this? It's not possible to select HIP as a protocol type in the firewall rule settings.
My basic network setup:
ISP Cable (Kabeldeutschland) <==> FritzBox 6390 (DECT, 192.168.250.1/29) <==> [em1, 192.168.250.2] OPNsense (LAN DHCP, 192.168.0.1/24) [em0] <==> FritzBox 7490 (192.168.0.2, WLAN AP)
(The 6390 will be kicked out once the "Routerzwang" will end, hopefully in June 2016 :) )
filter.log snapshot:
root@OPNsense:/tmp # grep hip filter.log | tail
Mar 24 16:23:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,246,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:25:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,247,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:27:31 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,248,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:29:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,249,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:31:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,250,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:33:31 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,251,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:35:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,252,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:37:31 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,253,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:39:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,254,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Mar 24 16:41:30 OPNsense filterlog: 3,16777216,,0,em0,match,block,in,4,0x0,,255,255,0,none,139,hip,72,0.0.0.0,255.255.255.255,datalength=52
Any help is appreciated!
Update:
It seems to be related to my Android phone. I was not at home for 2 hours and I don't see any packages during this time frame.
 "
"