Firewall is conecting to servers around the world?

Started by L. Cornelius Dol, July 26, 2019, 05:14:41 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 26, 2019, 05:14:41 AM
My test installation of OPNsense is connecting to 4 servers in various countries, USA (x2), Czechia, and Iran for reasons I can't identify. The IP addresses are 184.105.182.16, 89.221.210.188, 37.156.28.13, and 23.131.160.7 and connections are made about every 5 minutes. The installation is a vanilla install at this point, with nothing that ought to be polling for anything that I am aware of.

The only plugins I've installed are: acme-client (still disabled), maltrail, netdata, and ntopng.

Any ideas? I'm sure it's nothing, but I am mildly alarmed by this.

July 26, 2019, 06:05:13 AM #1
First step would be disable Plugins one by one. Maltrail e.g. updates trails via GitHub every now and then.
July 27, 2019, 10:16:13 AM #2
Could you share pcap to have look what's going on? Do you have any aliases defined with domain names that could resolve to these addresses?
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Print
Go Up Pages1
User actions